firewall: remove old code (hard-wired rules, ssh)

3585f29a · Bach Dániel · eefc2151 · 3585f29a
Commit 3585f29a authored Sep 30, 2013 by Bach Dániel
Show whitespace changes
Inline Side-by-side

Showing with 0 additions and 28 deletions

circle/firewall/fw.py
+0 -28

No files found.
--- a/circle/firewall/fw.py
+++ b/circle/firewall/fw.py
@@ -156,10 +156,6 @@ class Firewall:
                      '-j ACCEPT')

    def postrun(self):
-        self.iptables('-A PUB_OUT -s 152.66.243.160/27 -p tcp --dport 25 '
-                      '-j LOG_ACC')
-        self.iptables('-A PUB_OUT -s 152.66.243.160/27 -p tcp --dport 445 '
-                      '-j LOG_ACC')
        self.iptables('-A PUB_OUT -p tcp --dport 25 -j LOG_DROP')
        self.iptables('-A PUB_OUT -p tcp --dport 445 -j LOG_DROP')
        self.iptables('-A PUB_OUT -p udp --dport 445 -j LOG_DROP')
@@ -206,15 +202,6 @@ class Firewall:
                                     (str(s_vlan.network4), d_vlan.interface,
                                      s_vlan.snat_ip))

-        # hard-wired rules
-        self.iptablesnat('-A POSTROUTING -s 10.5.0.0/16 -o vlan0003 -j SNAT '
-                         '--to-source 10.3.255.254')  # man elerheto legyen
-        self.iptablesnat('-A POSTROUTING -o vlan0008 -j SNAT '
-                         '--to-source 10.0.0.247')  # wolf network for printing
-        self.iptablesnat('-A POSTROUTING -s 10.3.0.0/16 -p udp --dport 53 '
-                         '-o vlan0002 -j SNAT ''--to-source %s' %
-                         self.pub.ipv4)  # kulonben nem megy a dns man-ban
-
        self.iptablesnat('COMMIT')

    def ipt_filter(self):
@@ -274,21 +261,6 @@ class Firewall:
        if not self.IPV6:
            self.ipt_nat()

-    def reload(self):
-        if self.IPV6:
-            process = subprocess.Popen(['/usr/bin/ssh', 'fw2',
-                                        '/usr/bin/sudo',
-                                        '/sbin/ip6tables-restore', '-c'],
-                                       shell=False, stdin=subprocess.PIPE)
-            process.communicate('\n'.join(self.RULES) + '\n')
-        else:
-            process = subprocess.Popen(['/usr/bin/ssh', 'fw2',
-                                        '/usr/bin/sudo',
-                                        '/sbin/iptables-restore', '-c'],
-                                       shell=False, stdin=subprocess.PIPE)
-            process.communicate('\n'.join(self.RULES) + '\n' +
-                                '\n'.join(self.RULES_NAT) + '\n')
-
    def get(self):
        if self.IPV6:
            return {'filter': self.RULES, }