Subversion Repositories ALCASAR

Rev

Rev 1704 | Rev 1731 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1704 Rev 1705
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
# $Id: alcasar-iptables.sh 1704 2015-10-19 12:50:17Z richard $
 2 
# $Id: alcasar-iptables.sh 1705 2015-10-20 16:52:33Z richard $
3 
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
 3 
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
4 
# This script writes the netfilter rules for ALCASAR
 4 
# This script writes the netfilter rules for ALCASAR
5 
# Rexy - 3abtux - CPN
 5 
# Rexy - 3abtux - CPN
6 
#
 6 
#
7 
# Reminders
 7 
# Reminders
Line 419... Line 419...
419 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j NETFLOW
 419 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j NETFLOW
420 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT
 420 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT
421 
 
 421 
 
422 
# On autorise les requêtes FTP
422 
# On autorise les requêtes FTP
423 
# FTP requests are allowed
 423 
# FTP requests are allowed
424 
modprobe ip_conntrack_ftp
 424 
modprobe nf_conntrack_ftp
425 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ftp -j ACCEPT
 425 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ftp -j ACCEPT
426 
$IPTABLES -A OUTPUT -o $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
 426 
$IPTABLES -A OUTPUT -o $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
427 
 
 427 
 
428 
# On autorise les requêtes NTP
428 
# On autorise les requêtes NTP
429 
# NTP requests are allowed
 429 
# NTP requests are allowed