On separe les differents filtres et on loggue

darcs-hash:20050313142005-d1718-3659eb626055c57c37578682ca3224b668dc13cc.gz
2005-03-13 15:20:05 +01:00 · 2005-03-13 15:20:05 +01:00 · fd4c9bda5c
commit fd4c9bda5c
parent 2b1e681f35
1 changed files with 14 additions and 3 deletions
--- a/gestion/gen_confs/firewall_komaz.py
+++ b/gestion/gen_confs/firewall_komaz.py
@ -119,8 +119,17 @@ class firewall_komaz :
    ports_virus = { 'tcp' :  [ 135, 445 ] , 'udp' : [] }
    
    # Filtrage du peer to peer
-    filtres_p2p = [ '-p tcp -m ipp2p --ipp2p --bit --apple --soul --winmx' ,
-                    '-p tcp -m ipp2p --dc-data --kazaa-data --gnu-data' ]
+    filtres_p2p = [ ('bit', 'Bittorrent'),
+                    ('apple', 'AppleJuice'),
+                    ('soul', 'SoulSeek'),
+                    ('winmx', 'WinMX'),
+                    ('edk', 'eDonkey'),
+                    ('dc', 'DirectConnect'),
+                    ('dc-data', 'DirectConnect'),
+                    ('kazaa', 'KaZaa'),
+                    ('kazaa-data', 'Kazaa'),
+                    ('gnu', 'GNUtella'),
+                    ('gnu-data', 'GNUtella') ]
    ports_p2p = [ '412', '1214', '4662:4665' , '6346:6347', '6699', '6881:6889' ]
    
    machines = []
@ -467,7 +476,9 @@ class firewall_komaz :
            self.anim.cycle()

        for filtre in self.filtres_p2p :
-            iptables('-A FILTRE_P2P %s -j REJECT --reject-with icmp-admin-prohibited' % filtre)
+            iptables('-A FILTRE_P2P -p tcp -m ipp2p --%s -j LOG --log-prefix "%s "' % (filtre[0],
+                                                                                filtre[1]))
+            iptables('-A FILTRE_P2P -p tcp -m ipp2p --%s -j REJECT --reject-with icmp-admin-prohibited' % filtre[0]
            self.anim.cycle()
            
        self.anim.reinit()