diff --git a/.gitmodules b/.gitmodules
index 361b0a1..94389b4 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,3 @@
 [submodule "re2oapi"]
 	path = re2oapi
-	url = https://gitlab.federez.net/re2o/re2oapi.git
+	url = https://gitlab.crans.org/nounous/re2o-re2oapi.git
diff --git a/main.py b/main.py
index 0d145a6..fc004be 100755
--- a/main.py
+++ b/main.py
@@ -15,19 +15,23 @@ import argparse
 
 import firewall_config
 
+import sys
+import os
+
+path =(os.path.dirname(os.path.abspath(__file__)))
+
 config = ConfigParser()
-config.read('config.ini')
+config.read(path+'/config.ini')
 
 api_hostname = config.get('Re2o', 'hostname')
 api_password = config.get('Re2o', 'password')
 api_username = config.get('Re2o', 'username')
 
-api_client = Re2oAPIClient(api_hostname, api_username, api_password)
+api_client = Re2oAPIClient(api_hostname, api_username, api_password, use_tls=False)
 
 client_hostname = socket.gethostname().split('.', 1)[0]
 
 
-
 class iptables:
     def __init__(self):
         self.nat4 = "\n*nat"
@@ -44,6 +48,7 @@ class iptables:
         self.role = getattr(firewall_config, 'role', None)
         self.interfaces_settings = getattr(firewall_config, 'interfaces_type', None)
         self.nat_settings = getattr(firewall_config, 'nat', None)
+        self.portail_settings = getattr(firewall_config, 'portail', None)
 
     def commit(self, chain):
         self.add(chain, "COMMIT\n")
@@ -329,29 +334,25 @@ class iptables:
         self.init_filter(subtable, decision="-")
         self.jump_all_trafic("filter", "FORWARD", subtable, mode='4')
 
-        for ip in self.config.accueil_route.keys():
-            if 'tcp' in self.config.accueil_route[ip]:
-                self.add_in_subtable("filter4", subtable, """-p tcp -d %s -m multiport --dports %s -j ACCEPT""" % (ip, ','.join(self.config.accueil_route[ip]['tcp'])))
-            if 'udp' in self.config.accueil_route[ip]:
-                self.add_in_subtable("filter4", subtable, """-p udp -d %s -m multiport --dports %s -j ACCEPT""" % (ip, ','.join(self.config.accueil_route[ip]['udp'])))
+        for protocol in self.portail_settings['autorized_hosts']:
+            for ip, ports in self.portail_settings['autorized_hosts'][protocol].items():
+                self.add_in_subtable("filter4", subtable, """-p %s -d %s -m multiport --dports %s -j ACCEPT""" % (protocol, ip, ','.join(ports)))
         self.add_in_subtable("filter4", subtable, """-j REJECT""")
 
 
     def capture_connexion_portail(self, subtable="PORTAIL-CAPTIF-REDIRECT"):
-        """Nat les connexions derrière l'ip de la machine du portail"""
+        """Redirige les connexion 80 et 443 vers l'ip cible"""
         self.init_nat(subtable, decision="-")
         for interface in self.interfaces_settings['routable']:
             self.jump_traficfrom("nat", interface, "PREROUTING", subtable, mode='4')
 
-        for ip in self.config.accueil_route.keys():
-            if 'tcp' in self.config.accueil_route[ip]:
-                self.add_in_subtable("nat4", subtable, """-p tcp -d %s -m multiport --dports %s -j RETURN""" % (ip, ','.join(self.config.accueil_route[ip]['tcp'])))
-            if 'udp' in self.config.accueil_route[ip]:
-                self.add_in_subtable("nat4", subtable, """-p udp -d %s -m multiport --dports %s -j RETURN""" % (ip, ','.join(self.config.accueil_route[ip]['udp'])))
-        self.add_in_subtable("nat4", subtable, """-p udp -s %(ip)s/16 --dport 53 -j DNAT --to %(ip)s""" % {'ip' :self.config_firewall.portail['accueil']})
-        self.add_in_subtable("nat4", subtable, """-p tcp -s %(ip)s/16 --dport 53 -j DNAT --to %(ip)s""" % {'ip' : self.config_firewall.portail['accueil']})
-        self.add_in_subtable("nat4", subtable, """-p tcp -s %(ip)s/16 --dport 80 -j DNAT --to %(ip)s""" % {'ip' : self.config_firewall.portail['accueil']})
-        self.add_in_subtable("nat4", subtable, """-p tcp -s %(ip)s/16 --dport 80 -j DNAT --to %(ip)s""" % {'ip' : self.config_firewall.portail['isolement']})
+        for protocol in self.portail_settings['autorized_hosts']:
+            for ip, ports in self.portail_settings['autorized_hosts'][protocol].items():
+                self.add_in_subtable("nat4", subtable, """-p %s -d %s -m multiport --dports %s -j RETURN""" % (protocol, ip, ','.join(ports)))
+        for ip_range, destination in self.portail_settings['ip_redirect'].items():
+            for protocol, ip in destination.items():
+                for ip_dest, ports in ip.items():
+                    self.add_in_subtable("nat4", subtable, """-p %s -s %s -m multiport --dports %s -j DNAT --to %s""" % (protocol, ip_range, ','.join(ports), ip_dest))
 
     def nat_connexion_portail(self, subtable="PORTAIL-CAPTIF-NAT"):
         """Nat les connexions derrière l'ip de la machine du portail"""
@@ -359,11 +360,9 @@ class iptables:
         for interface in self.interfaces_settings['sortie']:
             self.jump_traficto("nat", interface, "POSTROUTING", subtable, mode='4')
 
-        for ip in self.config.accueil_route.keys():
-            if 'tcp' in self.config.accueil_route[ip]:
-                self.add_in_subtable("nat4", subtable, """-p tcp -d %s -m multiport --dports %s -j MASQUERADE""" % (ip, ','.join(self.config.accueil_route[ip]['tcp'])))
-            if 'udp' in self.config.accueil_route[ip]:
-                self.add_in_subtable("nat4", subtable, """-p udp -d %s -m multiport --dports %s -j MASQUERADE""" % (ip, ','.join(self.config.accueil_route[ip]['udp'])))
+        for protocol in self.portail_settings['autorized_hosts']:
+            for ip, ports in self.portail_settings['autorized_hosts'][protocol].items():
+                self.add_in_subtable("nat4", subtable, """-p %s -d %s -m multiport --dports %s -j MASQUERADE""" % (protocol, ip, ','.join(ports)))
 
     def accept_established(self, subtable='ESTABLISHED-CONN'):
         """Accepte les connexions déjà établies"""
@@ -619,13 +618,7 @@ class iptables:
         """Retire la mac de la blacklist"""
         self.atomic_del("filter", subtable, """-m mac --mac-source %s -j REJECT""" % mac, mode=mode)
 
-
-if __name__ == '__main__':
-    parser = argparse.ArgumentParser()
-    parser.add_argument("-v", "--verbose", help="increase output verbosity", action="store_true")
-    parser.add_argument("-e", "--export", help="export le contenu du parefeu", action="store_true")
-    parser.add_argument("action", help="Mode reconnus : start, stop ou restart")
-    args = parser.parse_args()
+def run(args):
     table = iptables()
     if args.verbose:
         table.verbose = True
@@ -634,4 +627,21 @@ if __name__ == '__main__':
     table.do_action()
 
 
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    parser.add_argument("-v", "--verbose", help="increase output verbosity", action="store_true")
+    parser.add_argument("-e", "--export", help="export le contenu du parefeu", action="store_true")
+    parser.add_argument("action", help="Mode reconnus : start, stop ou restart", default="restart", nargs="?")
+    parser.add_argument("--force", help="Force l'action", action="store_true")
+    args = parser.parse_args()
+
+    if args.force:
+        run(args)
+
+    for service in api_client.list("services/regen/"):
+        if service['hostname'] == client_hostname and \
+            service['service_name'] == 'firewall' and \
+            service['need_regen']:
+            run(args)
+            api_client.patch(service['api_url'], data={'need_regen': False})