From fce0f4b9321ffb1e8b1f786ccdcb408f9c1f7f15 Mon Sep 17 00:00:00 2001
From: Michel Blockelet <Michel.Blockelet@crans.org>
Date: Fri, 13 May 2011 22:36:08 +0200
Subject: [PATCH] [firewall.py] On ne route pas entre le vlan wifi et le vlan
 adm

darcs-hash:20110513203608-ddb99-445fc2f12b7d06869ab29ef9f3430ffab0e31e1d.gz
---
 gestion/gen_confs/firewall.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gestion/gen_confs/firewall.py b/gestion/gen_confs/firewall.py
index 4c81f5eb..5fa914db 100644
--- a/gestion/gen_confs/firewall.py
+++ b/gestion/gen_confs/firewall.py
@@ -1334,6 +1334,7 @@ class firewall_gordon(firewall_crans) :
 
     # interfaces physiques
     eth_crans = "eth0"
+    eth_adm = "eth0.2"
     eth_wifi = "eth0.3"
 
     def nat_table(self) :
@@ -1355,6 +1356,8 @@ class firewall_gordon(firewall_crans) :
         self.anim = anim('\tRègles spécifiques à gordon')
         iptables("-P INPUT ACCEPT")
         iptables("-P FORWARD ACCEPT")
+        iptables("-A FORWARD -i %s -o %s -j REJECT --reject-with icmp-host-prohibited" % (self.eth_wifi, self.eth_adm))
+        iptables("-A FORWARD -i %s -o %s -j REJECT --reject-with icmp-host-prohibited" % (self.eth_adm, self.eth_wifi))
         print OK
 
     def mangle_table(self):