Commit c433ec19 authored by Valentin Samir's avatar Valentin Samir
Browse files

[firewall4] Pettry_print pour le pare-feu de zamok et on autorise les nounoun à acceder à adm

parent ccdc2e23
......@@ -933,10 +933,7 @@ class firewall_zamok(firewall_base):
chain='ADMIN-VLAN'
if table == 'filter':
for user in adm_users:
try: self.add(table, chain, '-m owner --uid-owner %d -j ACCEPT' % pwd.getpwnam(user)[2])
except KeyError: print "Utilisateur %s inconnu" % user
pretty_print(table, chain)
# ldap et dns toujours joinable
self.add(table, chain, '-p tcp --dport ldap -j ACCEPT')
self.add(table, chain, '-p tcp --dport domain -j ACCEPT')
......@@ -945,8 +942,16 @@ class firewall_zamok(firewall_base):
# Pour le nfs (le paquet à laisser passer n'a pas d'owner)
self.add(table, chain, '-d daath.adm.crans.org -j ACCEPT')
for user in adm_users:
try: self.add(table, chain, '-m owner --uid-owner %d -j ACCEPT' % pwd.getpwnam(user)[2])
except KeyError: print "Utilisateur %s inconnu" % user
for nounou in conn.search("droits=%s" % lc_ldap.attributs.nounou):
self.add(table, chain, '-m owner --uid-owner %s -j RETURN' % nounou['uidNumber'][0])
# Rien d'autre ne passe
self.add(table, chain, '-j REJECT --reject-with icmp-net-prohibited')
print OK
if apply:
self.apply(table, chain)
......@@ -963,12 +968,14 @@ class firewall_zamok(firewall_base):
chain='BLACKLIST-OUTPUT'
if table == 'filter':
self.add(table, chain, '-d 127.0.0.1/8 -j ACCEPT')
pretty_print(table, chain)
self.add(table, chain, '-d 127.0.0.1/8 -j RETURN')
for net in NETs['all']:
self.add(table, chain, '-d %s -j ACCEPT' % net)
self.add(table, chain, '-d %s -j RETURN' % net)
for adh in self.blacklisted_adherents():
if 'uidNumber' in adh.attrs.keys():
self.add(table, chain, '-m owner --uid-owner %s -j REJECT' % adh['uidNumber'][0])
print OK
if apply:
self.apply(table, chain)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment