Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
CIRCLE
/
cloud
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
94
Merge Requests
10
Pipelines
Wiki
Snippets
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
e7b16d48
authored
Jan 23, 2013
by
x
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Allow smtp from selefted hosts
parent
b7cbdafd
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
9 additions
and
5 deletions
+9
-5
firewall/fw.py
+9
-5
No files found.
firewall/fw.py
View file @
e7b16d48
...
...
@@ -54,6 +54,9 @@ class firewall:
for
vlan
in
rule
.
vlan
.
all
():
if
(
rule
.
accept
):
if
(
rule
.
direction
==
'0'
and
vlan
.
name
==
"PUB"
):
if
(
rule
.
dport
==
25
):
self
.
iptables
(
"-A PUB_OUT -s
%
s
%
s -p tcp --dport 25 -j LOG_ACC"
%
(
ipaddr
,
rule
.
extra
))
break
action
=
"PUB_OUT"
else
:
action
=
"LOG_ACC"
...
...
@@ -141,11 +144,6 @@ class firewall:
self
.
iptables
(
"-N PUB_OUT"
)
if
not
self
.
IPV6
:
self
.
iptables
(
"-A PUB_OUT -j r_pub_dIP"
)
self
.
iptables
(
"-A PUB_OUT -s 10.2.0.9 -p tcp --dport 25 -j LOG_ACC"
)
self
.
iptables
(
"-A PUB_OUT -s 10.2.0.2 -p tcp --dport 25 -j LOG_ACC"
)
self
.
iptables
(
"-A PUB_OUT -p tcp --dport 25 -j LOG_DROP"
)
self
.
iptables
(
"-A PUB_OUT -p tcp --dport 445 -j LOG_DROP"
)
self
.
iptables
(
"-A PUB_OUT -p udp --dport 445 -j LOG_DROP"
)
self
.
iptables
(
"-A FORWARD -m state --state INVALID -g LOG_DROP"
)
self
.
iptables
(
"-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT"
)
...
...
@@ -164,6 +162,12 @@ class firewall:
def
postrun
(
self
):
self
.
iptables
(
"-A PUB_OUT -s 152.66.243.160/27 -p tcp --dport 25 -j LOG_ACC"
)
self
.
iptables
(
"-A PUB_OUT -s 152.66.243.160/27 -p tcp --dport 445 -j LOG_ACC"
)
self
.
iptables
(
"-A PUB_OUT -p tcp --dport 25 -j LOG_DROP"
)
self
.
iptables
(
"-A PUB_OUT -p tcp --dport 445 -j LOG_DROP"
)
self
.
iptables
(
"-A PUB_OUT -p udp --dport 445 -j LOG_DROP"
)
self
.
iptables
(
"-A PUB_OUT -g LOG_ACC"
)
self
.
iptables
(
"-A FORWARD -g LOG_DROP"
)
self
.
iptables
(
"-A INPUT -g LOG_DROP"
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment