| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar-iptables.sh 1544 2014-12-23 16:48:10Z richard $
|
2 |
# $Id: alcasar-iptables.sh 1585 2015-03-06 16:15:41Z richard $
|
| 3 |
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
|
3 |
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
|
| 4 |
# This script writes the netfilter rules for ALCASAR
|
4 |
# This script writes the netfilter rules for ALCASAR
|
| 5 |
# Rexy - 3abtux - CPN
|
5 |
# Rexy - 3abtux - CPN
|
| 6 |
#
|
6 |
#
|
| 7 |
# Reminders
|
7 |
# Reminders
|
| Line 17... |
Line 17... |
| 17 |
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address
|
17 |
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address
|
| 18 |
private_network=`/bin/ipcalc -n $private_ip_mask|cut -d"=" -f2` # LAN IP address (ie.: 192.168.182.0)
|
18 |
private_network=`/bin/ipcalc -n $private_ip_mask|cut -d"=" -f2` # LAN IP address (ie.: 192.168.182.0)
|
| 19 |
private_prefix=`/bin/ipcalc -p $private_ip_mask|cut -d"=" -f2` # LAN prefix (ie. 24)
|
19 |
private_prefix=`/bin/ipcalc -p $private_ip_mask|cut -d"=" -f2` # LAN prefix (ie. 24)
|
| 20 |
PRIVATE_NETWORK_MASK=$private_network/$private_prefix # Lan IP address + prefix (192.168.182.0/24)
|
20 |
PRIVATE_NETWORK_MASK=$private_network/$private_prefix # Lan IP address + prefix (192.168.182.0/24)
|
| 21 |
public_ip_mask=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2` # ALCASAR WAN IP address
|
21 |
public_ip_mask=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2` # ALCASAR WAN IP address
|
| - |
|
22 |
if [[ "$public_ip_mask" == "dhcp" ]]
|
| - |
|
23 |
then
|
| - |
|
24 |
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"
|
| - |
|
25 |
$public_ip_mask=`ip addr show $EXTIF | egrep -o $PTN`
|
| - |
|
26 |
dns1=`grep ^nameserver /etc/resolv.conf|cut -d" " -f2|head -n 1`
|
| - |
|
27 |
nb_dns=`grep ^nameserver /etc/resolv.conf|wc -l`
|
| - |
|
28 |
if [ $nb_dns == 2 ]
|
| - |
|
29 |
then
|
| - |
|
30 |
dns2=`grep ^nameserver /etc/resolv.conf|cut -d" " -f2|tail -n 1`
|
| - |
|
31 |
fi
|
| - |
|
32 |
else
|
| - |
|
33 |
dns1=`grep ^DNS1= $CONF_FILE|cut -d"=" -f2`
|
| - |
|
34 |
dns2=`grep ^DNS2= $CONF_FILE|cut -d"=" -f2`
|
| - |
|
35 |
fi
|
| 22 |
PUBLIC_IP=`echo $public_ip_mask | cut -d"/" -f1`
|
36 |
PUBLIC_IP=`echo $public_ip_mask | cut -d"/" -f1`
|
| 23 |
dns1=`grep ^DNS1= $CONF_FILE|cut -d"=" -f2` # first public DNS server
|
- |
|
| 24 |
dns1=${dns1:=208.67.220.220}
|
37 |
dns1=${dns1:=208.67.220.220}
|
| 25 |
dns2=`grep ^DNS2= $CONF_FILE|cut -d"=" -f2` # second public DNS server
|
- |
|
| 26 |
dns2=${dns2:=208.67.222.222}
|
38 |
dns2=${dns2:=208.67.222.222}
|
| 27 |
DNSSERVERS="$dns1,$dns2" # first and second DNS IP servers addresses
|
39 |
DNSSERVERS="$dns1,$dns2" # first and second public DNS servers
|
| 28 |
PROTOCOLS_FILTERING=`grep ^PROTOCOLS_FILTERING= $CONF_FILE|cut -d"=" -f2` # Network protocols filter (on/off)
|
40 |
PROTOCOLS_FILTERING=`grep ^PROTOCOLS_FILTERING= $CONF_FILE|cut -d"=" -f2` # Network protocols filter (on/off)
|
| 29 |
PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:=off}
|
41 |
PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:=off}
|
| 30 |
BL_IP_CAT="/usr/local/share/iptables-bl-enabled" # categories files of the BlackListed IP
|
42 |
BL_IP_CAT="/usr/local/share/iptables-bl-enabled" # categories files of the BlackListed IP
|
| 31 |
BL_IP_OSSI="/usr/local/share/iptables-bl/ossi" # ossi categoty
|
43 |
BL_IP_OSSI="/usr/local/share/iptables-bl/ossi" # ossi categoty
|
| 32 |
WL_IP_OSSI="/usr/local/share/ossi-ip-wl" # ip of the whitelist
|
44 |
WL_IP_OSSI="/usr/local/share/ossi-ip-wl" # ip of the whitelist
|