From f069f4cb5179010fdb324fba02a6d5ba19a008ec Mon Sep 17 00:00:00 2001
From: Valentin Samir <samir@crans.org>
Date: Thu, 4 Oct 2012 04:13:42 +0200
Subject: [PATCH] [ipt] s/DROP/REJECT/g

Ignore-this: 5ab86b3f358be17686c811d780535fe9

darcs-hash:20121004021342-3a55a-b160808e3a9cb56538d49cef8ed15afc2f81bc4f.gz
---
 gestion/ipt.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/gestion/ipt.py b/gestion/ipt.py
index 4a4e683e..2b145833 100755
--- a/gestion/ipt.py
+++ b/gestion/ipt.py
@@ -642,6 +642,7 @@ def write_rules(ipt):
                 dir(ipt.__getattribute__(itables))):
             for rule in ipt.__getattribute__(itables).__getattribute__(ichain).items:
                 output[itables] += '-A ' + ichain.upper() + ' ' + rule + '\n'
+    output['filter'] += '-A FORWARD -j REJECT\n'
 
     # Ecriture dans le fichier
     fout.writelines(output['filter'])
@@ -715,7 +716,7 @@ def mac_ip(ipt, machines, types_machines):
                 prefix[type_m][0]))
 
     ipt.filter.ieui64('-s fe80::/64 -m eui64 -j RETURN')
-    ipt.filter.ieui64('-j DROP')
+    ipt.filter.ieui64('-j REJECT')
     #ipt.filter.ieui64('-j REJECT')
 
 def macips(ipt, machines, types_machines):
@@ -727,7 +728,7 @@ def macips(ipt, machines, types_machines):
                 break
     for type_m in types_machines:
         type_mm = re.sub('-', '', type_m)
-        getattr(ipt.filter,'mac' + type_mm)('-j DROP')
+        getattr(ipt.filter,'mac' + type_mm)('-j REJECT')
         #eval('ipt.filter.mac' + type_mm)('-j REJECT')
     return 0
 
@@ -742,11 +743,11 @@ def ingress_filtering(ipt):
             prefix['subnet'][0]))
         ipt.filter.ingress_filtering('-o %s -j LOG --log-prefix "BAD ROUTE "' %
                 dev_ext)
-        ipt.filter.ingress_filtering('-o %s -j DROP' % dev_ext)
+        ipt.filter.ingress_filtering('-o %s -j REJECT' % dev_ext)
         # de l'extérieur, on ne veut que des paquet ne provenant pas de notre
         # réseau à destination de notre réseau
         ipt.filter.ingress_filtering('-i %s ! -s %s -d %s -j RETURN' %
                 (dev_ext, prefix['subnet'][0], prefix['subnet'][0]))
         ipt.filter.ingress_filtering('-i %s -j LOG --log-prefix "BAD SRC "' %
                 dev_ext)
-        ipt.filter.ingress_filtering('-i %s -j DROP' % dev_ext)
+        ipt.filter.ingress_filtering('-i %s -j REJECT' % dev_ext)