WebSVN – ALCASAR – Path Comparison – / – /scripts/alcasar-iptables.sh Rev 614 and /scripts/alcasar-iptables.sh Rev 615

Ignore whitespace Rev 614 → Rev 615

 /scripts/alcasar-iptables.sh
 ,14 → 11,23
 conf_file="/usr/local/etc/alcasar.conf"
 private_ip_mask=`grep PRIVATE_IP $conf_file|cut -d"=" -f2`
+private_ip_mask=${private_ip_mask:=192.168.182.1/24}
 private_network=`/bin/ipcalc -n $private_ip_mask|cut -d"=" -f2`         # LAN IP address (ie.: 192.168.182.0)
 private_prefix=`/bin/ipcalc -p $private_ip_mask|cut -d"=" -f2`          # LAN prefix (ie. 24)
 dns1=`grep DNS1 $conf_file|cut -d"=" -f2`                               # first public DNS server
+dns1=${dns1:=208.67.220.220}
 dns2=`grep DNS2 $conf_file|cut -d"=" -f2`                               # second public DNS server
-PROTOCOLS_FILTERING=`grep PROTOCOLS_FILTERING $conf_file|cut -d"=" -f2` # Network protocols filter (yes/no)
-DNS_FILTERING=`grep DNS_FILTERING $conf_file|cut -d"=" -f2`             # DNS and URLs filter (yes/no)
-QOS=`grep QOS $conf_file|cut -d"=" -f2`                                 # QOS (yse/no)
-SSH=`grep SSH $conf_file|cut -d"=" -f2`                                 # sshd active (yes/no)
+dns2=${dns2:=208.67.222.222}
+PROTOCOLS_FILTERING=`grep PROTOCOLS_FILTERING $conf_file|cut -d"=" -f2` # Network protocols filter (on/off)
+PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:=off}
+DNS_FILTERING=`grep DNS_FILTERING $conf_file|cut -d"=" -f2`             # DNS and URLs filter (on/off)
+DNS_FILTERING=${DNS_FILTERING:=off}
+QOS=`grep QOS $conf_file|cut -d"=" -f2`                                 # QOS (on/off)
+QOS=${QOS:=off}
+SSH=`grep SSH $conf_file|cut -d"=" -f2`                                 # sshd active (on/off)
+SSH=${SSH:=off}
+LDAP=`grep LDAP $conf_file|cut -d"=" -f2`                               # ldap external server active (on/off)
+LDAP=${LDAP:=off}
 PRIVATE_NETWORK_MASK=$private_network/$private_prefix                   # Lan IP address + prefix (192.168.182.0/24)
 PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1`                      # ALCASAR LAN IP address
 DNSSERVERS="$dns1,$dns2"                                                # first and second DNS IP servers addresses
 ,16 → 245,22
 # On autorise les requêtes DNS vers les serveurs DNS identifiés
 # Allow DNS requests to identified DNS servers
 $IPTABLES -A OUTPUT -o $EXTIF -d $DNSSERVERS -p udp --dport domain -m state --state NEW -j ACCEPT
-# On autorise les requêtes http sortantes
+# On autorise les requêtes HTTP sortantes
 # HTTP requests are allowed
 $IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT
-# On autorise les requêtes ntp
+# On autorise les requêtes NTP
 # NTP requests are allowed
 $IPTABLES -A OUTPUT -o $EXTIF -p udp --dport ntp -j ACCEPT
 # On autorise les requêtes ICMP (ping)
 # ICMP (ping) requests are allowed
 $IPTABLES -A OUTPUT -o $EXTIF -p icmp --icmp-type 8 -j ACCEPT
+# On autorise les requêtes LDAP si un serveur externe est configué
+# LDAP requests are allowed if an external server is declared
+if [ $LDAP = on ]
+        then
+        $IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ldap -j ACCEPT
+        $IPTABLES -A OUTPUT -o $EXTIF -p udp --dport ldap -j ACCEPT
+fi
 # Traduction dynamique d'adresse en sortie
 # Dynamic NAT on EXTIF
 $IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE

Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 614 → Rev 615