Back to 2zones with access from eole external network

e5eaeea3 · David Beniamine · 8f342685 · e5eaeea3 · e5eaeea3
Verified Commit e5eaeea3 authored 6 years ago by David Beniamine
--- a/eole/config.eol
+++ b/eole/config.eol
-{"bareos_dir_name": {"owner": "forced", "val": "amonecole-dir"}, "admin_eth2": {"owner": "gen_config", "val": "oui"}, "adresse_ip_eth1_proxy_link": {"owner": "gen_config", "val": "10.20.1.2"}, "activer_ajout_hosts": {"owner": "gen_config", "val": "oui"}, "nom_domaine_local": {"owner": "gen_config", "val": "malraux1.plandecuques.fr"}, "nom_court_hosts": {"owner": {"0": "gen_config"}, "val": {"0": "dnsproxy"}}, "activer_squid_auth": {"owner": "gen_config", "val": "non"}, "bareos_sd_password": {"owner": "forced", "val": "01006d73c6f13edbff49539ea6a50b744c26d4f1380cfad072df4daf"}, "adresse_ip_hosts": {"owner": "gen_config", "val": ["10.20.1.2"]}, "bareos_db_mysql_password": {"owner": "gen_config", "val": "38a0a5ed7180cb6fc3660b4049dc111deecf5e67aed721e839e88536"}, "adresse_ip_fichier_link": {"owner": "gen_config", "val": "10.20.1.3"}, "web_url": {"owner": "gen_config", "val": "malraux1.plandecuques.fr"}, "bareos_dir_password": {"owner": "forced", "val": "548c71a8e99ce2452009f2d21d225da30e6f2bba95cb05bfc8cf7b98"}, "ip_haute_dhcp": {"owner": {"0": "gen_config"}, "val": {"0": "10.20.1.254"}}, "domaine_messagerie_etab": {"owner": "gen_config", "val": "malraux1.plandecuques.fr"}, "nom_machine_eth1": {"owner": "gen_config", "val": "pedago"}, "nom_machine_eth2": {"owner": "gen_config", "val": "admin"}, "adresse_netmask_eth2": {"owner": "gen_config", "val": "255.255.255.0"}, "___version___": "2.6.2", "dansguardian_eth2": {"owner": "gen_config", "val": "2"}, "esu_proxy": {"owner": "gen_config", "val": "oui"}, "type_amon": {"owner": "gen_config", "val": "3zones-amonecole-cuques"}, "activer_dhcp": {"owner": "gen_config", "val": "oui"}, "ip_basse_dhcp": {"owner": {"0": "gen_config"}, "val": {"0": "10.20.1.20"}}, "activer_tftp": {"owner": "gen_config", "val": "oui"}, "bareos_fd_password": {"owner": "forced", "val": "0d2b71cdcc90c4367dcd47fe16bd7d308b7e22aca4c4fe36014c22e0"}, "nom_plage_dhcp": {"owner": {"0": "gen_config"}, "val": {"0": "ecole"}}, "system_mail_to": {"owner": "gen_config", "val": "root@malraux1.plandecuques.fr"}, "eth0_method": {"owner": "gen_config", "val": "dhcp"}, "activer_ead_web": {"owner": "gen_config", "val": "oui"}, "cert_type": {"owner": "gen_config", "val": "autosign\u00e9"}, "ip_admin_eth0": {"owner": "gen_config", "val": ["192.168.3.208", "193.33.56.228", "84.240.95.168"]}, "ip_admin_eth1": {"owner": "gen_config", "val": ["10.20.1.24"]}, "ip_admin_eth2": {"owner": "gen_config", "val": ["10.21.1.1"]}, "nom_long_hosts": {"owner": {"0": "gen_config"}, "val": {"0": "dnsproxy.malraux1.plandecuques.fr"}}, "ssh_eth2": {"owner": "gen_config", "val": "oui"}, "netmask_admin_eth0": {"owner": {"1": "gen_config", "0": "gen_config", "2": "gen_config"}, "val": {"1": "255.255.255.255", "0": "255.255.255.255", "2": "255.255.255.255"}}, "netmask_admin_eth2": {"owner": {"0": "gen_config"}, "val": {"0": "255.255.255.255"}}, "numero_etab": {"owner": "gen_config", "val": "malraux1"}, "activer_ftp_anonymous_access": {"owner": "gen_config", "val": "oui"}, "smb_share_model": {"owner": "gen_config", "val": "commun"}, "bareos_db_type": {"owner": "forced", "val": "mysql"}, "esu_proxy_default": {"owner": "forced", "val": "oui"}, "ip_ssh_eth2": {"owner": "gen_config", "val": ["10.21.1.1"]}, "ip_ssh_eth1": {"owner": "gen_config", "val": ["10.20.1.1"]}, "ip_ssh_eth0": {"owner": "gen_config", "val": ["192.168.3.208", "193.33.56.228", "84.240.95.168", "192.168.3.210"]}, "libelle_etab": {"owner": "gen_config", "val": "malraux1"}, "netmask_admin_eth1": {"owner": {"0": "gen_config"}, "val": {"0": "255.255.255.255"}}, "smb_workgroup": {"owner": "gen_config", "val": "ecole-wg"}, "ftp_anonymous_directory": {"owner": "gen_config", "val": "/var/lib/tftpboot/public"}, "smb_netbios_name": {"owner": "gen_config", "val": "ecole-srv"}, "netmask_ssh_eth2": {"owner": {"0": "gen_config"}, "val": {"0": "255.255.255.255"}}, "netmask_ssh_eth0": {"owner": {"1": "gen_config", "0": "gen_config", "3": "gen_config", "2": "gen_config"}, "val": {"1": "255.255.255.255", "0": "255.255.255.255", "3": "255.255.255.255", "2": "255.255.255.255"}}, "netmask_ssh_eth1": {"owner": {"0": "gen_config"}, "val": {"0": "255.255.255.255"}}, "nom_academie": {"owner": "gen_config", "val": "ac-marseille"}, "omapi_secret": {"owner": "forced", "val": "42f0707bbf047e86da7fb90aa0752f750503be5899135f2ea6542a34"}, "activer_exim_relay_smtp": {"owner": "gen_config", "val": "non"}, "adresse_ip_eth1": {"owner": "gen_config", "val": "10.20.1.1"}, "adresse_ip_eth2": {"owner": "gen_config", "val": "10.21.1.1"}, "nom_machine": {"owner": "gen_config", "val": "amonecole"}, "adresse_ip_eth2_proxy_link": {"owner": "gen_config", "val": "10.21.1.2"}, "activer_ead3": {"owner": "gen_config", "val": "oui"}, "nombre_interfaces": {"owner": "gen_config", "val": "3"}, "repertoire_tftp": {"owner": "gen_config", "val": "/var/lib/tftpboot/"}}
\ No newline at end of file
+{"proxy_bypass_network_eth1": {"owner": "gen_config", "val": []}, "bareos_dir_name": {"owner": "forced", "val": "amonecole-dir"}, "type_amon": {"owner": "gen_config", "val": "2zones-amonecole-cuques"}, "adresse_ip_eth1_proxy_link": {"owner": "gen_config", "val": "10.20.1.2"}, "activer_ajout_hosts": {"owner": "gen_config", "val": "oui"}, "nom_domaine_local": {"owner": "gen_config", "val": "malraux1.plandecuques.fr"}, "route_adresse": {"owner": "gen_config", "val": []}, "nom_court_hosts": {"owner": {"0": "gen_config"}, "val": {"0": "dnsproxy"}}, "activer_squid_auth": {"owner": "gen_config", "val": "non"}, "bareos_sd_password": {"owner": "forced", "val": "01006d73c6f13edbff49539ea6a50b744c26d4f1380cfad072df4daf"}, "adresse_ip_hosts": {"owner": "gen_config", "val": ["10.20.1.2"]}, "bareos_db_mysql_password": {"owner": "gen_config", "val": "38a0a5ed7180cb6fc3660b4049dc111deecf5e67aed721e839e88536"}, "adresse_ip_fichier_link": {"owner": "gen_config", "val": "10.20.1.3"}, "web_url": {"owner": "gen_config", "val": "malraux1.plandecuques.fr"}, "zone_is_bridge_eth2": {"owner": "gen_config", "val": "non"}, "bareos_dir_password": {"owner": "forced", "val": "548c71a8e99ce2452009f2d21d225da30e6f2bba95cb05bfc8cf7b98"}, "alias_ip_eth1": {"owner": "gen_config", "val": []}, "ip_haute_dhcp": {"owner": {"0": "gen_config"}, "val": {"0": "10.20.1.254"}}, "activer_omapi": {"owner": "gen_config", "val": "non"}, "nom_machine_eth1": {"owner": "gen_config", "val": "pedago"}, "alias_eth2": {"owner": "gen_config", "val": "non"}, "adresse_netmask_eth2": {"owner": "gen_config", "val": "255.255.255.0"}, "___version___": "2.6.2", "dansguardian_eth2": {"owner": "gen_config", "val": "2"}, "esu_proxy": {"owner": "gen_config", "val": "oui"}, "domaine_messagerie_etab": {"owner": "gen_config", "val": "malraux1.plandecuques.fr"}, "activer_dhcp": {"owner": "gen_config", "val": "oui"}, "admin_eth2": {"owner": "gen_config", "val": "oui"}, "activer_tftp": {"owner": "gen_config", "val": "oui"}, "activer_dhcp_failover": {"owner": "gen_config", "val": "non"}, "nom_academie": {"owner": "gen_config", "val": "ac-marseille"}, "bareos_fd_password": {"owner": "forced", "val": "0d2b71cdcc90c4367dcd47fe16bd7d308b7e22aca4c4fe36014c22e0"}, "nom_plage_dhcp": {"owner": {"0": "gen_config"}, "val": {"0": "ecole"}}, "system_mail_to": {"owner": "gen_config", "val": "root@malraux1.plandecuques.fr"}, "proxy_bypass_src_network_eth1": {"owner": "gen_config", "val": []}, "eth0_method": {"owner": "gen_config", "val": "dhcp"}, "activer_ead_web": {"owner": "gen_config", "val": "oui"}, "cert_type": {"owner": "gen_config", "val": "autosign\u00e9"}, "ip_admin_eth0": {"owner": "gen_config", "val": ["192.168.3.210", "193.33.56.228", "84.240.95.168"]}, "ip_admin_eth1": {"owner": "gen_config", "val": ["10.20.1.24"]}, "ip_admin_eth2": {"owner": "gen_config", "val": ["10.21.1.1"]}, "nom_long_hosts": {"owner": {"0": "gen_config"}, "val": {"0": "dnsproxy.malraux1.plandecuques.fr"}}, "ssh_eth2": {"owner": "gen_config", "val": "oui"}, "netmask_admin_eth0": {"owner": {"1": "gen_config", "0": "gen_config", "2": "gen_config"}, "val": {"1": "255.255.255.255", "0": "255.255.255.255", "2": "255.255.255.255"}}, "ip_basse_dhcp": {"owner": {"0": "gen_config"}, "val": {"0": "10.20.1.20"}}, "netmask_admin_eth2": {"owner": {"0": "gen_config"}, "val": {"0": "255.255.255.255"}}, "numero_etab": {"owner": "gen_config", "val": "malraux1"}, "activer_ftp_anonymous_access": {"owner": "gen_config", "val": "oui"}, "smb_share_model": {"owner": "gen_config", "val": "commun"}, "bareos_db_type": {"owner": "forced", "val": "mysql"}, "esu_proxy_default": {"owner": "forced", "val": "oui"}, "ip_ssh_eth2": {"owner": "gen_config", "val": ["10.21.1.1"]}, "ip_ssh_eth1": {"owner": "gen_config", "val": ["10.20.1.1"]}, "ip_ssh_eth0": {"owner": "gen_config", "val": ["192.168.3.208", "193.33.56.228", "84.240.95.168", "192.168.3.210"]}, "libelle_etab": {"owner": "gen_config", "val": "malraux1"}, "netmask_admin_eth1": {"owner": {"0": "gen_config"}, "val": {"0": "255.255.255.255"}}, "activer_route": {"owner": "gen_config", "val": "non"}, "ftp_anonymous_directory": {"owner": "gen_config", "val": "/var/lib/tftpboot/public"}, "nom_zone_eth2": {"owner": "gen_config", "val": "eno2"}, "smb_netbios_name": {"owner": "gen_config", "val": "ecole-srv"}, "netmask_ssh_eth2": {"owner": {"0": "gen_config"}, "val": {"0": "255.255.255.255"}}, "netmask_ssh_eth0": {"owner": {"1": "gen_config", "0": "gen_config", "3": "gen_config", "2": "gen_config"}, "val": {"1": "255.255.255.255", "0": "255.255.255.255", "3": "255.255.255.255", "2": "255.255.255.255"}}, "netmask_ssh_eth1": {"owner": {"0": "gen_config"}, "val": {"0": "255.255.255.255"}}, "adresse_network_dhcp": {"owner": "gen_config", "val": ["10.20.1.0"]}, "nom_machine_eth2": {"owner": "gen_config", "val": "zoneadmin"}, "omapi_secret": {"owner": "forced", "val": "42f0707bbf047e86da7fb90aa0752f750503be5899135f2ea6542a34"}, "activer_exim_relay_smtp": {"owner": "gen_config", "val": "non"}, "adresse_ip_eth1": {"owner": "gen_config", "val": "10.20.1.1"}, "adresse_ip_eth2": {"owner": "gen_config", "val": "10.21.1.1"}, "nom_machine": {"owner": "gen_config", "val": "amonecole"}, "smb_workgroup": {"owner": "gen_config", "val": "ecole-wg"}, "proxy_bypass_eth1": {"owner": "gen_config", "val": "non"}, "alias_eth1": {"owner": "gen_config", "val": "non"}, "adresse_ip_eth2_proxy_link": {"owner": "gen_config", "val": "10.21.1.2"}, "activer_ead3": {"owner": "gen_config", "val": "oui"}, "nombre_interfaces": {"owner": "gen_config", "val": "2"}, "repertoire_tftp": {"owner": "gen_config", "val": "/var/lib/tftpboot/"}}
\ No newline at end of file
--- a/eole/era/3zones-amonecole-cuques.xml
+++ b/eole/era/3zones-amonecole-cuques.xml
 <?xml version="1.0" encoding="UTF-8" ?>

-<firewall name="/usr/share/era/modeles/3zones-amonecole-cuques.xml" model="/usr/share/era/modeles/3zones-amonecole.xml" version="2.42">
+<firewall name="/usr/share/era/modeles/2zones-amonecole-cuques.xml" model="/usr/share/era/modeles/2zones-amonecole.xml" version="2.42">
    <zones>
    </zones>
    <include>
@@ -57,27 +57,28 @@
        <flux zoneA="bastion" zoneB="pedago">
            <montantes default_policy="0">
                <directive service="apt-cacher-ng" priority="40" action="2" attrs="0" mark_operator="None" mark_value="" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
-                    <source name="admin"/>
+                    <source name="pedago"/>
                    <destination name="bastion"/>
                </directive>
            </montantes>
            <descendantes default_policy="1">
            </descendantes>
        </flux>
-        <flux zoneA="bastion" zoneB="admin">
+
+        <flux zoneA="bastion" zoneB="exterieur">
            <montantes default_policy="0">
                 <directive service="registry" priority="41" action="2" attrs="0" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
-                    <source name="admin"/>
+                    <source name="exterieur_restreint"/>
                    <destination name="partage_eth1"/>
                </directive>
            </montantes>
            <descendantes default_policy="1">
            </descendantes>
        </flux>
-        <flux zoneA="bastion" zoneB="admin">
+        <flux zoneA="bastion" zoneB="exterieur">
            <montantes default_policy="0">
                 <directive service="cups" priority="42" action="2" attrs="0" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
-                    <source name="admin"/>
+                    <source name="exterieur_restreint"/>
                    <destination name="partage_eth1"/>
                </directive>
            </montantes>
@@ -85,15 +86,35 @@
            </descendantes>
        </flux>

-        <flux zoneA="bastion" zoneB="admin">
+        <flux zoneA="bastion" zoneB="exterieur">
            <montantes default_policy="0">
                <directive service="apt-cacher-ng" priority="40" action="2" attrs="0" mark_operator="None" mark_value="" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
-                    <source name="admin"/>
+                    <source name="exterieur_restreint"/>
                    <destination name="bastion"/>
                </directive>
            </montantes>
            <descendantes default_policy="1">
            </descendantes>
        </flux>
+
+        <flux zoneA="bastion" zoneB="exterieur">
+            <montantes default_policy="0">
+                <directive service="samba-udp" priority="16" action="2" attrs="0" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
+                    <source name="exterieur_restreint"/>
+                    <destination name="partage_eth1"/>
+                </directive>
+                <directive service="samba-tcp" priority="17" action="2" attrs="0" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
+                    <source name="exterieur_restreint"/>
+                    <destination name="partage_eth1"/>
+                </directive>
+                <directive service="samba3" priority="18" action="2" attrs="0" src_inv="0" dest_inv="0" serv_inv="0" libelle="pas de description" ipsec="0" accept="0">
+                    <source name="exterieur_restreint"/>
+                    <destination name="partage_eth1"/>
+                </directive>
+            </montantes>
+            <descendantes default_policy="1">
+            </descendantes>
+        </flux>
+
    </flux-list>
 </firewall>