crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
scripts/gestion/gen_confs/firewall_bleu.py
segaud 3b387dc162 Typo dans firewall_crans et ajour du firewall de bleu 
il n'y a que le filtre MAC-IP pour l'instant.

darcs-hash:20050517150120-f163d-2d74fc818a1b1113ffb0a5c97a5d0ff1469829a0.gz
2005-05-17 17:01:20 +02:00

118 lines
3.4 KiB
Python
Executable file
Raw Blame History

#!/usr/bin/env python
# -*- coding: iso-8859-1 -*-
# The authors of this code are
# Manuel Sabban <manu@feyd-rautha.org>
# Frédéric Pauget <pauget@crans.ens-cachan.fr>
#
# Rewritten as an inherited class from firewallÃ_crans
# by Mathieu Segaud <matt@minas-morgul.org>
#
# Copyright (c) 2004 Manuel Sabban, Frédéric Pauget
# Copyright (c) 2005 Mathieu Segaud
#
# Permission to use, copy, and modify this software with or without fee
# is hereby granted, provided that this entire notice is included in
# all source code copies of any software which is or includes a copy or
# modification of this software.
#
# THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
# IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
# REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
# MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
# PURPOSE.
""" Firewall de Bleu """
import sys
sys.path.append('/usr/scripts/gestion')
import syslog
from firewall_crans import firewall_crans, IptablesError, iptables
from lock import *
from ldap_crans import crans_ldap, ann_scol, machine, crans, invite
from affich_tools import *
from commands import getstatusoutput
from iptools import AddrInNet
syslog.openlog('firewall')
class firewall_bleu(firewall_crans) :
"""
Structure du firewall :
table nat :
rien pour l'instant
table filter :
FORWARD (policy par defaut : DROP)
rien ne passe pas la chaine FORWARD
INPUT (policy par defaut : ACCEPT pour l'instant)
"""
# interfaces physiques
eth_pub = "eth0"
eth_adm = "eth0.2"
debug = 1
def nat_table_tweaks(self) :
self.anim = anim(' règles spécifiques à bleu')
iptables("-t nat -I PREROUTING 6 -d %s -j ACCEPT" % self.zone_serveur )
iptables("-t nat -I PREROUTING 7 -i %s -j ACCEPT" % self.eth_pub )
print OK
def filter_table_tweaks(self) :
self.anim = anim(' règles spécifiques à bleu')
iptables("-P INPUT ACCEPT")
iptables("-P FORWARD DROP")
print OK
def enable_route(self) :
return
def disable_route(self) :
return
def start_fw_funcs(self) :
self.exception_catcher(self.test_mac_ip)
def serveurs_maj_list_to_do(self) :
return
def adh_maj_list_to_do(self) :
return
def serveurs_maj(self) :
return
if __name__ == '__main__' :
# Chaines pouvant être recontruites
global chaines
chaines = [ 'reseaux_non_routables', 'test_mac_ip' ]
def __usage(txt=None) :
if txt!=None : cprint(txt,'gras')
print """Usage:
%(p)s start : Construction du firewall.
%(p)s restart : Reconstruction du firewall.
%(p)s stop : Arrêt du firewall.
%(p)s chaine <noms de chaines> : reconstruit les chaines
Les chaines pouvant être reconstruites sont :
%(chaines)s
Pour reconfiguration d'IPs particulières, utiliser generate. """ % \
{ 'p' : sys.argv[0].split('/')[-1] , 'chaines' : '\n '.join(chaines) }
sys.exit(-1)
# Bons arguments ?
if len(sys.argv) == 1 :
__usage()
for arg in sys.argv[1:] :
if arg in [ 'stop', 'restart', 'start' ] and len(sys.argv) != 2 :
__usage("L'argument %s ne peut être employé que seul." % arg)
if arg not in [ 'stop', 'restart', 'start' ] + chaines :
__usage("L'argument %s est inconnu." % arg)
fw = firewall_bleu()
for arg in sys.argv[1:] :
eval('fw.%s()' % arg)
Reference in a new issue View git blame Copy permalink