43,6 → 43,7 |
SSH_ADMIN_FROM=${SSH_ADMIN_FROM:="0.0.0.0/0.0.0.0"} # WAN IP address to reduce ssh access (all ip allowed on LAN side) |
IPTABLES="/sbin/iptables" |
IP_REHABILITEES="/etc/dansguardian/lists/exceptioniplist" # Rehabilitated IP |
SITE_DIRECT="/usr/local/etc/alcasar-site-direct" # Site Direct (no havp and no filtrage) for user BL |
|
# Sauvegarde des SET des utilisateurs connectés si ils existent |
# Saving SET of connected users if it exists |
112,6 → 113,13 |
ipset del bl_ip_blocked $ip |
done |
|
# rajout exception havp_bl --> Site en direct pour les Utilisateurs filtrés |
ipset create site_direct hash:net hashsize 1024 |
for site in $(cat $SITE_DIRECT) |
do |
ipset add site_direct $site |
done |
|
###### WL set ########### |
# taille fixe, car peupler par dnsmasq / fixe length due to dnsmasq dynamic loading |
wl_set_length=65536 |
198,8 → 206,8 |
|
# Redirection des requêtes HTTP sortantes des usagers 'havp_bl' vers DansGuardian |
# Redirect outbound HTTP requests of "BL" users to DansGuardian (transparent proxy) |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl src ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8080 |
|
# $IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl src ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8080 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_bl src -m set ! --match-set site_direct dst ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8080 |
# Redirection des requêtes HTTP sortantes des usager 'havp_wl' et 'havp' vers Tinyproxy |
# Redirect outbound HTTP requests for "WL-antivirus" users to Tinyproxy |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set havp_wl src ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8090 |