| 210,8 → 210,10 |
|---|
| # On installe les paquetages complémentaires |
| urpmi --auto $PACKAGES |
| # On empêche les mises à jour de coova-chilli et freeradius par le biais des dépôts |
| echo -n "/^coova/" >> /etc/urpmi/skip.list |
| echo -n "/^freeradius/" >> /etc/urpmi/skip.list |
| for rpmskip in coova freeradius |
| do |
| echo -n "/^$rpmskip/" >> /etc/urpmi/skip.list |
| done |
| # On supprime les paquetages, les services et les utilisateurs inutiles |
| for rm_rpm in dhcp-server avahi mandi shorewall libc-icap0 cyrus-sasl |
| do |
| 530,6 → 532,7 |
|---|
| Deny from all |
| Allow from 127.0.0.1 |
| Allow from $PRIVATE_NETWORK_MASK |
| # Allow from $SRC_ADMIN |
| require valid-user |
| AuthType digest |
| AuthName $HOSTNAME |
| 544,6 → 547,7 |
|---|
| Deny from all |
| Allow from 127.0.0.1 |
| Allow from $PRIVATE_NETWORK_MASK |
| # Allow from $SRC_ADMIN |
| require valid-user |
| AuthType digest |
| AuthName $HOSTNAME |
| 558,6 → 562,7 |
|---|
| Deny from all |
| Allow from 127.0.0.1 |
| Allow from $PRIVATE_NETWORK_MASK |
| # Allow from $SRC_ADMIN |
| require valid-user |
| AuthType digest |
| AuthName $HOSTNAME |
| 572,6 → 577,7 |
|---|
| Deny from all |
| Allow from 127.0.0.1 |
| Allow from $PRIVATE_NETWORK_MASK |
| # Allow from $SRC_ADMIN |
| require valid-user |
| AuthType digest |
| AuthName $HOSTNAME |
| 587,6 → 593,7 |
|---|
| Deny from all |
| Allow from 127.0.0.1 |
| Allow from $PRIVATE_NETWORK_MASK |
| # Allow from $SRC_ADMIN |
| require valid-user |
| AuthType digest |
| AuthName $HOSTNAME |
| 873,7 → 880,7 |
|---|
| # la page d'interception est en français |
| $SED "s?^language =.*?language = french?g" /etc/dansguardian/dansguardian.conf |
| # on limite l'écoute de Dansguardian côté LAN |
| $SED "s?^filterip =.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf |
| $SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf |
| # on chaîne Dansguardian au proxy antivirus HAVP |
| $SED "s?^proxyport.*?proxyport = 8090?g" /etc/dansguardian/dansguardian.conf |
| # on remplace la page d'interception (template) |
| 955,10 → 962,10 |
|---|
| ################################################################################## |
| firewall () |
| { |
| $SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh |
| $SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh |
| $SED "s?^PRIVATE_NETWORK_MASK=.*?PRIVATE_NETWORK_MASK=\"$PRIVATE_NETWORK_MASK\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh |
| $SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh |
| $SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh $DIR_DEST_ETC/alcasar-iptables-local.sh |
| $SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh $DIR_DEST_ETC/alcasar-iptables-local.sh |
| $SED "s?^PRIVATE_NETWORK_MASK=.*?PRIVATE_NETWORK_MASK=\"$PRIVATE_NETWORK_MASK\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh $DIR_DEST_ETC/alcasar-iptables-local.sh |
| $SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh $DIR_DEST_ETC/alcasar-iptables-local.sh |
| chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau) |
| [ -d /var/log/firewall ] || mkdir -p /var/log/firewall |
| [ -e /var/log/firewall/firewall.log ] || touch /var/log/firewall/firewall.log |