rezometz
/
firewall
9
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity
Browse Source

La Rouuuleeeeteuuuh

lazouz/latoilescoute-snmp
Hugo Levy-Falk 4 years ago
committed by root
parent
9512cd35ac
commit
9a840b8554
4 changed files with 46 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      firewall.nft
  2. 2
      mac_ip.py
  3. 27
      roulette.nft
  4. 14
      roulette.py

4
firewall.nft
View File

@ -30,6 +30,7 @@ include "zones/admin.nft"
include "zones/dmz.nft" include "zones/dmz.nft"
include "zones/prerezotage.nft" include "zones/prerezotage.nft"
include "nat.nft" include "nat.nft"
include "roulette.nft"
# Table principale # Table principale
table inet firewall { table inet firewall {
@ -44,6 +45,9 @@ table inet firewall {
# Applique la politique globale # Applique la politique globale
jump global jump global
# La roulette pour les n1as
jump roulette
# Passage par le checkmac pour les concernés # Passage par le checkmac pour les concernés
# jump checkmac # jump checkmac

2
mac_ip.py
View File

@ -36,7 +36,7 @@ api_hostname = CONFIG.get('Re2o', 'hostname')
api_password = CONFIG.get('Re2o', 'password') api_password = CONFIG.get('Re2o', 'password')
api_username = CONFIG.get('Re2o', 'username') api_username = CONFIG.get('Re2o', 'username')
api_client = Re2oAPIClient(api_hostname, api_username, api_password, use_tls=False) api_client = Re2oAPIClient(api_hostname, api_username, api_password)
def gen_ip_mac_set(): def gen_ip_mac_set():

27
roulette.nft
View File

@ -0,0 +1,27 @@
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Copyright © 2018-2019 Hugo Levy-Falk <hugo@klafyvel.me>
# Gestion de la roulette
table inet firewall {
set ip_roulette {
type ipv4_addr
}
chain roulette {
ip saddr @ip_roulette ip daddr != 92.242.132.24 drop
ip daddr @ip_roulette ip saddr != 92.242.132.24 drop
}
}

14
roulette.py
View File

@ -0,0 +1,14 @@
#! /usr/bin/python3
import requests
from firewall import NetfilterSet
ips = requests.get('http://roulette.rez/banned_ip').text.split('\n')
content = [(i,) for i in ips if i] or None
s = NetfilterSet(
target_content=content,
type_=('IPv4',),
name='ip_roulette',
table_name='firewall'
)
s.manage()
Write Preview
Loading…
Cancel
Save