Subversion Repositories ALCASAR

#/bin/sh

# $Id: alcasar-nf.sh 615 2011-05-24 21:47:25Z richard $

# active ou desactive le filtrage de protocoles réseau

# enable or disable the network protocols filter

# by rexy

SED="/bin/sed -i"

FIC_SERVICES="/usr/local/etc/alcasar-services"

FIC_EXCEPTIONS="/usr/local/etc/alcasar-filter-exceptions"

FIC_CONF="/usr/local/etc/alcasar.conf"

usage="Usage: alcasar-nf.sh {--on | -on} | {--off | -off} | {-conf}"

nb_args=$#

args=$1

if [ $nb_args -eq 0 ]

then

	nb_args=1

	args="-h"

fi

case $args in

	-\? | -h* | --h*)

		echo "$usage"

		exit 0

		;;

	-on|-on) # enable protocols filter

		# sort service file

		$SED "/^$/d" $FIC_SERVICES # delete empty lines

		sort -k2n $FIC_SERVICES > /tmp/alcasar-services-sort

		mv -f /tmp/alcasar-services-sort $FIC_SERVICES

		chown root:apache $FIC_SERVICES

		chmod 660 $FIC_SERVICES

		# vérify exception file 

		[ -e $FIC_EXCEPTIONS ] || touch $FIC_EXCEPTIONS

		chown root:apache $FIC_EXCEPTIONS

		chmod 664 $FIC_EXCEPTIONS

		$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=on?g" $FIC_CONF

		/usr/local/bin/alcasar-iptables.sh

		;;

	--off|-off) # disable protocols filter

		$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=off?g" $FIC_CONF

		/usr/local/bin/alcasar-iptables.sh

		;;

	--conf|-conf)

		PROTOCOLS_FILTERING=`grep PROTOCOLS_FILTERING $FIC_CONF|cut -d"=" -f2`	# Network protocols filter (on/off)

		PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:=off}

		/usr/local/bin/alcasar-iptables.sh

		;;

	*)

		echo "Argument inconnu :$1";

		echo "$usage"

		exit 1

		;;

esac