From f09b6f981d3dbdcfe7a3349611ea0bd0cdba4d16 Mon Sep 17 00:00:00 2001 From: Olivier Huber Date: Sun, 5 Apr 2009 15:44:41 +0200 Subject: [PATCH] [./gestion/gen_confs/firewall.py] Diverses corrections MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * correction d'une règle * On enlève un doublon * ip_conntrack_max a été déplacé lors de la migration vers lenny darcs-hash:20090405134441-8fbb1-c39d728d4b9984a256624efc387e487c24daf582.gz --- gestion/gen_confs/firewall.py | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/gestion/gen_confs/firewall.py b/gestion/gen_confs/firewall.py index 283a01cc..03dd1b2e 100644 --- a/gestion/gen_confs/firewall.py +++ b/gestion/gen_confs/firewall.py @@ -625,17 +625,9 @@ class firewall_komaz(firewall_crans) : # bande passante. # Classification des paquets à destination du ftp - iptables("-t mangle -A POSTROUTING -o %(eth_int)s --destination 136.231.136.10 --destination-port 21 " + iptables("-t mangle -A POSTROUTING -o %(eth_int)s -p tcp -d 136.231.136.10 --dport 21 " "-j CLASSIFY --set-class 1:9997" % locals()) - debit_ftp = 12000 - # Restriction - for interface in [self.eth_ext, self.eth_int]: - tc("class add dev %(interface)s parent 1:1 classid 1:9997 " - "htb rate %(debit_ftp)s ceil %(debit_ftp)s" % locals()) - tc("qdisc add dev %(interface)s parent 1:9997 " - "handle %(qdisc_id)d: sfq perturb 10" % locals()) - self.anim.reinit() print OK @@ -789,7 +781,7 @@ class firewall_komaz(firewall_crans) : self.anim = anim("\tMise en place du routage") warn = '' for cmd in [ 'echo 1 > /proc/sys/net/ipv4/ip_forward' , - 'echo 65536 > /proc/sys/net/ipv4/ip_conntrack_max' , + 'echo 65536 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max' , 'modprobe ip_conntrack_ftp' , 'modprobe ip_conntrack_irc' ] : status,output=getstatusoutput(cmd)