From f27a94b48c7dc4fb3846b9abd4218c19adae5f51 Mon Sep 17 00:00:00 2001 From: Valentin Samir Date: Sun, 8 Dec 2013 15:31:08 +0100 Subject: [PATCH] =?UTF-8?q?[firewall6]=20On=20ne=20laisse=20pas=20passer?= =?UTF-8?q?=20le=20/32=20de=20google=20pour=20voir=20si=20=C3=A7a=20impact?= =?UTF-8?q?e=20la=20charge=20du=20tunnel=20ipv6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- gestion/gen_confs/firewall6.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/gestion/gen_confs/firewall6.py b/gestion/gen_confs/firewall6.py index 69d010a8..0103f3c5 100755 --- a/gestion/gen_confs/firewall6.py +++ b/gestion/gen_confs/firewall6.py @@ -151,6 +151,9 @@ def main_router(): ip6tables.mangle.prerouting('-i %s -m state --state NEW -j LOG --log-prefix "LOG_ALL "' % dev_wifi) ip6tables.mangle.prerouting('-i %s -m state --state NEW -j LOG --log-prefix "LOG_ALL "' % dev_ip6 ) + # On force le /32 de google à passer en ipv4 pour tester si ça soulage le tunnel ipv6 + ip6tables.filter.forward('-o %s -p tcp -d 2a00:1450:4006::/32 -j REJECT' % dev_ip6) + # Ipv6 sur évènementiel, on ne laisse sortir que si ça vient de la mac d'ytrap-llatsni ip6tables.filter.forward('-o %s -d 2a01:240:fe3d:d2::/64 -j ACCEPT' % dev_crans) ip6tables.filter.forward('-o %s -m mac --mac-source 00:00:6c:69:69:01 -s 2a01:240:fe3d:d2::/64 -j ACCEPT' % dev_ip6)