|
|
|
|
@ -373,6 +373,11 @@ class iptables:
|
|
|
|
|
self.add_in_subtable("filter4", subtable, """-p %s -d %s -m multiport --dports %s -j ACCEPT""" % (protocol, ip, ','.join(ports)))
|
|
|
|
|
self.add_in_subtable("filter4", subtable, """-j REJECT""")
|
|
|
|
|
|
|
|
|
|
def ip_redirect(self, subtable, ip_redirect):
|
|
|
|
|
for ip_range, destination in ip_redirect.items():
|
|
|
|
|
for protocol, ip in destination.items():
|
|
|
|
|
for ip_dest, ports in ip.items():
|
|
|
|
|
self.add_in_subtable("nat4", subtable, """-p %s -s %s -m multiport --dports %s -j DNAT --to %s""" % (protocol, ip_range, ','.join(ports), ip_dest))
|
|
|
|
|
|
|
|
|
|
def capture_connection_portail(self, subtable="PORTAIL-CAPTIF-REDIRECT"):
|
|
|
|
|
"""Redirige les connexions 80 et 443 vers l'ip cible"""
|
|
|
|
|
@ -383,10 +388,7 @@ class iptables:
|
|
|
|
|
for protocol in self.portail_settings['authorized_hosts']:
|
|
|
|
|
for ip, ports in self.portail_settings['authorized_hosts'][protocol].items():
|
|
|
|
|
self.add_in_subtable("nat4", subtable, """-p %s -d %s -m multiport --dports %s -j RETURN""" % (protocol, ip, ','.join(ports)))
|
|
|
|
|
for ip_range, destination in self.portail_settings['ip_redirect'].items():
|
|
|
|
|
for protocol, ip in destination.items():
|
|
|
|
|
for ip_dest, ports in ip.items():
|
|
|
|
|
self.add_in_subtable("nat4", subtable, """-p %s -s %s -m multiport --dports %s -j DNAT --to %s""" % (protocol, ip_range, ','.join(ports), ip_dest))
|
|
|
|
|
self.ip_redirect(subtable, self.portail_settings['ip_redirect'])
|
|
|
|
|
|
|
|
|
|
def nat_connection_portail(self, subtable="PORTAIL-CAPTIF-NAT"):
|
|
|
|
|
"""Nat les connexions derrière l'ip de la machine du portail"""
|
|
|
|
|
|
root