WebSVN – ALCASAR – Diff – /scripts/alcasar-iptables.sh



#!/bin/bash
# $Id: alcasar-iptables.sh 3190 2024-04-07 22:35:03Z rexy $
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
# This script writes the netfilter rules for ALCASAR
# Rexy - 3abtux - CPN
#
# Reminders

dhcp_on_extif="off"
if [[ "$public_ip_mask" == "dhcp" ]]
then
	dhcp_on_extif="on"
	PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b"
	public_ip_mask=`ip addr show $EXTIF | grep -o -E $PTN`
fi
PUBLIC_IP=`echo $public_ip_mask | cut -d"/" -f1`
dns1=`grep ^DNS1= $CONF_FILE|cut -d"=" -f2`
dns2=`grep ^DNS2= $CONF_FILE|cut -d"=" -f2`
dns1=${dns1:=208.67.220.220}

			then
				custom_tcp_protocols_list=$svc_port
			else
				custom_tcp_protocols_list=`echo $custom_tcp_protocols_list","$svc_port`
			fi
			udp_svc=`grep -E "[[:space:]]$svc_port/udp" /etc/services|wc -l`
			if [ $udp_svc = "1" ] # udp service exist
			then
				if [ "$custom_udp_protocols_list" == "" ]
				then
					custom_udp_protocols_list=$svc_port

Rev 3177	Rev 3190
Line 1...	Line 1...
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar-iptables.sh 3177 2024-03-01 18:32:19Z rexy $`	2	`# $Id: alcasar-iptables.sh 3190 2024-04-07 22:35:03Z rexy $`
3	`# Script de mise en place des regles du parefeu d'Alcasar (mode normal)`	3	`# Script de mise en place des regles du parefeu d'Alcasar (mode normal)`
4	`# This script writes the netfilter rules for ALCASAR`	4	`# This script writes the netfilter rules for ALCASAR`
5	`# Rexy - 3abtux - CPN`	5	`# Rexy - 3abtux - CPN`
6	`#`	6	`#`
7	`# Reminders`	7	`# Reminders`
Line 25...	Line 25...
25	`dhcp_on_extif="off"`	25	`dhcp_on_extif="off"`
26	`if [[ "$public_ip_mask" == "dhcp" ]]`	26	`if [[ "$public_ip_mask" == "dhcp" ]]`
27	`then`	27	`then`
28	`dhcp_on_extif="on"`	28	`dhcp_on_extif="on"`
29	`PTN="\b(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\/([012]?[0-9]\|3[0-2])\b"`	29	`PTN="\b(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\/([012]?[0-9]\|3[0-2])\b"`
30	public_ip_mask=`ip addr show $EXTIF \| egrep -o $PTN`	30	public_ip_mask=`ip addr show $EXTIF \| grep -o -E $PTN`
31	`fi`	31	`fi`
32	PUBLIC_IP=`echo $public_ip_mask \| cut -d"/" -f1`	32	PUBLIC_IP=`echo $public_ip_mask \| cut -d"/" -f1`
33	dns1=`grep ^DNS1= $CONF_FILE\|cut -d"=" -f2`	33	dns1=`grep ^DNS1= $CONF_FILE\|cut -d"=" -f2`
34	dns2=`grep ^DNS2= $CONF_FILE\|cut -d"=" -f2`	34	dns2=`grep ^DNS2= $CONF_FILE\|cut -d"=" -f2`
35	`dns1=${dns1:=208.67.220.220}`	35	`dns1=${dns1:=208.67.220.220}`
Line 476...	Line 476...
476	`then`	476	`then`
477	`custom_tcp_protocols_list=$svc_port`	477	`custom_tcp_protocols_list=$svc_port`
478	`else`	478	`else`
479	custom_tcp_protocols_list=`echo $custom_tcp_protocols_list","$svc_port`	479	custom_tcp_protocols_list=`echo $custom_tcp_protocols_list","$svc_port`
480	`fi`	480	`fi`
481	udp_svc=`egrep "[[:space:]]$svc_port/udp" /etc/services\|wc -l`	481	udp_svc=`grep -E "[[:space:]]$svc_port/udp" /etc/services\|wc -l`
482	`if [ $udp_svc = "1" ] # udp service exist`	482	`if [ $udp_svc = "1" ] # udp service exist`
483	`then`	483	`then`
484	`if [ "$custom_udp_protocols_list" == "" ]`	484	`if [ "$custom_udp_protocols_list" == "" ]`
485	`then`	485	`then`
486	`custom_udp_protocols_list=$svc_port`	486	`custom_udp_protocols_list=$svc_port`

Subversion Repositories ALCASAR

(root)/scripts/alcasar-iptables.sh – Rev 3177 → 3190