[firewall.py] On ne route pas entre le vlan wifi et le vlan adm

darcs-hash:20110513203608-ddb99-445fc2f12b7d06869ab29ef9f3430ffab0e31e1d.gz
2011-05-13 22:36:08 +02:00 · 2011-05-13 22:36:08 +02:00 · fce0f4b932
commit fce0f4b932
parent 4c85c04014
1 changed files with 3 additions and 0 deletions
--- a/gestion/gen_confs/firewall.py
+++ b/gestion/gen_confs/firewall.py
@ -1334,6 +1334,7 @@ class firewall_gordon(firewall_crans) :

    # interfaces physiques
    eth_crans = "eth0"
+    eth_adm = "eth0.2"
    eth_wifi = "eth0.3"

    def nat_table(self) :
@ -1355,6 +1356,8 @@ class firewall_gordon(firewall_crans) :
        self.anim = anim('\tRègles spécifiques à gordon')
        iptables("-P INPUT ACCEPT")
        iptables("-P FORWARD ACCEPT")
+        iptables("-A FORWARD -i %s -o %s -j REJECT --reject-with icmp-host-prohibited" % (self.eth_wifi, self.eth_adm))
+        iptables("-A FORWARD -i %s -o %s -j REJECT --reject-with icmp-host-prohibited" % (self.eth_adm, self.eth_wifi))
        print OK

    def mangle_table(self):