aurore/aurore-firewall
11
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Filter addresses at the beginning of LOG

Browse source
This commit is contained in:
jeltz 2021-03-01 19:31:21 +01:00 committed by root
parent 9ca24da0d6
commit 1ad2cc334c
1 changed files with 10 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
main.py
View file

@ -56,6 +56,8 @@ class iptables:
self.nat_settings = getattr(firewall_config, 'nat', None) self.nat_settings = getattr(firewall_config, 'nat', None)
self.portail_settings = getattr(firewall_config, 'portail', None) self.portail_settings = getattr(firewall_config, 'portail', None)
self.accueils = getattr(firewall_config, 'accueils', []) self.accueils = getattr(firewall_config, 'accueils', [])
self.log_ignore_v4 = getattr(firewall_config, 'log_ignore_v4', [])
self.log_ignore_v6 = getattr(firewall_config, 'log_ignore_v6', [])
def commit(self, chain): def commit(self, chain):
self.add(chain, "COMMIT\n") self.add(chain, "COMMIT\n")
@ -505,6 +507,13 @@ class iptables:
"""Logage des packet sur les interfaces choisies""" """Logage des packet sur les interfaces choisies"""
self.init_mangle(subtable, decision="-") self.init_mangle(subtable, decision="-")
self.jump_all_trafic("mangle", "PREROUTING", subtable) self.jump_all_trafic("mangle", "PREROUTING", subtable)
for net in self.log_ignore_v4:
self.add_in_subtable("mangle4", subtable, f'-s {net} -j RETURN')
for net in self.log_ignore_v6:
self.add_in_subtable("mangle6", subtable, f'-s {net} -j RETURN')
self.add_in_subtable("mangle", subtable, '-m state --state NEW -j LOG --log-prefix "LOG_ALL "') self.add_in_subtable("mangle", subtable, '-m state --state NEW -j LOG --log-prefix "LOG_ALL "')
def mss(self, subtable='MSS'): def mss(self, subtable='MSS'):