From fee4e889089c1cc8a6cfca86423c756807e1a59a Mon Sep 17 00:00:00 2001
From: Valentin Samir <valentin.samir@crans.org>
Date: Sat, 9 Feb 2013 17:43:46 +0100
Subject: [PATCH] =?UTF-8?q?[firwall=5Fnew]=20Dans=20le=20dictionnaire=20de?=
 =?UTF-8?q?s=20machines=20accessible=20depuis=20accueil,=20on=20stocke=20a?=
 =?UTF-8?q?ussi=20le=20dns=20de=20la=20machine,=20on=20modifie=20firewall?=
 =?UTF-8?q?=5Fnew=20en=20cons=C3=A9quence.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 gestion/gen_confs/firewall_new.py | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/gestion/gen_confs/firewall_new.py b/gestion/gen_confs/firewall_new.py
index 1a6c1cd6..303842ee 100755
--- a/gestion/gen_confs/firewall_new.py
+++ b/gestion/gen_confs/firewall_new.py
@@ -1585,9 +1585,10 @@ class firewall_routeur(firewall_crans):
         iptables("-P FORWARD DROP")
         for ip in accueil_route.keys():
             for type in accueil_route[ip].keys():
-                for port in accueil_route[ip][type]:
-                    iptables("-A FORWARD -p %s -d %s --dport %s -j ACCEPT" % (type,ip,port))
-                    iptables("-A FORWARD -p %s -s %s --sport %s -j ACCEPT" % (type,ip,port))
+                if type in ['udp', 'tcp']:
+                    for port in accueil_route[ip][type]:
+                        iptables("-A FORWARD -p %s -d %s --dport %s -j ACCEPT" % (type,ip,port))
+                        iptables("-A FORWARD -p %s -s %s --sport %s -j ACCEPT" % (type,ip,port))
 
     def mangle_table(self):
         iptables("-t mangle -F PREROUTING")
@@ -1597,13 +1598,14 @@ class firewall_routeur(firewall_crans):
         #intranet et wiki pour le vlan accueil
         for ip in accueil_route.keys():
             for type in accueil_route[ip].keys():
-                for port in accueil_route[ip][type]:
-                    iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_accueil ,type,ip,port))
-                    iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_isolement ,type,ip,port))
-                    iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_appart ,type,ip,port))
-                    iptables("-t nat -A POSTROUTING -p %s -s %s -d %s --dport %s -j MASQUERADE" % (type,NETs['accueil'][0],ip,port))
-                    iptables("-t nat -A POSTROUTING -p %s -s %s -d %s --dport %s -j MASQUERADE" % (type,NETs['isolement'][0],ip,port))
-                    iptables("-t nat -A POSTROUTING -p %s -s %s -d %s --dport %s -j MASQUERADE" % (type,NETs['personnel-ens'][0],ip,port))
+                if type in ['udp', 'tcp']:
+                    for port in accueil_route[ip][type]:
+                        iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_accueil ,type,ip,port))
+                        iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_isolement ,type,ip,port))
+                        iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_appart ,type,ip,port))
+                        iptables("-t nat -A POSTROUTING -p %s -s %s -d %s --dport %s -j MASQUERADE" % (type,NETs['accueil'][0],ip,port))
+                        iptables("-t nat -A POSTROUTING -p %s -s %s -d %s --dport %s -j MASQUERADE" % (type,NETs['isolement'][0],ip,port))
+                        iptables("-t nat -A POSTROUTING -p %s -s %s -d %s --dport %s -j MASQUERADE" % (type,NETs['personnel-ens'][0],ip,port))
 
         # Proxy transparent pour les vlans isolement et accueil
         i=1