Project

General

Profile

Tâche #24393

Scénario #24284: Le comportement ipsets est à revoir sur EOLE 2.7

Gérer les règles avec un prefix

Added by Emmanuel GARETTE over 4 years ago. Updated over 4 years ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Emmanuel GARETTE
Target version:
Distribution EOLE - sprint 2018 26-28 Equipe MENSR
Start date:
06/25/2018
Due date:
% Done:

100%

Estimated time:
6.00 h
Spent time:
6.50 h
Remaining (hours):
0.0

Associated revisions

Revision 14c52b8e (diff)
Added by Emmanuel GARETTE over 4 years ago

ajouter un prefix pour les ipsets des groupes de machine amon (ref #24393)

Revision 9b152aae (diff)
Added by Emmanuel GARETTE over 4 years ago

ajout de tests pour valider la conservation des règles ipsets personnalisées (ref #24393)

Revision f05bba2d (diff)
Added by Joël Cuissinat over 4 years ago

Ajout du préfixe des ipsets dans les règles de génération iptables

Ref: #25305
Ref: #25306
Ref: #24393

History

#1 Updated by Scrum Master over 4 years ago

  • Status changed from Nouveau to En cours

#2 Updated by Scrum Master over 4 years ago

  • Assigned To set to Emmanuel GARETTE

#3 Updated by Emmanuel GARETTE over 4 years ago

  • % Done changed from 0 to 100
  • Estimated time set to 6.00 h
  • Remaining (hours) set to 0.25

Pour tester :

ipset create maregle bitmap:ip range 192.168.0.1-192.168.0.23

Aller dans "Filtre web 1"/"Groupe de machine" et ajouter/supprimer des groupes de machine.

La règle ajouté à la main doit rester :

ipset list |grep ^Name:

Et les groupes sont ajoutés/supprimés correctement (avec le prefix "group-").

#4 Updated by Scrum Master over 4 years ago

  • Status changed from En cours to Résolu

#5 Updated by Daniel Dehennin over 4 years ago

  • Remaining (hours) changed from 0.25 to 0.0

#6 Updated by Daniel Dehennin over 4 years ago

  1. Ajout de l’ensemble personalisé
    root@amon:~# ipset create maregle bitmap:ip range 192.168.0.1-192.168.0.23
root@amon:~# ipset list |grep ^Name:
Name: bastion-adm-ext-5-dst
Name: bastion-adm-ext-5-src
Name: bastion-adm-ext-6-dst
Name: bastion-adm-ext-6-src
Name: bastion-adm-ext-7-dst
Name: bastion-adm-ext-7-src
Name: bastion-dmz-ext-1-dst
Name: bastion-dmz-ext-1-src
Name: bastion-dmz-ext-2-dst
Name: bastion-dmz-ext-2-src
Name: bastion-dmz-ext-3-dst
Name: bastion-dmz-ext-3-src
Name: bastion-ped-ext-7-dst
Name: bastion-ped-ext-7-src
Name: bastion-ped-ext-8-dst
Name: bastion-ped-ext-8-src
Name: bastion-ped-ext-9-dst
Name: bastion-ped-ext-9-src
Name: group-web_services
Name: maregle
  2. Ajout d’un groupe de machine test
    root@amon:~# ipset list |grep ^Name:
Name: bastion-adm-ext-5-dst
Name: bastion-adm-ext-5-src
Name: bastion-adm-ext-6-dst
Name: bastion-adm-ext-6-src
Name: bastion-adm-ext-7-dst
Name: bastion-adm-ext-7-src
Name: bastion-dmz-ext-1-dst
Name: bastion-dmz-ext-1-src
Name: bastion-dmz-ext-2-dst
Name: bastion-dmz-ext-2-src
Name: bastion-dmz-ext-3-dst
Name: bastion-dmz-ext-3-src
Name: bastion-ped-ext-7-dst
Name: bastion-ped-ext-7-src
Name: bastion-ped-ext-8-dst
Name: bastion-ped-ext-8-src
Name: bastion-ped-ext-9-dst
Name: bastion-ped-ext-9-src
Name: group-web_services
Name: maregle
Name: group-test
  3. Suppression du groupe de machine test
    root@amon:~# ipset list |grep ^Name:
Name: bastion-adm-ext-5-dst
Name: bastion-adm-ext-5-src
Name: bastion-adm-ext-6-dst
Name: bastion-adm-ext-6-src
Name: bastion-adm-ext-7-dst
Name: bastion-adm-ext-7-src
Name: bastion-dmz-ext-1-dst
Name: bastion-dmz-ext-1-src
Name: bastion-dmz-ext-2-dst
Name: bastion-dmz-ext-2-src
Name: bastion-dmz-ext-3-dst
Name: bastion-dmz-ext-3-src
Name: bastion-ped-ext-7-dst
Name: bastion-ped-ext-7-src
Name: bastion-ped-ext-8-dst
Name: bastion-ped-ext-8-src
Name: bastion-ped-ext-9-dst
Name: bastion-ped-ext-9-src
Name: group-web_services
Name: maregle

NB: juste pour info, l’ensemble maregle ne survie pas à un reconfigure, ce qui est le comportement normal.

#7 Updated by Scrum Master over 4 years ago

  • Status changed from Résolu to Fermé

Also available in: Atom PDF