Subversion Repositories ALCASAR

Rev

Rev 634 | Go to most recent revision | Only display areas with differences | Regard whitespace | Details | Blame | Last modification | View Log

Rev 634 Rev 672
1
#/bin/sh
1
#/bin/bash
2
# $Id: alcasar-nf.sh 634 2011-06-13 17:23:46Z richard $
2
# $Id: alcasar-nf.sh 672 2011-07-08 15:34:22Z richard $
-
 
3
 
-
 
4
# alcasar-nf.sh
-
 
5
# by Richard REY
-
 
6
# This script is distributed under the Gnu General Public License (GPL)
3
 
7
 
4
# active ou desactive le filtrage de protocoles réseau
8
# active ou desactive le filtrage de protocoles réseau
5
# enable or disable the network protocols filter
9
# enable or disable the network protocols filter
6
# by rexy
-
 
7
 
10
 
8
SED="/bin/sed -i"
11
SED="/bin/sed -i"
9
FIC_SERVICES="/usr/local/etc/alcasar-services"
12
FIC_SERVICES="/usr/local/etc/alcasar-services"
10
FIC_EXCEPTIONS="/usr/local/etc/alcasar-filter-exceptions"
13
FIC_EXCEPTIONS="/usr/local/etc/alcasar-filter-exceptions"
11
FIC_CONF="/usr/local/etc/alcasar.conf"
14
FIC_CONF="/usr/local/etc/alcasar.conf"
12
 
15
 
13
usage="Usage: alcasar-nf.sh {--on | -on} | {--off | -off}"
16
usage="Usage: alcasar-nf.sh {--on | -on} | {--off | -off}"
14
nb_args=$#
17
nb_args=$#
15
args=$1
18
args=$1
16
if [ $nb_args -eq 0 ]
19
if [ $nb_args -eq 0 ]
17
then
20
then
18
	/usr/local/bin/alcasar-iptables.sh
21
	/usr/local/bin/alcasar-iptables.sh
19
	exit 1
22
	exit 1
20
fi
23
fi
21
case $args in
24
case $args in
22
	-\? | -h* | --h*)
25
	-\? | -h* | --h*)
23
		echo "$usage"
26
		echo "$usage"
24
		exit 0
27
		exit 0
25
		;;
28
		;;
26
	-on|-on) # enable protocols filter
29
	-on|-on) # enable protocols filter
27
		# sort service file
30
		# sort service file
28
		$SED "/^$/d" $FIC_SERVICES # delete empty lines
31
		$SED "/^$/d" $FIC_SERVICES # delete empty lines
29
		sort -k2n $FIC_SERVICES > /tmp/alcasar-services-sort
32
		sort -k2n $FIC_SERVICES > /tmp/alcasar-services-sort
30
		mv -f /tmp/alcasar-services-sort $FIC_SERVICES
33
		mv -f /tmp/alcasar-services-sort $FIC_SERVICES
31
		chown root:apache $FIC_SERVICES
34
		chown root:apache $FIC_SERVICES
32
		chmod 660 $FIC_SERVICES
35
		chmod 660 $FIC_SERVICES
33
		# vérify exception file 
36
		# vérify exception file 
34
		[ -e $FIC_EXCEPTIONS ] || touch $FIC_EXCEPTIONS
37
		[ -e $FIC_EXCEPTIONS ] || touch $FIC_EXCEPTIONS
35
		chown root:apache $FIC_EXCEPTIONS
38
		chown root:apache $FIC_EXCEPTIONS
36
		chmod 664 $FIC_EXCEPTIONS
39
		chmod 664 $FIC_EXCEPTIONS
37
		$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=on?g" $FIC_CONF
40
		$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=on?g" $FIC_CONF
38
		/usr/local/bin/alcasar-iptables.sh
41
		/usr/local/bin/alcasar-iptables.sh
39
		;;
42
		;;
40
	--off|-off) # disable protocols filter
43
	--off|-off) # disable protocols filter
41
		$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=off?g" $FIC_CONF
44
		$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=off?g" $FIC_CONF
42
		/usr/local/bin/alcasar-iptables.sh
45
		/usr/local/bin/alcasar-iptables.sh
43
		;;
46
		;;
44
	*)
47
	*)
45
		echo "Argument inconnu :$1";
48
		echo "Argument inconnu :$1";
46
		echo "$usage"
49
		echo "$usage"
47
		exit 1
50
		exit 1
48
		;;
51
		;;
49
esac
52
esac
50
 
53
 
51
 
54