62,6 → 62,8 |
ipset save havp_set >> $TMP_users_set_save |
ipset save havp_bl_set >> $TMP_users_set_save |
ipset save havp_wl_set >> $TMP_users_set_save |
ipset save user_not_connected_yet >> $TMP_users_set_save |
ipset save ipset_users >> $TMP_users_set_save |
fi |
|
# loading of NetFlow probe (ipt_NETFLOW kernel module) |
137,6 → 139,15 |
ipset create havp_set hash:net hashsize 1024 |
ipset create havp_bl_set hash:net hashsize 1024 |
ipset create havp_wl_set hash:net hashsize 1024 |
#utilisé pour l'interception des utilisateurs non authentifiés au réseau |
#used for intercepting users not connected to the network |
ipset create user_not_connected_yet hash:net hashsize 1024 |
ipset create ipset_users_list list:set |
ipset add ipset_users_list havp_set |
ipset add ipset_users_list havp_wl_set |
ipset add ipset_users_list havp_bl_set |
ipset add ipset_users_list no_filtering_set |
ipset add ipset_users_list user_not_connected_yet |
fi |
|
############################# |
201,6 → 212,11 |
# Redirect NTP request in local NTP server |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -s $PRIVATE_NETWORK_MASK ! -d $PRIVATE_IP -p udp --dport ntp -j REDIRECT --to-port 123 |
|
# Redirection des requetes DNS des utilisateurs non connectés dans le DNS-Blackhole |
# Redirect users not connected DNS requests in DNS-Blackhole |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set ipset_users_list src -d $PRIVATE_IP -p tcp --dport domain -j REDIRECT --to-port 56 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set ipset_users_list src -d $PRIVATE_IP -p udp --dport domain -j REDIRECT --to-port 56 |
|
############################# |
# INPUT # |
############################# |