591,6 → 591,11 |
echo "ip_conntrack_ftp" >> /etc/modprobe.preload |
# load ipt_NETFLOW module |
echo "ipt_NETFLOW" >> /etc/modprobe.preload |
# modify iptables service files (start with "alcasar-iptables.sh" and stop with flush) |
[ -e /lib/systemd/system/iptables.service.default ] || cp /lib/systemd/system/iptables.service /lib/systemd/system/iptables.service.default |
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /lib/systemd/system/iptables.service |
[ -e /usr/libexec/iptables.init.default ] || cp /usr/libexec/iptables.init /usr/libexec/iptables.init.default |
$SED "s?\[ -f \$IPTABLE_CONFIG \] .*?#&?" /usr/libexec/iptables.init # comment the test in order the stop function run (fluxh all rules & policies) |
# |
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh |
} # End of network () |
1563,9 → 1568,6 |
########################################################## |
BL () |
{ |
# modify iptables boot file to start alcasar-iptables.sh when the system is booting |
[ -e /lib/systemd/system/iptables.service.default ] || cp /lib/systemd/system/iptables.service /lib/systemd/system/iptables.service.default |
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /lib/systemd/system/iptables.service |
# copy and extract toulouse BL |
rm -rf $DIR_DG/lists/blacklists |
tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1 |
1608,7 → 1610,6 |
if [ "$mode" != "update" ]; then |
$DIR_DEST_SBIN/alcasar-bl.sh --adapt |
$DIR_DEST_SBIN/alcasar-bl.sh --cat_choice |
# !!! we can be banned by DNS server (waiting for a cool solution $DIR_DEST_SBIN/alcasar-bl.sh --ip_retrieving |
fi |
} |
|