600,6 → 600,9 |
fi |
echo "DNS1=$DNS1" >> $CONF_FILE |
echo "DNS2=$DNS2" >> $CONF_FILE |
echo "PROXY=off" >> $CONF_FILE |
echo "PROXY_IP=\"192.168.0.100:80\"" >> $CONF_FILE |
echo "PUBLIC_WEIGHT=1" >> $CONF_FILE |
echo "PUBLIC_MTU=$MTU" >> $CONF_FILE |
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE |
echo "DHCP=on" >> $CONF_FILE |
742,8 → 745,33 |
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /etc/systemd/system/iptables.service |
[ -e /usr/libexec/iptables.init.default ] || cp /usr/libexec/iptables.init /usr/libexec/iptables.init.default |
$SED "s?\[ -f \$IPTABLES_CONFIG \] .*?#&?" /usr/libexec/iptables.init # comment the test (flush all rules & policies) |
# create the alcasar-network unit |
cat << EOF > /etc/systemd/system/alcasar-network.service |
# This file is part of systemd. |
# |
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh |
# systemd is free software; you can redistribute it and/or modify it |
# under the terms of the GNU General Public License as published by |
# the Free Software Foundation; either version 2 of the License, or |
# (at your option) any later version. |
|
# This unit starts alcasar-network.sh script. |
[Unit] |
Description=alcasar-network.sh execution |
After=network.target iptables.service |
|
[Service] |
Type=oneshot |
RemainAfterExit=yes |
ExecStart=$DIR_DEST_BIN/alcasar-network.sh |
ExecStop=$DIR_DEST_BIN/alcasar-network.sh |
TimeoutSec=0 |
|
[Install] |
WantedBy=multi-user.target |
EOF |
/usr/bin/systemctl daemon-reload |
|
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is started at the end of this script in order not to cut network flow in case of using ssh |
} # End of network() |
|
################################################################## |
2164,11 → 2192,10 |
echo "LDAP_CERT_REQUIRED=" >> $CONF_FILE |
echo "SMS=off" >> $CONF_FILE |
echo "SMS_NUM=" >> $CONF_FILE |
echo "## MULTIWAN : WANx=@IPx,Weightx" >> $CONF_FILE |
echo "MULTIWAN=off" >> $CONF_FILE |
echo "FAILOVER=30" >> $CONF_FILE |
echo "## WANx=active,@IPx/mask,GWx,Weight,MTUx" >> $CONF_FILE |
echo "#WAN1=\"1,$EXTIF:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE |
echo "#WAN2=\"1,$EXTIF:2,192.168.3.20/24,192.168.3.1,2,1500\"" >> $CONF_FILE |
echo "#WAN1=\"192.168.0.250,1\"" >> $CONF_FILE |
echo "#WAN2=\"192.168.0.251,1\"" >> $CONF_FILE |
echo "BL_PUREIP=on" >> $CONF_FILE |
echo "BL_SAFESEARCH=off" >> $CONF_FILE |
echo "WL_SAFESEARCH=off" >> $CONF_FILE |
2194,33 → 2221,9 |
do |
find /var/log/$dir -type f -name "*.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]" -exec gzip {} \; |
done |
# create the alcasar-load_balancing unit |
cat << EOF > /etc/systemd/system/alcasar-load_balancing.service |
# This file is part of systemd. |
# |
# systemd is free software; you can redistribute it and/or modify it |
# under the terms of the GNU General Public License as published by |
# the Free Software Foundation; either version 2 of the License, or |
# (at your option) any later version. |
|
# This unit lauches alcasar-load-balancing.sh script. |
[Unit] |
Description=alcasar-load_balancing.sh execution |
After=network.target iptables.service |
|
[Service] |
Type=oneshot |
RemainAfterExit=yes |
ExecStart=$DIR_DEST_BIN/alcasar-load_balancing.sh start |
ExecStop=$DIR_DEST_BIN/alcasar-load_balancing.sh stop |
TimeoutSec=0 |
|
[Install] |
WantedBy=multi-user.target |
EOF |
/usr/bin/systemctl daemon-reload |
# processes launched at boot time (Systemctl) |
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban vnstat sshd |
# processes started at boot time (Systemctl) |
for i in alcasar-network mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban vnstat sshd |
do |
/usr/bin/systemctl -q enable $i.service |
done |
2388,10 → 2391,6 |
fi |
done |
# RPMs install |
if [ "$mode" == "update" ] # to avoid updating unbound during the V5.3.3 update (to be removed after this version) |
then |
echo "/^unbound/" >> /etc/urpmi/skip.list |
fi |
$DIR_SCRIPTS/alcasar-rpm.sh |
if [ "$?" != "0" ] |
then |
2428,7 → 2427,7 |
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3|cut -c1` |
if [ $Lang == "fr" ] |
then echo "Le fichier de configuration d'une version $MAJ_PREVIOUS_VERSION.$MIN_PREVIOUS_VERSION.$UPD_PREVIOUS_VERSION a été trouvé"; |
else echo "The configuration file of an old version has been found"; |
else echo "The configuration file of a version $MAJ_PREVIOUS_VERSION.$MIN_PREVIOUS_VERSION.$UPD_PREVIOUS_VERSION has been found"; |
fi |
response=0 |
PTN='^[oOnNyY]?$' |