/scripts/alcasar-iptables.sh |
---|
27,6 → 27,8 |
DNSSERVERS="$dns1,$dns2" # first and second DNS IP servers addresses |
PROTOCOLS_FILTERING=`grep PROTOCOLS_FILTERING= $conf_file|cut -d"=" -f2` # Network protocols filter (on/off) |
PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:=off} |
EXT_LAN_FILTERING=`grep EXT_LAN_FILTERING= $conf_file|cut -d"=" -f2` # filter acces to the lan on alcasar/eth0 (on/off) |
EXT_LAN_FILTERING=${EXT_LAN_FILTERING:=off} |
DNS_FILTERING=`grep DNS_FILTERING= $conf_file|cut -d"=" -f2` # DNS and URLs filter (on/off) |
DNS_FILTERING=${DNS_FILTERING:=off} |
QOS=`grep QOS= $conf_file|cut -d"=" -f2` # QOS (on/off) |
196,6 → 198,14 |
$IPTABLES -A FORWARD -i $TUNIF -p udp --dport domain -j REJECT --reject-with icmp-port-unreachable |
$IPTABLES -A FORWARD -i $TUNIF -p tcp --dport domain -j REJECT --reject-with tcp-reset |
# Filtrage de l'accès au LAN connecté sur EXTIF (eth0) |
# EXTIF (eth0) connected LAN filtering |
if [ $EXT_LAN_FILTERING = on ]; then |
$IPTABLES -A FORWARD -i $TUNIF -p udp -d $public_ip_mask -j REJECT --reject-with icmp-port-unreachable |
$IPTABLES -A FORWARD -i $TUNIF -p icmp -d $public_ip_mask -j REJECT --reject-with icmp-port-unreachable |
$IPTABLES -A FORWARD -i $TUNIF -p tcp -d $public_ip_mask -j REJECT --reject-with tcp-reset |
fi |
# If protocols filter is activate |
if [ $PROTOCOLS_FILTERING = on ]; then |
# Compute exception IP (IP addresses that shouldn't be filtered) |
/scripts/sbin/alcasar-logout.sh |
---|
2,7 → 2,7 |
# $Id$ |
# alcasar-logout.sh |
# by Richard REY |
# by Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
# Déconnexion d'un ou de tous les usagers |
9,7 → 9,7 |
# One user (or all users) disconnect |
macallowed_file="/usr/local/etc/alcasar-macallowed" |
radiussecret="ci0wkfI9" |
radiussecret="" |
OLDIFS=$IFS |
IFS=$'\n' |
/scripts/sbin/alcasar-uninstall.sh |
---|
182,7 → 182,7 |
sleep 1 |
# network |
echo -en "\n- network(8) : " |
echo -en "\n- network(9) : " |
hostname localhost |
/sbin/ifdown eth0 |
[ -e /etc/sysconfig/network-scripts/default-ifcfg-eth0 ] && mv /etc/sysconfig/network-scripts/default-ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0 && echo -n "1, " |
193,6 → 193,8 |
[ -e /etc/hosts.allow.default ] && mv /etc/hosts.allow.default /etc/hosts.allow && echo -n "6, " |
[ -e /etc/hosts.deny.default ] && mv /etc/hosts.deny.default /etc/hosts.deny && echo -n "7, " |
[ -e /etc/sysconfig/iptables ] && rm -f /etc/sysconfig/iptables && echo -n "8" |
[ -e /etc/modprobe.preload.default ] && mv /etc/modprobe.preload.default /etc/modprobe.preload && echo -n "9" |
echo |
/sbin/ifup eth0 |
sleep 1 |
/scripts/alcasar-watchdog.sh |
---|
2,7 → 2,7 |
# $Id$ |
# alcasar-watchdog.sh |
# by Richard REY |
# by Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
# Ce script prévient les usagers de l'indisponibilité de l'accès Internet |