Subversion Repositories ALCASAR

Rev

Rev 492 | Rev 498 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 492 Rev 493
Line 1... Line 1...
1 
#!/bin/sh
 1 
#!/bin/sh
2 
# $Id: alcasar-iptables.sh 492 2011-02-14 06:40:53Z franck $
 2 
# $Id: alcasar-iptables.sh 493 2011-02-14 06:46:55Z franck $
3 
# script de mise en place des regles du parefeu d'Alcasar (mode normal)
 3 
# script de mise en place des regles du parefeu d'Alcasar (mode normal)
4 
# Rexy - 3abtux - CPN
 4 
# Rexy - 3abtux - CPN
5 
# there are three channels for log : 1 (default) for tracability, 2 for secure admin (ssh), 3 for exterior access attempts,
 5 
# there are three channels for log : 1 (default) for tracability, 2 for secure admin (ssh), 3 for exterior access attempts,
6 
 
 6 
 
7 
IPTABLES="/sbin/iptables"
 7 
IPTABLES="/sbin/iptables"
Line 134... Line 134...
134 
fi
 134 
fi
135 
 
 135 
 
136 
########################
 136 
########################
137 
#  If QOS is activate  #
 137 
#  If QOS is activate  #
138 
########################
 138 
########################
139 
if [ $QOS = "yes" ]; then
 139 
if [ $QOS = "yes" ] && [ -e /usr/local/etc/alcasar-iptables-qos.sh ]; then
140 
	. /usr/local/etc/alcasar-iptables-qos.sh
140 
	. /usr/local/etc/alcasar-iptables-qos.sh
141 
fi
 141 
fi
142 
 
 142 
 
143 
# Allow forward connections with log
 143 
# Allow forward connections with log
144 
$IPTABLES -A FORWARD -i $TUNIF -m state --state NEW -j ULOG --ulog-prefix "RULE F_all -- ACCEPT "
 144 
$IPTABLES -A FORWARD -i $TUNIF -m state --state NEW -j ULOG --ulog-prefix "RULE F_all -- ACCEPT "