[firwall_new] Dans le dictionnaire des machines accessible depuis accueil, on stocke aussi le dns de la machine, on modifie firewall_new en conséquence.
This commit is contained in:
Valentin Samir
parent
9477bafd68
commit
fee4e88908
1 changed files with 12 additions and 10 deletions
|
|
@ -1585,9 +1585,10 @@ class firewall_routeur(firewall_crans):
|
||||||
iptables("-P FORWARD DROP")
|
iptables("-P FORWARD DROP")
|
||||||
for ip in accueil_route.keys():
|
for ip in accueil_route.keys():
|
||||||
for type in accueil_route[ip].keys():
|
for type in accueil_route[ip].keys():
|
||||||
for port in accueil_route[ip][type]:
|
if type in ['udp', 'tcp']:
|
||||||
iptables("-A FORWARD -p %s -d %s --dport %s -j ACCEPT" % (type,ip,port))
|
for port in accueil_route[ip][type]:
|
||||||
iptables("-A FORWARD -p %s -s %s --sport %s -j ACCEPT" % (type,ip,port))
|
iptables("-A FORWARD -p %s -d %s --dport %s -j ACCEPT" % (type,ip,port))
|
||||||
|
iptables("-A FORWARD -p %s -s %s --sport %s -j ACCEPT" % (type,ip,port))
|
||||||
|
|
||||||
def mangle_table(self):
|
def mangle_table(self):
|
||||||
iptables("-t mangle -F PREROUTING")
|
iptables("-t mangle -F PREROUTING")
|
||||||
|
|
@ -1597,13 +1598,14 @@ class firewall_routeur(firewall_crans):
|
||||||
#intranet et wiki pour le vlan accueil
|
#intranet et wiki pour le vlan accueil
|
||||||
for ip in accueil_route.keys():
|
for ip in accueil_route.keys():
|
||||||
for type in accueil_route[ip].keys():
|
for type in accueil_route[ip].keys():
|
||||||
for port in accueil_route[ip][type]:
|
if type in ['udp', 'tcp']:
|
||||||
iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_accueil ,type,ip,port))
|
for port in accueil_route[ip][type]:
|
||||||
iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_isolement ,type,ip,port))
|
iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_accueil ,type,ip,port))
|
||||||
iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_appart ,type,ip,port))
|
iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_isolement ,type,ip,port))
|
||||||
iptables("-t nat -A POSTROUTING -p %s -s %s -d %s --dport %s -j MASQUERADE" % (type,NETs['accueil'][0],ip,port))
|
iptables("-t nat -A PREROUTING -i %s -p %s -d %s --dport %s -j ACCEPT" % (self.eth_appart ,type,ip,port))
|
||||||
iptables("-t nat -A POSTROUTING -p %s -s %s -d %s --dport %s -j MASQUERADE" % (type,NETs['isolement'][0],ip,port))
|
iptables("-t nat -A POSTROUTING -p %s -s %s -d %s --dport %s -j MASQUERADE" % (type,NETs['accueil'][0],ip,port))
|
||||||
iptables("-t nat -A POSTROUTING -p %s -s %s -d %s --dport %s -j MASQUERADE" % (type,NETs['personnel-ens'][0],ip,port))
|
iptables("-t nat -A POSTROUTING -p %s -s %s -d %s --dport %s -j MASQUERADE" % (type,NETs['isolement'][0],ip,port))
|
||||||
|
iptables("-t nat -A POSTROUTING -p %s -s %s -d %s --dport %s -j MASQUERADE" % (type,NETs['personnel-ens'][0],ip,port))
|
||||||
|
|
||||||
# Proxy transparent pour les vlans isolement et accueil
|
# Proxy transparent pour les vlans isolement et accueil
|
||||||
i=1
|
i=1
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue