15,19 → 15,19 |
|
# Local MAC addresses filtering (MAC are in '/usr/local/etc/alcasar-iptables-local-mac-filtered'. Format : aa:09:23:2f:4d:ee) |
if [ -s /usr/local/etc/alcasar-iptables-local-mac-filtered ]; then |
while read mac_line |
do |
ip_on=`echo $mac_line|cut -b1` |
if [ $ip_on != "#" ] |
then |
mac_filtered=`echo $mac_line|cut -d" " -f1` |
echo "MAC filtered = $mac_filtered" |
$IPTABLES -A FORWARD -i $INTIF -m mac --mac-source $mac_filtered -j NFLOG --nflog-group 1 --nflog-prefix "$mac_filtered -- Filt_DROP" |
$IPTABLES -A FORWARD -i $INTIF -p tcp -m mac --mac-source $mac_filtered -j DROP |
$IPTABLES -A FORWARD -i $INTIF -p udp -m mac --mac-source $mac_filtered -j DROP |
$IPTABLES -A FORWARD -i $INTIF -m mac --mac-source $mac_filtered -j DROP |
fi |
done < /usr/local/etc/alcasar-iptables-local-mac-filtered |
while read mac_line |
do |
ip_on=`echo $mac_line|cut -b1` |
if [ $ip_on != "#" ] |
then |
mac_filtered=`echo $mac_line|cut -d" " -f1` |
echo "MAC filtered = $mac_filtered" |
$IPTABLES -A FORWARD -i $INTIF -m mac --mac-source $mac_filtered -j NFLOG --nflog-group 1 --nflog-prefix "$mac_filtered -- Filt_DROP" |
$IPTABLES -A FORWARD -i $INTIF -p tcp -m mac --mac-source $mac_filtered -j DROP |
$IPTABLES -A FORWARD -i $INTIF -p udp -m mac --mac-source $mac_filtered -j DROP |
$IPTABLES -A FORWARD -i $INTIF -m mac --mac-source $mac_filtered -j DROP |
fi |
done < /usr/local/etc/alcasar-iptables-local-mac-filtered |
fi |
|
# On autorise le ping (echo & request) (ICMP N°0 & 8) en provenance de l'extérieur vers ALCASAR |
51,7 → 51,9 |
|
# Deny access to protected networks from internal LAN |
#protectedNetworks='10.0.0.0/8,172.16.0.0/12,192.168.0.0/16' # (RFC 1918) |
#$IPTABLES -A FORWARD -i $TUNIF -d $protectedNetworks -j DROP |
#[ -n "$TUNIF" ] && consultationIF=$TUNIF || consultationIF=$INTIF |
#$IPTABLES -A FORWARD -i $consultationIF -d $protectedNetworks -j DROP |
#$IPTABLES -A FORWARD -o $consultationIF -s $protectedNetworks -j DROP |
|
# Allow managers to access ACC from the external network |
#managerIPs='192.168.111.10' |