Commit 7f227fc3 authored by Maxime Bombar's avatar Maxime Bombar

Autorise l'ouverture de certains ports sur adm. Utile pour le certif LE de gitlab.adm.crans.org.

parent 27f787e6
......@@ -55,6 +55,7 @@ class iptables:
self.interfaces_settings = getattr(firewall_config, 'interfaces_type', None)
self.nat_settings = getattr(firewall_config, 'nat', None)
self.portail_settings = getattr(firewall_config, 'portail', None)
self.open_adm = getattr(firewall_config, 'open_adm', {})
def commit(self, chain):
self.add(chain, "COMMIT\n")
......@@ -331,6 +332,9 @@ class iptables:
self.init_filter(subtable, decision="-")
for interface in self.interfaces_settings['admin']:
self.jump_traficto("filter", interface, "FORWARD", subtable)
for item in self.open_adm:
server = self.open_adm.get(item)
self.add_in_subtable("filter", subtable, """-d {dst} -p {proto} -m multiport --dports {dports} -j RETURN""".format(dst=server['ip'], proto=server['proto'], dports=server['dports']))
self.add_in_subtable("filter", subtable, """-j REJECT""")
def captif_autorized_ip(self, subtable='FILTRE-IP-PORTAIL'):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment