Commit 4b3f9afc authored by Gabriel Detraz's avatar Gabriel Detraz Committed by root
Browse files

Crée un role routeur v6 et v4

parent d71a32b3
......@@ -187,6 +187,35 @@ class iptables:
print("Nat : priv" + nat_to_do['name'])
self.nat_prive_ip(nat_to_do)
def routeur(self, table):
"""Methode appellée spécifiquement pour le parefeu v4/v6"""
if table == "filter":
self.base_filter()
if self.verbose:
print("Filter : filtrage ports 4")
self.filtrage_ports(ip_type='4')
if self.verbose:
print("Filter : filtage ports v6")
self.filtrage_ports(ip_type='6')
if self.verbose:
print("Filter : limit ssh connexion forward")
self.limit_ssh_connexion_forward()
if self.verbose:
print("Filter : limit connexion src ip")
self.limit_connexion_srcip()
elif table == "mangle":
if self.verbose:
print("Mangle : Mise en place des logs")
self.log()
if self.verbose:
print("Mangle : Réglage correct du MSS")
self.mss()
elif table == "nat":
for nat_to_do in self.nat_settings:
if self.verbose:
print("Nat : priv" + nat_to_do['name'])
self.nat_prive_ip(nat_to_do)
def portail(self, table):
if table == "filter":
self.base_filter()
......@@ -254,7 +283,7 @@ class iptables:
else:
chain = "filter6"
self.init_filter(subtable, decision="-")
self.init_filter(subtable, decision="-", mode=ip_type)
for interface in self.interfaces_settings['sortie']:
self.jump_traficto("filter", interface, "FORWARD", subtable, mode=ip_type)
self.jump_traficfrom("filter", interface, "FORWARD", subtable, mode=ip_type)
......@@ -264,6 +293,8 @@ class iptables:
if ip_type == '4':
self.add_in_subtable(chain, subtable, """-m iprange --%s-range %s-%s -p %s -m multiport --dports %s -j RETURN""" % (direction, subnet["domaine_ip_start"], subnet["domaine_ip_stop"], protocol, ports))
if ip_type == '6':
if "None" in subnet["complete_prefixv6"]:
return
self.add_in_subtable(chain, subtable, """-%s %s -p %s -m multiport --dports %s -j RETURN""" % (direction[0], subnet["complete_prefixv6"], protocol, ports))
#Ajout des règles générales
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment