[ipt,firewall6,firewall_new] Mise à jour du blocage des tracker torrent udp, les port 445 et 135 sont retirer du trigger VIRUS (mais toujours bloqués)

Ignore-this: ea68ea4670ec109a2575a243c2e89ca6 darcs-hash:20121209172425-3a55a-3fb45d35a11fc552e0c1e786d181334272913123.gz
2012-12-09 18:24:25 +01:00 · 2012-12-09 18:24:25 +01:00 · f8332851b4
commit f8332851b4
parent 8661234205
3 changed files with 37 additions and 16 deletions
--- a/gestion/gen_confs/firewall6.py
+++ b/gestion/gen_confs/firewall6.py
@ -132,9 +132,13 @@ def main_router():
    ip6tables.mangle.prerouting('-i %s -m state --state NEW -j LOG --log-prefix "LOG_ALL "' % dev_crans)
    ip6tables.mangle.prerouting('-i %s -m state --state NEW -j LOG --log-prefix "LOG_ALL "' %  dev_ip6 )
    
-    udp_torrent_tracker = {
-        'tracker.ccc.de':[['2001:67c:20a0:7::2',80]],
-        'tracker.istole.it':[['2a00:1a28:1151:6:230:48ff:fed4:ee8c',80]],
+    udp_torrent_tracker={
+        'tracker.openbittorrent.com':gethostbyname('tracker.openbittorrent.com')[1],
+        'tracker.ccc.de':gethostbyname('tracker.ccc.de')[1],
+        'tracker.istole.it':gethostbyname('tracker.istole.it')[1],
+        'tracker.publicbt.com':gethostbyname('tracker.publicbt.com')[1],
+        'tracker.1337x.org':gethostbyname('tracker.1337x.org')[1],
+        'fr33domtracker.h33t.com':gethostbyname('fr33domtracker.h33t.com')[1],
        }

    # Les blacklistes
@ -160,10 +164,10 @@ def main_router():
    ip6tables.filter.tracker_torrent('-j REJECT --reject-with icmp6-adm-prohibited')
    ip6tables.filter.forward('-p tcp -m string --algo kmp --string "GET /" -j TRACKER_TORRENT')
    ip6tables.filter.forward('-p tcp -m string --algo kmp --string "get /" -j TRACKER_TORRENT')
-    for tracker in udp_torrent_tracker.values():
-        for dest in tracker:
-            ip6tables.filter.forward('-p udp -d %s --dport %s -j LOG --log-level notice --log-prefix "TRACKER_TORRENT: "' % (dest[0],dest[1]))
-            ip6tables.filter.forward('-p udp -d %s --dport %s -j REJECT --reject-with icmp6-adm-prohibited' % (dest[0],dest[1]))
+    for tracker in udp_torrent_tracker.keys():
+        for dest in udp_torrent_tracker[tracker]:
+            ip6tables.filter.forward('-p udp -d %s -j LOG --log-level notice --log-prefix "TRACKER:%s "' % (dest,(tracker[:20]) if len(tracker) > 20 else tracker))
+            ip6tables.filter.forward('-p udp -d %s -j REJECT --reject-with icmp6-adm-prohibited' % dest)
    
    ip6tables.filter.forward('-m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT')