1402,7 → 1402,7 |
[ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default |
$SED "s?^OPTION=.*?OPTION=-C /etc/dnsmasq.conf?g" /etc/sysconfig/dnsmasq # default conf file for the first dnsmasq instance |
[ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default |
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if "alcasar-bypass" is on. |
# 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if bypass is on. |
cat << EOF > /etc/dnsmasq.conf |
# Configuration file for "dnsmasq in forward mode" |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions |
1433,14 → 1433,13 |
cat << EOF > /etc/dnsmasq-blacklist.conf |
# Configuration file for "dnsmasq with blacklist" |
# Add Toulouse blacklist domains |
conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions |
conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled |
pid-file=/var/run/dnsmasq-blacklist.pid |
listen-address=$PRIVATE_IP |
port=54 |
no-dhcp-interface=$INTIF |
no-dhcp-interface=tun0 |
no-dhcp-interface=lo |
bind-interfaces |
cache-size=256 |
domain=$DOMAIN |
1455,14 → 1454,13 |
cat << EOF > /etc/dnsmasq-whitelist.conf |
# Configuration file for "dnsmasq with whitelist" |
# Inclusion de la whitelist <domains> de Toulouse dans la configuration |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions |
conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # zone de definition de noms DNS locaux |
listen-address=$PRIVATE_IP |
pid-file=/var/run/dnsmasq-whitelist.pid |
listen-address=$PRIVATE_IP |
port=55 |
no-dhcp-interface=$INTIF |
no-dhcp-interface=tun0 |
no-dhcp-interface=lo |
bind-interfaces |
cache-size=256 |
domain=$DOMAIN |
1470,39 → 1468,18 |
expand-hosts |
bogus-priv |
filterwin2k |
address=/#/$PRIVATE_IP # for Domain name without local resolution (WL) |
ipset=/#/whitelist_ip_allowed # dynamicly add the resolv IP address in the Firewall rules |
address=/#/$PRIVATE_IP |
ipset=/#/whitelist_ip_allowed |
EOF |
# 4th dnsmasq listen on udp 56 ("blackhole") |
cat << EOF > /etc/dnsmasq-blackhole.conf |
# Configuration file for "dnsmasq as a blackhole" |
conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions |
address=/#/$PRIVATE_IP # redirect all on ALCASAR IP address |
pid-file=/var/run/dnsmasq-blackhole.pid |
listen-address=$PRIVATE_IP |
port=56 |
no-dhcp-interface=$INTIF |
no-dhcp-interface=tun0 |
no-dhcp-interface=lo |
bind-interfaces |
cache-size=256 |
domain=$DOMAIN |
domain-needed |
expand-hosts |
bogus-priv |
filterwin2k |
EOF |
|
# Start after chilli (which create tun0) |
$SED "s?^After=.*?After=syslog.target network.target chilli.service?g" /lib/systemd/system/dnsmasq.service |
# Create dnsmasq-blacklist and dnsmasq-whitelist unit |
cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-blacklist.service /lib/systemd/system/dnsmasq-whitelist.service /lib/systemd/system/dnsmasq-blackhole.service |
cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-blacklist.service |
cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-whitelist.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service |
$SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-blackhole.conf?g" /lib/systemd/system/dnsmasq-blackhole.service |
$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-blacklist.pid?g" /lib/systemd/system/dnsmasq-blacklist.service |
$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-whitelist.pid?g" /lib/systemd/system/dnsmasq-whitelist.service |
$SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-blackhole.pid?g" /lib/systemd/system/dnsmasq-blackhole.service |
} # End dnsmasq |
|
########################################################## |
1815,7 → 1792,7 |
/sbin/chkconfig --add $i |
done |
# processes launched at boot time (Systemctl) |
for i in alcasar-load_balancing mysqld httpd ntpd iptables dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban |
for i in alcasar-load_balancing mysqld httpd ntpd iptables dnsmasq dnsmasq-blacklist dnsmasq-whitelist radiusd nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban |
do |
systemctl -q enable $i.service |
done |
1863,6 → 1840,14 |
do |
/bin/systemctl -q disable $svc |
done |
# for rm_users in games |
# do |
# user=`cat /etc/passwd|grep $rm_users|cut -d":" -f1` |
# if [ "$user" == "$rm_users" ] |
# then |
# /usr/sbin/userdel -r $rm_users |
# fi |
# done |
# Load and apply the previous conf file |
if [ "$mode" = "update" ] |
then |