| 43,6 → 43,7 |
|---|
| |
| # On autorise tout sur loopback |
| # accept all on loopback |
| $IPTABLES -A OUTPUT -o lo -j ACCEPT |
| $IPTABLES -A INPUT -i lo -j ACCEPT |
| |
| # Insertion de règles de blocage (Devel) |
| 58,6 → 59,16 |
|---|
| done < /usr/local/etc/alcasar-iptables-block |
| fi |
| |
| # SSHD rules if activate |
| if [ $SSH = on ] |
| then |
| $IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j ULOG --ulog-nlgroup 2 --ulog-prefix "RULE ssh-from-LAN -- ACCEPT" |
| $IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -j ACCEPT |
| $IPTABLES -A INPUT -i $EXTIF -s $Admin_from_IP -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW --syn -j ULOG --ulog-nlgroup 2 --ulog-prefix "RULE ssh-from-WAN -- ACCEPT" |
| $IPTABLES -A INPUT -i $EXTIF -s $Admin_from_IP -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW,ESTABLISHED -j ACCEPT |
| $IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport ssh -m state --state ESTABLISHED -j ACCEPT |
| fi |
| |
| # on autorise les requêtes dhcp |
| # accept dhcp |
| $IPTABLES -A INPUT -i $INTIF -p udp -m udp --sport bootpc --dport bootps -j ACCEPT |