2,7 → 2,7 |
# $Id$ |
|
# alcasar-nf.sh |
# by Richard REY |
# by Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
|
# active ou desactive le filtrage de protocoles réseau |
9,16 → 9,14 |
# enable or disable the network protocols filter |
|
SED="/bin/sed -i" |
FIC_SERVICES="/usr/local/etc/alcasar-services" |
FIC_EXCEPTIONS="/usr/local/etc/alcasar-filter-exceptions" |
FIC_CONF="/usr/local/etc/alcasar.conf" |
|
usage="Usage: alcasar-nf.sh {--on | -on} | {--off | -off} | {--lan_ext_filter_on | -lan_ext_filter_on} | {--lan_ext_filter_off | -lan_ext_filter_off}" |
usage="Usage: alcasar-nf.sh {--on | -on} | {--off | -off}" |
nb_args=$# |
args=$1 |
if [ $nb_args -eq 0 ] |
then |
/usr/local/bin/alcasar-iptables.sh |
echo $usage |
exit 1 |
fi |
case $args in |
27,16 → 25,6 |
exit 0 |
;; |
-on|-on) # enable protocols filter |
# sort service file |
$SED "/^$/d" $FIC_SERVICES # delete empty lines |
sort -k2n $FIC_SERVICES > /tmp/alcasar-services-sort |
mv -f /tmp/alcasar-services-sort $FIC_SERVICES |
chown root:apache $FIC_SERVICES |
chmod 660 $FIC_SERVICES |
# vérify exception file |
[ -e $FIC_EXCEPTIONS ] || touch $FIC_EXCEPTIONS |
chown root:apache $FIC_EXCEPTIONS |
chmod 664 $FIC_EXCEPTIONS |
$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=on?g" $FIC_CONF |
/usr/local/bin/alcasar-iptables.sh |
;; |
44,14 → 32,6 |
$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=off?g" $FIC_CONF |
/usr/local/bin/alcasar-iptables.sh |
;; |
--lan_ext_filter_on|-lan_ext_filter_on) # allow external LAN access (LAN located between ALCASAR and the Internet gateway) |
$SED "s?^EXT_LAN_FILTERING.*?EXT_LAN_FILTERING=on?g" $FIC_CONF |
/usr/local/bin/alcasar-iptables.sh |
;; |
--lan_ext_filter_off|-lan_ext_filter_off) # allow external LAN access (LAN located between ALCASAR and the Internet gateway) |
$SED "s?^EXT_LAN_FILTERING.*?EXT_LAN_FILTERING=off?g" $FIC_CONF |
/usr/local/bin/alcasar-iptables.sh |
;; |
*) |
echo "Argument inconnu :$1"; |
echo "$usage" |