La Rouuuleeeeteuuuh
This commit is contained in:
Hugo Levy-Falk
root
parent
9512cd35ac
commit
9a840b8554
4 changed files with 46 additions and 1 deletions
|
|
@ -30,6 +30,7 @@ include "zones/admin.nft"
|
||||||
include "zones/dmz.nft"
|
include "zones/dmz.nft"
|
||||||
include "zones/prerezotage.nft"
|
include "zones/prerezotage.nft"
|
||||||
include "nat.nft"
|
include "nat.nft"
|
||||||
|
include "roulette.nft"
|
||||||
|
|
||||||
# Table principale
|
# Table principale
|
||||||
table inet firewall {
|
table inet firewall {
|
||||||
|
|
@ -44,6 +45,9 @@ table inet firewall {
|
||||||
# Applique la politique globale
|
# Applique la politique globale
|
||||||
jump global
|
jump global
|
||||||
|
|
||||||
|
# La roulette pour les n1as
|
||||||
|
jump roulette
|
||||||
|
|
||||||
# Passage par le checkmac pour les concernés
|
# Passage par le checkmac pour les concernés
|
||||||
# jump checkmac
|
# jump checkmac
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -36,7 +36,7 @@ api_hostname = CONFIG.get('Re2o', 'hostname')
|
||||||
api_password = CONFIG.get('Re2o', 'password')
|
api_password = CONFIG.get('Re2o', 'password')
|
||||||
api_username = CONFIG.get('Re2o', 'username')
|
api_username = CONFIG.get('Re2o', 'username')
|
||||||
|
|
||||||
api_client = Re2oAPIClient(api_hostname, api_username, api_password, use_tls=False)
|
api_client = Re2oAPIClient(api_hostname, api_username, api_password)
|
||||||
|
|
||||||
|
|
||||||
def gen_ip_mac_set():
|
def gen_ip_mac_set():
|
||||||
|
|
|
||||||
27
roulette.nft
Normal file
27
roulette.nft
Normal file
|
|
@ -0,0 +1,27 @@
|
||||||
|
# This program is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
# Copyright © 2018-2019 Hugo Levy-Falk <hugo@klafyvel.me>
|
||||||
|
|
||||||
|
# Gestion de la roulette
|
||||||
|
|
||||||
|
table inet firewall {
|
||||||
|
set ip_roulette {
|
||||||
|
type ipv4_addr
|
||||||
|
}
|
||||||
|
chain roulette {
|
||||||
|
ip saddr @ip_roulette ip daddr != 92.242.132.24 drop
|
||||||
|
ip daddr @ip_roulette ip saddr != 92.242.132.24 drop
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
14
roulette.py
Executable file
14
roulette.py
Executable file
|
|
@ -0,0 +1,14 @@
|
||||||
|
#! /usr/bin/python3
|
||||||
|
|
||||||
|
import requests
|
||||||
|
from firewall import NetfilterSet
|
||||||
|
|
||||||
|
ips = requests.get('http://roulette.rez/banned_ip').text.split('\n')
|
||||||
|
content = [(i,) for i in ips if i] or None
|
||||||
|
s = NetfilterSet(
|
||||||
|
target_content=content,
|
||||||
|
type_=('IPv4',),
|
||||||
|
name='ip_roulette',
|
||||||
|
table_name='firewall'
|
||||||
|
)
|
||||||
|
s.manage()
|
||||||
Loading…
Reference in a new issue