Subversion Repositories ALCASAR

#/bin/bash

# $Id: alcasar-nf.sh 791 2012-01-13 21:31:36Z richard $

# alcasar-nf.sh

# by Richard REY

# This script is distributed under the Gnu General Public License (GPL)

# active ou desactive le filtrage de protocoles réseau

# enable or disable the network protocols filter

SED="/bin/sed -i"

FIC_SERVICES="/usr/local/etc/alcasar-services"

FIC_EXCEPTIONS="/usr/local/etc/alcasar-filter-exceptions"

FIC_CONF="/usr/local/etc/alcasar.conf"

usage="Usage: alcasar-nf.sh {--on | -on} | {--off | -off} | {--lan_ext_filter_on | -lan_ext_filter_on} | {--lan_ext_filter_off | -lan_ext_filter_off}"

nb_args=$#

args=$1

if [ $nb_args -eq 0 ]

then

	/usr/local/bin/alcasar-iptables.sh

	exit 1

fi

case $args in

	-\? | -h* | --h*)

		echo "$usage"

		exit 0

		;;

	-on|-on) # enable protocols filter

		# sort service file

		$SED "/^$/d" $FIC_SERVICES # delete empty lines

		sort -k2n $FIC_SERVICES > /tmp/alcasar-services-sort

		mv -f /tmp/alcasar-services-sort $FIC_SERVICES

		chown root:apache $FIC_SERVICES

		chmod 660 $FIC_SERVICES

		# vérify exception file 

		[ -e $FIC_EXCEPTIONS ] || touch $FIC_EXCEPTIONS

		chown root:apache $FIC_EXCEPTIONS

		chmod 664 $FIC_EXCEPTIONS

		$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=on?g" $FIC_CONF

		/usr/local/bin/alcasar-iptables.sh

		;;

	--off|-off) # disable protocols filter

		$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=off?g" $FIC_CONF

		/usr/local/bin/alcasar-iptables.sh

		;;

	--lan_ext_filter_on|-lan_ext_filter_on) # allow external LAN access (LAN located between ALCASAR and the Internet gateway)

		$SED "s?^EXT_LAN_FILTERING.*?EXT_LAN_FILTERING=on?g" $FIC_CONF

		/usr/local/bin/alcasar-iptables.sh

		;;

	--lan_ext_filter_off|-lan_ext_filter_off) # allow external LAN access (LAN located between ALCASAR and the Internet gateway)

		$SED "s?^EXT_LAN_FILTERING.*?EXT_LAN_FILTERING=off?g" $FIC_CONF

		/usr/local/bin/alcasar-iptables.sh

		;;

	*)

		echo "Argument inconnu :$1";

		echo "$usage"

		exit 1

		;;

esac