Subversion Repositories ALCASAR

Rev

Rev 2678 | Rev 2769 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2678 Rev 2688
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
 
 2 
 
3 
# $Id: alcasar-bl.sh 2678 2018-12-16 20:57:08Z lucas.echard $
 3 
# $Id: alcasar-bl.sh 2688 2019-01-18 23:15:49Z lucas.echard $
4 
 
 4 
 
5 
# alcasar-bl.sh
 5 
# alcasar-bl.sh
6 
# by Franck BOUIJOUX and Richard REY
 6 
# by Franck BOUIJOUX and Richard REY
7 
# This script is distributed under the Gnu General Public License (GPL)
 7 
# This script is distributed under the Gnu General Public License (GPL)
8 
 
 8 
 
9 
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via E2guardian)
 9 
# Gestion de la BL pour le filtrage de domaine (via unbound) et d'URL (via E2guardian)
10 
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (E2guardian)
 10 
# Manage the BL for DnsBlackHole (unbound) and URL filtering (E2guardian)
11 
 
 11 
 
12 
DIR_CONF="/usr/local/etc"
 12 
DIR_CONF="/usr/local/etc"
13 
CONF_FILE="$DIR_CONF/alcasar.conf"
 13 
CONF_FILE="$DIR_CONF/alcasar.conf"
14 
private_ip_mask=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
 14 
private_ip_mask=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
15 
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
 15 
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
16 
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1`			# ALCASAR LAN IP address
 - 
 
17 
DIR_tmp="/tmp/blacklists"
 16 
DIR_tmp="/tmp/blacklists"
18 
DIR_WL_tmp="/tmp/whitelists"
 - 
 
19 
FILE_tmp="/tmp/filesfilter.txt"
 17 
FILE_tmp="/tmp/filesfilter.txt"
20 
FILE_ip_tmp="/tmp/filesipfilter.txt"
 18 
FILE_ip_tmp="/tmp/filesipfilter.txt"
21 
DIR_DG="/etc/e2guardian/lists"
 19 
DIR_DG="/etc/e2guardian/lists"
22 
DIR_DG_BL="$DIR_DG/blacklists"
 20 
DIR_DG_BL="$DIR_DG/blacklists"
23 
GLOBAL_USAGE="$DIR_CONF/alcasar-global-usage"				# file containing the description of the lists
 21 
GLOBAL_USAGE="$DIR_CONF/alcasar-global-usage"				# file containing the description of the lists
24 
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories"				# list of names of the 	BL categories
 22 
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories"				# list of names of the 	BL categories
25 
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories"				#	'	'	WL categories
 23 
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories"				#	'	'	WL categories
26 
BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled"		#	'	'	BL enabled categories
 24 
BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled"		#	'	'	BL enabled categories
27 
WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled"		#	'	'	WL enabled categories
 25 
WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled"		#	'	'	WL enabled categories
28 
DIR_SHARE="/usr/local/share"
 26 
DIR_SHARE="/usr/local/share"
29 
DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl"					# all the BL in the DNSMASQ format
 27 
DIR_DNS_BL="$DIR_SHARE/unbound-bl"					# all the BL in the Unbound format
30 
DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl"					# all the WL	'	'	'
 28 
DIR_DNS_WL="$DIR_SHARE/unbound-wl"					# all the WL	'	'	'
31 
DIR_IP_BL="$DIR_SHARE/iptables-bl"					# all the IP addresses of the BL
 29 
DIR_IP_BL="$DIR_SHARE/iptables-bl"					# all the IP addresses of the BL
32 
DIR_IP_WL="$DIR_SHARE/iptables-wl"					# IP ossi disabled WL
 30 
DIR_IP_WL="$DIR_SHARE/iptables-wl"					# IP ossi disabled WL
33 
DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled"			# symbolic link to the domains BL (only enabled categories)
 31 
DIR_DNS_BL_ENABLED="$DIR_SHARE/unbound-bl-enabled"			# symbolic link to the domains BL (only enabled categories)
34 
DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled"			#	'	'	'	WL	'	'
 32 
DIR_DNS_WL_ENABLED="$DIR_SHARE/unbound-wl-enabled"			#	'	'	'	WL	'	'
35 
DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled"			#	'	'	ip BL (only enabled categories)
 33 
DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled"			#	'	'	ip BL (only enabled categories)
36 
DIR_IP_WL_ENABLED="$DIR_SHARE/iptables-wl-enabled"			#	'	'	ip WL (ossi and ossi-* imported from ACC)
 34 
DIR_IP_WL_ENABLED="$DIR_SHARE/iptables-wl-enabled"			#	'	'	ip WL (ossi and ossi-* imported from ACC)
37 
DNS1=`grep ^DNS1= $CONF_FILE | cut -d'=' -f2-` 			# server DNS1 (for WL domain names)
 35 
REHABILITATED_DNS_FILE="/etc/unbound/conf.d/blacklist/rehabilitated.conf"
38 
BL_SERVER="dsi.ut-capitole.fr"
 36 
BL_SERVER="dsi.ut-capitole.fr"
39 
SED="/bin/sed -i"
 37 
SED="/bin/sed -i"
40 
 
 38 
 
41 
# enable/disable the BL & WL categories
 39 
# enable/disable the BL & WL categories
42 
function cat_choice (){
 40 
function cat_choice (){
Line 45... Line 43...
45 
	do
 43 
	do
46 
		if [ ! -e $LIST ] #  only on install stage
 44 
		if [ ! -e $LIST ] #  only on install stage
47 
		then
 45 
		then
48 
			mkdir $LIST
 46 
			mkdir $LIST
49 
		else
 47 
		else
50 
			rm -rf $LIST/*
 48 
			rm -rf ${LIST:?}/*
51 
		fi
 49 
		fi
52 
		chown root:apache $LIST
 50 
		chown root:apache $LIST
53 
		chmod 770 $LIST
 51 
		chmod 770 $LIST
54 
	done
 52 
	done
55 
	# update categories with rsync
 53 
	# update categories with rsync
Line 67... Line 65...
67 
	do
 65 
	do
68 
		$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES
 66 
		$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES
69 
		$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES
 67 
		$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES
70 
		ln -sf $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE
 68 
		ln -sf $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE
71 
		ln -sf $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE
 69 
		ln -sf $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE
72 
		# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist  # Blacklisted domains are managed by dnsmasq
 70 
		# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist  # Blacklisted domains are managed by unbound
73 
		echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist
 71 
		echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist
74 
	done
 72 
	done
75 
	sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp
 73 
	sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp
76 
	mv $FILE_tmp $BL_CATEGORIES
 74 
	mv $FILE_tmp $BL_CATEGORIES
77 
	sort +0.0 -0.2 $BL_CATEGORIES_ENABLED -o $FILE_tmp
 75 
	sort +0.0 -0.2 $BL_CATEGORIES_ENABLED -o $FILE_tmp
Line 99... Line 97...
99 
	$SED '/^#.*/d' $FILE_tmp # remove commented lines
 97 
	$SED '/^#.*/d' $FILE_tmp # remove commented lines
100 
	$SED '/^\s*$/d' $FILE_tmp # remove empty lines
 98 
	$SED '/^\s*$/d' $FILE_tmp # remove empty lines
101 
	$SED '/[äâëêïîöôüû@,]/d' $FILE_tmp # remove line with "chelou" characters
 99 
	$SED '/[äâëêïîöôüû@,]/d' $FILE_tmp # remove line with "chelou" characters
102 
	# extract ip addresses for iptables.
 100 
	# extract ip addresses for iptables.
103 
	awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $FILE_tmp > $FILE_ip_tmp
 101 
	awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $FILE_tmp > $FILE_ip_tmp
104 
	# extract domain names for dnsmasq.
 102 
	# extract domain names for unbound.
105 
	$SED -n '/^\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}/!p' $FILE_tmp
 103 
	$SED -n '/^\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}/!p' $FILE_tmp
106 
	# Retrieve max Top Level Domain for domain name synthax
 104 
	# Retrieve max Top Level Domain for domain name synthax
107 
	#MAX_TLD=$(curl http://data.iana.org/TLD/tlds-alpha-by-domain.txt | grep -v '-' | grep -v '#' | wc -L)
 105 
	#MAX_TLD=$(curl http://data.iana.org/TLD/tlds-alpha-by-domain.txt | grep -v '-' | grep -v '#' | wc -L)
108 
	#if [ $(echo $MAX_TLD | wc -c) -eq 0 ];then
 106 
	#if [ $(echo $MAX_TLD | wc -c) -eq 0 ];then
109 
	#	MAX_TLD=18
 107 
	#	MAX_TLD=18
Line 140... Line 138...
140 
		;;
 138 
		;;
141 
	# enable/disable categories (used only during the alcasar install process)
 139 
	# enable/disable categories (used only during the alcasar install process)
142 
	-cat_choice | --cat_choice)
 140 
	-cat_choice | --cat_choice)
143 
		cat_choice
 141 
		cat_choice
144 
		;;
 142 
		;;
145 
	# Adapt Toulouse University BL to ALCASAR architecture (dnsmasq + DG + iptables)
 143 
	# Adapt Toulouse University BL to ALCASAR architecture (unbound + DG + iptables)
146 
	-adapt | --adapt)
 144 
	-adapt | --adapt)
147 
		echo -n "Adaptation process of Toulouse University blackList. Please wait : "
 145 
		echo -n "Adaptation process of Toulouse University blackList. Please wait : "
148 
		if [ -f $DIR_tmp/blacklists.tar.gz ] # when downloading the last version of the BL
 146 
		if [ -f $DIR_tmp/blacklists.tar.gz ] # when downloading the last version of the BL
149 
		then
 147 
		then
150 
			# keep custom files (ossi)
 148 
			# keep custom files (ossi)
Line 229... Line 227...
229 
			if [ $ok != "1" ]
 227 
			if [ $ok != "1" ]
230 
			then
 228 
			then
231 
				$SED "/^$ENABLE_CATEGORIE$/d" $WL_CATEGORIES_ENABLED
 229 
				$SED "/^$ENABLE_CATEGORIE$/d" $WL_CATEGORIES_ENABLED
232 
			fi
 230 
			fi
233 
		done
 231 
		done
- 
 
 232 
 
234 
		# Creation of DNSMASQ and Iptables BL and WL
 233 
		# Creation of Unbound and Iptables BL and WL
235 
		for LIST in $BL_CATEGORIES $WL_CATEGORIES	# for each list (bl and wl)
 234 
		for LIST in $BL_CATEGORIES $WL_CATEGORIES	# for each list (bl and wl)
236 
		do
 235 
		do
237 
			for PATH_FILE in `cat $LIST` # for each category
 236 
			for PATH_FILE in `cat $LIST` # for each category
238 
			do
 237 
			do
239 
				DOMAIN=`basename $PATH_FILE`
 238 
				DOMAIN=`basename $PATH_FILE`
Line 242... Line 241...
242 
				then
 241 
				then
243 
					touch $PATH_FILE/urls
 242 
					touch $PATH_FILE/urls
244 
					chown e2guardian:apache $PATH_FILE/urls
 243 
					chown e2guardian:apache $PATH_FILE/urls
245 
				fi
 244 
				fi
246 
				cp $PATH_FILE/domains $FILE_tmp
 245 
				cp $PATH_FILE/domains $FILE_tmp
247 
				clean_split # clean ossi custom files & split them for dnsmasq and for iptables
 246 
				clean_split # clean ossi custom files & split them for unbound and for iptables
248 
				if [ "$LIST" == "$BL_CATEGORIES" ]
 247 
				if [ "$LIST" == "$BL_CATEGORIES" ]
249 
				then
 248 
				then
250 
					# adapt to the dnsmasq syntax for the blacklist
 249 
					# adapt to the unbound syntax for the blacklist
251 
					$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
 250 
					$SED "s?.*?local-zone: & typetransparent\nlocal-zone-tag: & blacklist?g" $FILE_tmp
252 
					mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf
 251 
					mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf
253 
					mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN
 252 
					mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN
254 
				else
 253 
				else
255 
					# adapt to the dnsmasq syntax for the whitelist
 254 
					# adapt to the unbound syntax for the whitelist
256 
					$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
 255 
					$SED "s?.*?local-zone: & transparent?g" $FILE_tmp
257 
					mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf
 256 
					mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf
258 
				fi
 257 
				fi
259 
			done
 258 
			done
260 
		done
 259 
		done
261 
		echo
 260 
		echo
Line 274... Line 273...
274 
			do
 273 
			do
275 
				CATEGORIE=$(echo $LIGNE_RSYNC | cut -d' ' -f1)
 274 
				CATEGORIE=$(echo $LIGNE_RSYNC | cut -d' ' -f1)
276 
				URL=$(echo $LIGNE_RSYNC | cut -d' ' -f2)
 275 
				URL=$(echo $LIGNE_RSYNC | cut -d' ' -f2)
277 
				PATH_FILE=$(find $DIR_DG_BL/ -type d -name $CATEGORIE) # retrieve directory name of the category
 276 
				PATH_FILE=$(find $DIR_DG_BL/ -type d -name $CATEGORIE) # retrieve directory name of the category
278 
				rsync -rv $URL $(dirname $PATH_FILE ) #rsync inside of the blacklist directory
 277 
				rsync -rv $URL $(dirname $PATH_FILE ) #rsync inside of the blacklist directory
279 
				# Creation of DNSMASQ and Iptables BL and WL
 278 
				# Creation of unbound and Iptables BL and WL
280 
				DOMAIN=$(basename $PATH_FILE)
 279 
				DOMAIN=$(basename $PATH_FILE)
281 
				cp $PATH_FILE/domains $FILE_tmp
 280 
				cp $PATH_FILE/domains $FILE_tmp
282 
				clean_split  # clean ossi custom files & split them for dnsmasq and for iptables
 281 
				clean_split  # clean ossi custom files & split them for unbound and for iptables
283 
				black=`grep black $PATH_FILE/usage |wc -l`
 282 
				black=`grep black $PATH_FILE/usage |wc -l`
284 
				if [ $black == "1" ]
 283 
				if [ $black == "1" ]
285 
				then
 284 
				then
286 
					# adapt to the dnsmasq syntax for the blacklist
 285 
					# adapt to the unbound syntax for the blacklist
287 
					$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
 286 
					$SED "s?.*?local-zone: & typetransparent\nlocal-zone-tag: & blacklist?g" $FILE_tmp
288 
					mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf
 287 
					mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf
289 
					mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN
 288 
					mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN
290 
				else
 289 
				else
291 
					# adapt to the dnsmasq syntax for the whitelist
 290 
					# adapt to the unbound syntax for the whitelist
292 
					$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
 291 
					$SED "s?.*?local-zone: & transparent?g" $FILE_tmp
293 
					mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf
 292 
					mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf
294 
					mv $FILE_ip_tmp $DIR_IP_WL/$DOMAIN
 293 
					mv $FILE_ip_tmp $DIR_IP_WL/$DOMAIN
295 
				fi
 294 
				fi
296 
				rm -f $FILE_tmp $FILE_ip_tmp
 295 
				rm -f $FILE_tmp $FILE_ip_tmp
297 
			done
 296 
			done
- 
 
 297 
			/usr/bin/systemctl restart unbound-whitelist
298 
			/usr/bin/systemctl restart dnsmasq-whitelist
 298 
			/usr/bin/systemctl restart dnsmasq-whitelist
299 
			/usr/bin/systemctl restart dnsmasq-blacklist
 299 
			/usr/bin/systemctl restart unbound-blacklist
300 
			/usr/bin/systemctl restart e2guardian
 300 
			/usr/bin/systemctl restart e2guardian
301 
			/usr/local/bin/alcasar-iptables.sh
 301 
			/usr/local/bin/alcasar-iptables.sh
302 
		else
 302 
		else
303 
			echo -n "/usr/local/etc/update_cat.conf is empty ..."
 303 
			echo -n "/usr/local/etc/update_cat.conf is empty ..."
304 
		fi
 304 
		fi
Line 306... Line 306...
306 
		;;
 306 
		;;
307 
	# reload when selected categories are changed or when ossi change his custom files
 307 
	# reload when selected categories are changed or when ossi change his custom files
308 
	-reload | --reload)
 308 
	-reload | --reload)
309 
		# for DG
 309 
		# for DG
310 
		cat_choice
 310 
		cat_choice
311 
		#  for dnsmasq (rehabited domain names)
 311 
		#  for unbound (rehabilitated domain names)
- 
 
 312 
		rm -f $REHABILITATED_DNS_FILE
312 
		if [ `wc -w $DIR_DG/exceptionsitelist|cut -d " " -f1` != "0" ]
 313 
		if [ "$(wc -w $DIR_DG/exceptionsitelist | cut -d " " -f1)" != "0" ]
313 
		then
 314 
		then
314 
			rm -f $DIR_DNS_BL_ENABLED/authorized-ossi-bl $DIR_DNS_BL/authorized-ossi-bl.conf
 315 
			touch $REHABILITATED_DNS_FILE
315 
			touch $DIR_DNS_BL/authorized-ossi-bl.conf
 316 
			while read -r domain; do
316 
			for i in `cat $DIR_DG/exceptionsitelist`
 317 
				[ -z "$domain" ] && continue
317 
			do
 - 
 
318 
				$SED "/$i/d" $DIR_DNS_BL/*
 318 
				echo "local-zone: $domain typetransparent" >> $REHABILITATED_DNS_FILE
319 
				echo "server=/$i/#" >> $DIR_DNS_BL/authorized-ossi-bl.conf
 319 
				echo "local-zone-tag: $domain \"\"" >> $REHABILITATED_DNS_FILE
320 
			done
 - 
 
321 
			ln -s $DIR_DNS_BL/authorized-ossi-bl.conf $DIR_DNS_BL_ENABLED/authorized-ossi-bl
 320 
			done < $DIR_DG/exceptionsitelist
322 
		fi
 321 
		fi
323 
		# adapt OSSI BL & WL custom files
 322 
		# adapt OSSI BL & WL custom files
324 
		for dir in $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENABLED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
 323 
		for dir in $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENABLED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
325 
		do
 324 
		do
326 
			rm -f $dir/ossi*
 325 
			rm -f $dir/ossi*
Line 339... Line 338...
339 
			else
 338 
			else
340 
				categorie_type="white"
 339 
				categorie_type="white"
341 
			fi
 340 
			fi
342 
			$SED "s/\r//" $ossi_custom_dir/domains $ossi_custom_dir/urls # remove Windows <CR> from custom file
 341 
			$SED "s/\r//" $ossi_custom_dir/domains $ossi_custom_dir/urls # remove Windows <CR> from custom file
343 
			cp $ossi_custom_dir/domains $FILE_tmp
 342 
			cp $ossi_custom_dir/domains $FILE_tmp
344 
			clean_split # clean ossi custom files & split them for dnsmasq and for iptables
 343 
			clean_split # clean ossi custom files & split them for unbound and for iptables
345 
			if [ $categorie_type == "white" ]
 344 
			if [ $categorie_type == "white" ]
346 
			then
 345 
			then
347 
			# adapt the file to the dnsmasq syntax and enable it if needed
 346 
			# adapt the file to the unbound syntax and enable it if needed
348 
			# for the WL
 347 
			# for the WL
349 
				$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
 348 
				$SED "s?.*?local-zone: & transparent?g" $FILE_tmp
350 
				mv $FILE_tmp $DIR_DNS_WL/$ossi_categorie.conf
 349 
				mv $FILE_tmp $DIR_DNS_WL/$ossi_categorie.conf
351 
				mv $FILE_ip_tmp $DIR_IP_WL/$ossi_categorie
 350 
				mv $FILE_ip_tmp $DIR_IP_WL/$ossi_categorie
352 
				enabled=`grep ^$ossi_categorie$ $WL_CATEGORIES_ENABLED | wc -l`
 351 
				enabled=`grep ^$ossi_categorie$ $WL_CATEGORIES_ENABLED | wc -l`
353 
				if [ $enabled == "1" ]
 352 
				if [ $enabled == "1" ]
354 
				then
 353 
				then
Line 357... Line 356...
357 
					ln -sf $DIR_DNS_WL/$ossi_categorie.conf $DIR_DNS_WL_ENABLED/$ossi_categorie
 356 
					ln -sf $DIR_DNS_WL/$ossi_categorie.conf $DIR_DNS_WL_ENABLED/$ossi_categorie
358 
					ln -sf $DIR_IP_WL/$ossi_categorie $DIR_IP_WL_ENABLED/$ossi_categorie
 357 
					ln -sf $DIR_IP_WL/$ossi_categorie $DIR_IP_WL_ENABLED/$ossi_categorie
359 
				fi
 358 
				fi
360 
			else
 359 
			else
361 
			# for the BL
 360 
			# for the BL
362 
				$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
 361 
				$SED "s?.*?local-zone: & typetransparent\nlocal-zone-tag: & blacklist?g" $FILE_tmp
363 
				mv $FILE_tmp $DIR_DNS_BL/$ossi_categorie.conf
 362 
				mv $FILE_tmp $DIR_DNS_BL/$ossi_categorie.conf
364 
				mv $FILE_ip_tmp $DIR_IP_BL/$ossi_categorie
 363 
				mv $FILE_ip_tmp $DIR_IP_BL/$ossi_categorie
365 
				enabled=`grep ^$ossi_categorie$ $BL_CATEGORIES_ENABLED | wc -l`
 364 
				enabled=`grep ^$ossi_categorie$ $BL_CATEGORIES_ENABLED | wc -l`
366 
				if [ $enabled == "1" ]
 365 
				if [ $enabled == "1" ]
367 
				then
 366 
				then
Line 381... Line 380...
381 
		done
 380 
		done
382 
		chown -R root:apache $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
 381 
		chown -R root:apache $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
383 
		chmod 660 $DIR_DNS_BL/* $DIR_DNS_WL/* $DIR_IP_BL/* $DIR_IP_WL/*
 382 
		chmod 660 $DIR_DNS_BL/* $DIR_DNS_WL/* $DIR_IP_BL/* $DIR_IP_WL/*
384 
		if [ "$PARENT_SCRIPT" != "alcasar-conf.sh" ] # don't launch on install stage
 383 
		if [ "$PARENT_SCRIPT" != "alcasar-conf.sh" ] # don't launch on install stage
385 
		then
 384 
		then
386 
			/usr/bin/systemctl restart dnsmasq-blacklist
 385 
			/usr/bin/systemctl restart unbound-blacklist
- 
 
 386 
			/usr/bin/systemctl restart unbound-whitelist
387 
			/usr/bin/systemctl restart dnsmasq-whitelist
 387 
			/usr/bin/systemctl restart dnsmasq-whitelist
388 
			/usr/bin/systemctl restart e2guardian
 388 
			/usr/bin/systemctl restart e2guardian
389 
			/usr/local/bin/alcasar-iptables.sh
 389 
			/usr/local/bin/alcasar-iptables.sh
390 
		fi
 390 
		fi
391 
		;;
 391 
		;;