| 62,7 → 62,7 |
|---|
| if [ $ip_on != "#" ] |
| then |
| ip_blocked=`echo $ip_line|cut -d" " -f1` |
| $IPTABLES -A FORWARD -d $ip_blocked -j NFLOG --nflog-prefix "RULE IP-blocked -- REJECT " |
| $IPTABLES -A FORWARD -d $ip_blocked -j NFLOG --nflog-group 1 --nflog-prefix "RULE IP-blocked -- REJECT " |
| $IPTABLES -A FORWARD -d $ip_blocked -j REJECT |
| fi |
| done < /usr/local/etc/alcasar-ip-blocked |
| 100,7 → 100,7 |
|---|
| $IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT |
| |
| # On autorise les demandes de connexions sortantes |
| $IPTABLES -A FORWARD -i $INTIF -m state --state NEW -j NFLOG --nflog-prefix "RULE Transfert -- ACCEPT " |
| $IPTABLES -A FORWARD -i $INTIF -m state --state NEW -j NFLOG --nflog-group 1 --nflog-prefix "RULE Transfert -- ACCEPT " |
| $IPTABLES -A FORWARD -i $INTIF -m state --state NEW -j ACCEPT |
| |
| # On autorise les flux entrant ntp et dns via INTIF |
| 111,8 → 111,8 |
|---|
| $IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
| |
| # On interdit et on log le reste sur les 2 interfaces d'accès |
| $IPTABLES -A INPUT -i $INTIF -j NFLOG --nflog-prefix "RULE rej-int -- REJECT " |
| $IPTABLES -A INPUT -i $EXTIF -j NFLOG --nflog-prefix "RULE rej-ext -- REJECT " |
| $IPTABLES -A INPUT -i $INTIF -j NFLOG --nflog-group 1 --nflog-prefix "RULE rej-int -- REJECT " |
| $IPTABLES -A INPUT -i $EXTIF -j NFLOG --nflog-group 1 --nflog-prefix "RULE rej-ext -- REJECT " |
| $IPTABLES -A INPUT -p tcp -j REJECT --reject-with tcp-reset |
| $IPTABLES -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable |
| |