Bugs + lgre factorisation.
darcs-hash:20041128162035-41617-9b54e2d05d54a39c1273c013558a94c95d8f8b4d.gz
This commit is contained in:
pauget
parent
3a63182238
commit
e59d649335
1 changed files with 37 additions and 37 deletions
|
|
@ -111,10 +111,10 @@ class firewall:
|
|||
zone_serveur="138.231.136.0/28"
|
||||
eth_ext = "eth2"
|
||||
# Ports ouverts
|
||||
ports_default = { 'tcp_input' : [ '22' ],
|
||||
'tcp_output': [ ':79', '81:134', '136', '140:444', '446:'],
|
||||
'udp_input' : [ ],
|
||||
'udp_output': [ ':136','140:'] }
|
||||
ports_default = { 'tcp_EXT_VERS_CRANS' : [ '22' ],
|
||||
'tcp_CRANS_VERS_EXT': [ ':79', '81:134', '136', '140:444', '446:'],
|
||||
'udp_EXT_VERS_CRANS' : [ ],
|
||||
'udp_CRANS_VERS_EXT': [ ':136','140:'] }
|
||||
|
||||
mac_wifi = '00:0c:f1:fa:f1:4b'
|
||||
|
||||
|
|
@ -183,6 +183,7 @@ class firewall:
|
|||
iptables('-N %s' % chaine)
|
||||
|
||||
iptables("-A FORWARD -i lo -j ACCEPT")
|
||||
iptables("-A FORWARD -p icmp -j ACCEPT")
|
||||
iptables("-A FORWARD -i %s -j BLACKLIST_DST" % self.eth_ext )
|
||||
iptables("-A FORWARD -o %s -j BLACKLIST_SRC" % self.eth_ext )
|
||||
iptables("-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT")
|
||||
|
|
@ -303,35 +304,34 @@ class firewall:
|
|||
|
||||
def serveurs_vers_ext(self) :
|
||||
""" Reconstruit la chaine SERVEURS_VERS_EXT """
|
||||
self.__build_chaine('SERVEURS_VERS_EXT', self.__serveurs_vers_ext)
|
||||
if self.__build_chaine('SERVEURS_VERS_EXT', self.__serveurs_vers_ext) :
|
||||
self.anim.reinit()
|
||||
print OK
|
||||
|
||||
def ext_vers_serveurs(self) :
|
||||
""" Reconstruit la chaine EXT_VERS_SERVEURS """
|
||||
self.__build_chaine('EXT_VERS_SERVEURS', self.__ext_vers_serveurs)
|
||||
|
||||
if self.__build_chaine('EXT_VERS_SERVEURS', self.__ext_vers_serveurs) :
|
||||
self.anim.reinit()
|
||||
print OK
|
||||
|
||||
def crans_vers_ext(self) :
|
||||
""" Reconstruit la chaine CRANS_VERS_EXT """
|
||||
self.__build_chaine('CRANS_VERS_EXT', self.__crans_vers_ext)
|
||||
# Défauts
|
||||
self.anim.reinit()
|
||||
for proto in [ 'tcp' , 'udp' ] :
|
||||
for port in self.ports_default["%s_input" % proto ] :
|
||||
self.anim.cycle()
|
||||
iptables("-A CRANS_VERS_EXT -p %s --dport %s -j ACCEPT" % (proto,port) )
|
||||
self.anim.reinit()
|
||||
print OK
|
||||
self.__build_chaine_adherent('CRANS_VERS_EXT',self.__crans_vers_ext)
|
||||
|
||||
def ext_vers_crans(self) :
|
||||
""" Reconstruit la chaine EXT_VERS_CRANS """
|
||||
self.__build_chaine('EXT_VERS_CRANS', self.__ext_vers_crans)
|
||||
# Défauts
|
||||
self.anim.reinit()
|
||||
for proto in [ 'tcp' , 'udp' ] :
|
||||
for port in self.ports_default["%s_output" % proto ] :
|
||||
self.anim.cycle()
|
||||
iptables("-A EXT_VERS_CRANS -p %s --dport %s -j ACCEPT" % (proto,port) )
|
||||
self.anim.reinit()
|
||||
print OK
|
||||
self.__build_chaine_adherent('EXT_VERS_CRANS',self.__ext_vers_crans)
|
||||
|
||||
def __build_chaine_adherent(self,chaine,methode):
|
||||
if self.__build_chaine(chaine, methode) :
|
||||
# Défauts
|
||||
self.anim.reinit()
|
||||
for proto in [ 'tcp' , 'udp' ] :
|
||||
for port in self.ports_default["%s_%s" % ( proto, chaine) ] :
|
||||
self.anim.cycle()
|
||||
iptables("-I %s -p %s --dport %s -j ACCEPT" % (chaine, proto,port) )
|
||||
self.anim.reinit()
|
||||
print OK
|
||||
|
||||
def __build_chaine(self,chaine, methode) :
|
||||
self.anim = anim(' Construction de la chaîne %s' % chaine,len(self.__machines())+1)
|
||||
|
|
@ -343,7 +343,7 @@ class firewall:
|
|||
self.anim.cycle()
|
||||
iptables("-A %s -j REJECT" % chaine)
|
||||
self.anim.reinit()
|
||||
print OK
|
||||
return 1
|
||||
except IptablesError, c :
|
||||
self.anim.reinit()
|
||||
print ERREUR
|
||||
|
|
@ -364,17 +364,17 @@ class firewall:
|
|||
|
||||
def __serveurs_vers_ext(self,machine):
|
||||
ip=machine.ip()
|
||||
if not AddrInNet(ip,self.zone_serveur):
|
||||
# C'est une machine adhérent, rien à faire ici
|
||||
return
|
||||
|
||||
mac = machine.mac()
|
||||
ports = { 'tcp' : machine.portTCPin(),
|
||||
'udp' : machine.portUDPin() }
|
||||
|
||||
if not AddrInNet(ip,self.zone_serveur):
|
||||
# C'est une machine adhérent, rien à faire ici
|
||||
return
|
||||
|
||||
for proto in [ 'tcp', 'udp' ] :
|
||||
for port in ports[proto].split() :
|
||||
iptables("-I CRANS_VERS_EXT -s %s -p %s --dport %s -m mac --mac-source %s -j ACCEPT" \
|
||||
iptables("-I SERVEURS_VERS_EXT -s %s -p %s --dport %s -m mac --mac-source %s -j ACCEPT" \
|
||||
%(ip,proto,port,mac))
|
||||
|
||||
def __ext_vers_serveurs(self,machine):
|
||||
|
|
@ -388,7 +388,7 @@ class firewall:
|
|||
|
||||
for proto in [ 'tcp', 'udp' ] :
|
||||
for port in ports[proto].split() :
|
||||
iptables("-I EXT_VERS_SERVEURS -s %s -p %s --dport %s -j ACCEPT"\
|
||||
iptables("-I EXT_VERS_SERVEURS -d %s -p %s --dport %s -j ACCEPT"\
|
||||
%(ip,proto,port))
|
||||
|
||||
def __crans_vers_ext(self,machine):
|
||||
|
|
@ -397,9 +397,9 @@ class firewall:
|
|||
# C'est un serveur, rien à faire ici
|
||||
return
|
||||
|
||||
ports = { 'tcp' : machine.portTCPin(),
|
||||
'udp' : machine.portUDPin() }
|
||||
|
||||
ports = { 'tcp' : machine.portTCPout(),
|
||||
'udp' : machine.portUDPout() }
|
||||
|
||||
for proto in [ 'tcp', 'udp' ] :
|
||||
for port in ports[proto].split() :
|
||||
iptables("-I CRANS_VERS_EXT -s %s -p %s --dport %s -j ACCEPT" \
|
||||
|
|
@ -411,8 +411,8 @@ class firewall:
|
|||
# C'est un serveur, rien à faire ici
|
||||
return
|
||||
|
||||
ports = { 'tcp' : machine.portTCPout(),
|
||||
'udp' : machine.portUDPout() }
|
||||
ports = { 'tcp' : machine.portTCPin(),
|
||||
'udp' : machine.portUDPin() }
|
||||
|
||||
for proto in [ 'tcp', 'udp' ] :
|
||||
for port in ports[proto].split() :
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue