62,7 → 62,7 |
if [ $ip_on != "#" ] |
then |
ip_blocked=`echo $ip_line|cut -d" " -f1` |
$IPTABLES -A FORWARD -d $ip_blocked -j NFLOG --nflog-prefix "RULE IP-blocked -- REJECT " |
$IPTABLES -A FORWARD -d $ip_blocked -j NFLOG --nflog-group 1 --nflog-prefix "RULE IP-blocked -- REJECT " |
$IPTABLES -A FORWARD -d $ip_blocked -j REJECT |
fi |
done < /usr/local/etc/alcasar-ip-blocked |
100,7 → 100,7 |
$IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT |
|
# On autorise les demandes de connexions sortantes |
$IPTABLES -A FORWARD -i $INTIF -m state --state NEW -j NFLOG --nflog-prefix "RULE Transfert -- ACCEPT " |
$IPTABLES -A FORWARD -i $INTIF -m state --state NEW -j NFLOG --nflog-group 1 --nflog-prefix "RULE Transfert -- ACCEPT " |
$IPTABLES -A FORWARD -i $INTIF -m state --state NEW -j ACCEPT |
|
# On autorise les flux entrant ntp et dns via INTIF |
111,8 → 111,8 |
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
|
# On interdit et on log le reste sur les 2 interfaces d'accès |
$IPTABLES -A INPUT -i $INTIF -j NFLOG --nflog-prefix "RULE rej-int -- REJECT " |
$IPTABLES -A INPUT -i $EXTIF -j NFLOG --nflog-prefix "RULE rej-ext -- REJECT " |
$IPTABLES -A INPUT -i $INTIF -j NFLOG --nflog-group 1 --nflog-prefix "RULE rej-int -- REJECT " |
$IPTABLES -A INPUT -i $EXTIF -j NFLOG --nflog-group 1 --nflog-prefix "RULE rej-ext -- REJECT " |
$IPTABLES -A INPUT -p tcp -j REJECT --reject-with tcp-reset |
$IPTABLES -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable |
|