crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[ipt] s/DROP/REJECT/g

Browse source 
Ignore-this: 5ab86b3f358be17686c811d780535fe9

darcs-hash:20121004021342-3a55a-b160808e3a9cb56538d49cef8ed15afc2f81bc4f.gz
This commit is contained in:
Valentin Samir 2012-10-04 04:13:42 +02:00
parent 871cf91d7b
commit f069f4cb51
1 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
gestion/ipt.py
View file

@ -642,6 +642,7 @@ def write_rules(ipt):
dir(ipt.__getattribute__(itables))): dir(ipt.__getattribute__(itables))):
for rule in ipt.__getattribute__(itables).__getattribute__(ichain).items: for rule in ipt.__getattribute__(itables).__getattribute__(ichain).items:
output[itables] += '-A ' + ichain.upper() + ' ' + rule + '\n' output[itables] += '-A ' + ichain.upper() + ' ' + rule + '\n'
output['filter'] += '-A FORWARD -j REJECT\n'
# Ecriture dans le fichier # Ecriture dans le fichier
fout.writelines(output['filter']) fout.writelines(output['filter'])
@ -715,7 +716,7 @@ def mac_ip(ipt, machines, types_machines):
prefix[type_m][0])) prefix[type_m][0]))
ipt.filter.ieui64('-s fe80::/64 -m eui64 -j RETURN') ipt.filter.ieui64('-s fe80::/64 -m eui64 -j RETURN')
ipt.filter.ieui64('-j DROP') ipt.filter.ieui64('-j REJECT')
#ipt.filter.ieui64('-j REJECT') #ipt.filter.ieui64('-j REJECT')
def macips(ipt, machines, types_machines): def macips(ipt, machines, types_machines):
@ -727,7 +728,7 @@ def macips(ipt, machines, types_machines):
break break
for type_m in types_machines: for type_m in types_machines:
type_mm = re.sub('-', '', type_m) type_mm = re.sub('-', '', type_m)
getattr(ipt.filter,'mac' + type_mm)('-j DROP') getattr(ipt.filter,'mac' + type_mm)('-j REJECT')
#eval('ipt.filter.mac' + type_mm)('-j REJECT') #eval('ipt.filter.mac' + type_mm)('-j REJECT')
return 0 return 0
@ -742,11 +743,11 @@ def ingress_filtering(ipt):
prefix['subnet'][0])) prefix['subnet'][0]))
ipt.filter.ingress_filtering('-o %s -j LOG --log-prefix "BAD ROUTE "' % ipt.filter.ingress_filtering('-o %s -j LOG --log-prefix "BAD ROUTE "' %
dev_ext) dev_ext)
ipt.filter.ingress_filtering('-o %s -j DROP' % dev_ext) ipt.filter.ingress_filtering('-o %s -j REJECT' % dev_ext)
# de l'extérieur, on ne veut que des paquet ne provenant pas de notre # de l'extérieur, on ne veut que des paquet ne provenant pas de notre
# réseau à destination de notre réseau # réseau à destination de notre réseau
ipt.filter.ingress_filtering('-i %s ! -s %s -d %s -j RETURN' % ipt.filter.ingress_filtering('-i %s ! -s %s -d %s -j RETURN' %
(dev_ext, prefix['subnet'][0], prefix['subnet'][0])) (dev_ext, prefix['subnet'][0], prefix['subnet'][0]))
ipt.filter.ingress_filtering('-i %s -j LOG --log-prefix "BAD SRC "' % ipt.filter.ingress_filtering('-i %s -j LOG --log-prefix "BAD SRC "' %
dev_ext) dev_ext)
ipt.filter.ingress_filtering('-i %s -j DROP' % dev_ext) ipt.filter.ingress_filtering('-i %s -j REJECT' % dev_ext)