crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Le code de la mac ip est dans la classe firewall_crans.

Browse source 
plus de factorisation, pour viter les choses trop bancales...
les specificites de chaque machine sont a mettre dans les methodes
nat_table_tweaks et filter_table_tweaks.
TODO: mettre le code de la blacklist dans firewall_crans

darcs-hash:20050517091519-f163d-44fcc1bb361adc2745bd3bea0c7cec4b25261943.gz
This commit is contained in:
segaud 2005-05-17 11:15:19 +02:00
parent 82062f5ff2
commit ef2c02a99a
1 changed files with 20 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

24
gestion/gen_confs/firewall_crans.py
View file

@ -135,10 +135,26 @@ class firewall_crans :
remove_lock('firewall')
def nat_table(self) :
print 'bla'
self.anim = anim(' Structure de la table nat')
for chaine in [ 'TEST_MAC-IP', 'RESEAUX_NON_ROUTABLES_SRC', 'RESEAUX_NON_ROUTABLES_DST' ] :
iptables('-t nat -N %s' % chaine)
iptables("-t nat -P PREROUTING -j ACCEPT")
iptables("-t nat -A PREROUTING -i lo -j ACCEPT")
iptables("-t nat -A PREROUTING -d 224.0.0.0/4 -j DROP")
iptables("-t nat -A PREROUTING -j RESEAUX_NON_ROUTABLES_DST")
iptables("-t nat -A PREROUTING -j RESEAUX_NON_ROUTABLES_SRC")
iptables("-t nat -A PREROUTING -j TEST_MAC-IP")
iptables("-t nat -P PREROUTING DROP")
print OK
def nat_table_tweaks(self) :
return
def filter_table(self) :
self.anim = anim(' Structure de la table filter')
print OK
def filter_table_tweaks(self) :
return
def start_fw_funcs(self) :
@ -177,10 +193,10 @@ class firewall_crans :
cprint(" -> fin de la procédure de démarrage",'vert')
def __start(self) :
self.anim = anim(' Structure de la table nat')
self.nat_table()
self.anim = anim(' Structure de la table filter')
self.nat_table_tweaks()
self.filter_table()
self.filter_table_tweaks
def reseaux_non_routables(self) :
""" Construction de RESEAUX_NON_ROUTABLES_{DST,SRC} """