Commit e44c44f7 authored by Valentin Samir's avatar Valentin Samir
Browse files

[firewall4] Passage dans filtrage_ports uniquement en entrée et sortie du réseau crans

parent 9d4f8a2d
......@@ -552,7 +552,8 @@ class firewall_komaz(firewall_base_routeur):
self.add(table, chain, '-j %s' % self.connexion_appartement(table))
self.add(table, chain, '-j %s' % self.ingress_filtering(table))
self.add(table, chain, '-j %s' % self.limit_ssh_connexion(table))
self.add(table, chain, '-j %s' % self.filtrage_ports(table))
self.add(table, chain, '-i %s -j %s' % (dev['out'], self.filtrage_ports(table)))
self.add(table, chain, '-o %s -j %s' % (dev['out'], self.filtrage_ports(table)))
return
def nat_table(self):
......@@ -873,9 +874,6 @@ class firewall_komaz(firewall_base_routeur):
if config.firewall.ports_default[proto]['input']:
self.add(table, chain, '-p %s -d %s -m multiport --dports %s -j RETURN' % (proto, net, ','.join( format_port(port) for port in config.firewall.ports_default[proto]['input'])))
# TODO faire un truc plus propre (config.py ?) -- b2moo
# syslog et https
self.add(table, chain, '-p udp -s 138.231.148.0/24 -m multiport --dports 443,514 -j RETURN')
for machine in self.machines():
for ip in machine['ipHostNumber']:
if 'portTCPout' in machine.attrs.keys():
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment