Subversion Repositories ALCASAR

Rev

Rev 1854 | Rev 1862 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1854 Rev 1855
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
# $Id: alcasar-iptables.sh 1854 2016-05-02 08:15:14Z raphael.pion $
 2 
# $Id: alcasar-iptables.sh 1855 2016-05-02 09:44:08Z raphael.pion $
3 
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
 3 
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
4 
# This script writes the netfilter rules for ALCASAR
 4 
# This script writes the netfilter rules for ALCASAR
5 
# Rexy - 3abtux - CPN
 5 
# Rexy - 3abtux - CPN
6 
#
 6 
#
7 
# Reminders
 7 
# Reminders
Line 97... Line 97...
97 
#############################
 97 
#############################
98 
 
 98 
 
99 
# destruction de tous les SET
 99 
# destruction de tous les SET
100 
# destroy all SET
 100 
# destroy all SET
101 
ipset destroy
 101 
ipset destroy
- 
 
 102 
 
102 
ipset flush blacklist_ip_blocked
 103 
ipset flush blacklist_ip_blocked
103 
ipset destroy blacklist_ip_blocked
 104 
ipset destroy blacklist_ip_blocked
104 
ipset flush whitelist_ip_allowed
 105 
ipset flush whitelist_ip_allowed
105 
ipset destroy whitelist_ip_allowed
 106 
ipset destroy whitelist_ip_allowed
106 
 
 - 
 
107 
 
 - 
 
108 
###### BL set  ###########
 107 
###### BL set  ###########
109 
# Calcul de la taille / Compute the length
 108 
# Calcul de la taille / Compute the length
110 
bl_set_length=$(($(wc -l $BL_IP_CAT/* | awk '{print $1}' | tail -n 1)+$(wc -l $BL_IP_OSSI | awk '{print $1}')))
 109 
bl_set_length=$(($(wc -l $BL_IP_CAT/* | awk '{print $1}' | tail -n 1)+$(wc -l $BL_IP_OSSI | awk '{print $1}')))
111 
 
 - 
 
112 
 
 - 
 
113 
# Chargement / loading
 110 
# Chargement / loading
114 
echo "create blacklist_ip_blocked hash:net family inet hashsize 1024 maxelem $bl_set_length" > $TMP_set_save
 111 
echo "create blacklist_ip_blocked hash:net family inet hashsize 1024 maxelem $bl_set_length" > $TMP_set_save
115 
for category in `ls -1 $BL_IP_CAT | cut -d '@' -f1`
 112 
for category in `ls -1 $BL_IP_CAT | cut -d '@' -f1`
116 
do
 113 
do
117 
	cat $BL_IP_CAT/$category >> $TMP_set_save
 114 
	cat $BL_IP_CAT/$category >> $TMP_set_save
Line 131... Line 128...
131 
# Chargement Loading
 128 
# Chargement Loading
132 
echo "create whitelist_ip_allowed hash:net family inet hashsize 1024 maxelem $wl_set_length" > $TMP_set_save
 129 
echo "create whitelist_ip_allowed hash:net family inet hashsize 1024 maxelem $wl_set_length" > $TMP_set_save
133 
#get ip-wl files from ACC
 130 
#get ip-wl files from ACC
134 
for ossi in `ls -1 $DIR_WL_IP_ENABLED`
 131 
for ossi in `ls -1 $DIR_WL_IP_ENABLED`
135 
do
 132 
do
136 
	echo $ossi
 - 
 
137 
	cat $DIR_WL_IP_ENABLED/$ossi >> $TMP_set_save
 133 
	cat $DIR_WL_IP_ENABLED/$ossi >> $TMP_set_save
138 
done
 134 
done
139 
ipset -! restore < $TMP_set_save
 135 
ipset -! restore < $TMP_set_save
140 
rm -f $TMP_set_save
 136 
rm -f $TMP_set_save
141 
 
 137