11,14 → 11,23 |
|
conf_file="/usr/local/etc/alcasar.conf" |
private_ip_mask=`grep PRIVATE_IP $conf_file|cut -d"=" -f2` |
private_ip_mask=${private_ip_mask:=192.168.182.1/24} |
private_network=`/bin/ipcalc -n $private_ip_mask|cut -d"=" -f2` # LAN IP address (ie.: 192.168.182.0) |
private_prefix=`/bin/ipcalc -p $private_ip_mask|cut -d"=" -f2` # LAN prefix (ie. 24) |
dns1=`grep DNS1 $conf_file|cut -d"=" -f2` # first public DNS server |
dns1=${dns1:=208.67.220.220} |
dns2=`grep DNS2 $conf_file|cut -d"=" -f2` # second public DNS server |
PROTOCOLS_FILTERING=`grep PROTOCOLS_FILTERING $conf_file|cut -d"=" -f2` # Network protocols filter (yes/no) |
DNS_FILTERING=`grep DNS_FILTERING $conf_file|cut -d"=" -f2` # DNS and URLs filter (yes/no) |
QOS=`grep QOS $conf_file|cut -d"=" -f2` # QOS (yse/no) |
SSH=`grep SSH $conf_file|cut -d"=" -f2` # sshd active (yes/no) |
dns2=${dns2:=208.67.222.222} |
PROTOCOLS_FILTERING=`grep PROTOCOLS_FILTERING $conf_file|cut -d"=" -f2` # Network protocols filter (on/off) |
PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:=off} |
DNS_FILTERING=`grep DNS_FILTERING $conf_file|cut -d"=" -f2` # DNS and URLs filter (on/off) |
DNS_FILTERING=${DNS_FILTERING:=off} |
QOS=`grep QOS $conf_file|cut -d"=" -f2` # QOS (on/off) |
QOS=${QOS:=off} |
SSH=`grep SSH $conf_file|cut -d"=" -f2` # sshd active (on/off) |
SSH=${SSH:=off} |
LDAP=`grep LDAP $conf_file|cut -d"=" -f2` # ldap external server active (on/off) |
LDAP=${LDAP:=off} |
PRIVATE_NETWORK_MASK=$private_network/$private_prefix # Lan IP address + prefix (192.168.182.0/24) |
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address |
DNSSERVERS="$dns1,$dns2" # first and second DNS IP servers addresses |
236,16 → 245,22 |
# On autorise les requêtes DNS vers les serveurs DNS identifiés |
# Allow DNS requests to identified DNS servers |
$IPTABLES -A OUTPUT -o $EXTIF -d $DNSSERVERS -p udp --dport domain -m state --state NEW -j ACCEPT |
# On autorise les requêtes http sortantes |
# On autorise les requêtes HTTP sortantes |
# HTTP requests are allowed |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT |
# On autorise les requêtes ntp |
# On autorise les requêtes NTP |
# NTP requests are allowed |
$IPTABLES -A OUTPUT -o $EXTIF -p udp --dport ntp -j ACCEPT |
# On autorise les requêtes ICMP (ping) |
# ICMP (ping) requests are allowed |
$IPTABLES -A OUTPUT -o $EXTIF -p icmp --icmp-type 8 -j ACCEPT |
|
# On autorise les requêtes LDAP si un serveur externe est configué |
# LDAP requests are allowed if an external server is declared |
if [ $LDAP = on ] |
then |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ldap -j ACCEPT |
$IPTABLES -A OUTPUT -o $EXTIF -p udp --dport ldap -j ACCEPT |
fi |
# Traduction dynamique d'adresse en sortie |
# Dynamic NAT on EXTIF |
$IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE |