Line 1... |
Line 1... |
1 |
#!/bin/sh
|
1 |
#!/bin/sh
|
2 |
# $Id: alcasar-iptables-local.sh 2353 2017-07-25 21:39:16Z tom.houdayer $
|
2 |
# $Id: alcasar-iptables-local.sh 2355 2017-07-26 22:11:27Z tom.houdayer $
|
3 |
# script de mise en place des regles personnalisées du parefeu d'Alcasar
|
3 |
# script de mise en place des regles personnalisées du parefeu d'Alcasar
|
4 |
# Rexy - 3abtux - CPN
|
4 |
# Rexy - 3abtux - CPN
|
5 |
# version 2.2 (04/2016)
|
5 |
# version 2.2 (04/2016)
|
6 |
# changelog :
|
6 |
# changelog :
|
7 |
# + example to allow ICMP from an Internet IP address (Admin_from) to EXTIF
|
7 |
# + example to allow ICMP from an Internet IP address (Admin_from) to EXTIF
|
Line 16... |
Line 16... |
16 |
ip_on=`echo $mac_line|cut -b1`
|
16 |
ip_on=`echo $mac_line|cut -b1`
|
17 |
if [ $ip_on != "#" ]
|
17 |
if [ $ip_on != "#" ]
|
18 |
then
|
18 |
then
|
19 |
mac_filtered=`echo $mac_line|cut -d" " -f1`
|
19 |
mac_filtered=`echo $mac_line|cut -d" " -f1`
|
20 |
echo "MAC filtered = $mac_filtered"
|
20 |
echo "MAC filtered = $mac_filtered"
|
21 |
$IPTABLES -A FORWARD -i $INTIF -m mac --mac-source $mac_filtered -j NFLOG --nflog-prefix "$mac_filtered -- Filt_DROP"
|
21 |
$IPTABLES -A FORWARD -i $INTIF -m mac --mac-source $mac_filtered -j NFLOG --nflog-group 1 --nflog-prefix "$mac_filtered -- Filt_DROP"
|
22 |
$IPTABLES -A FORWARD -i $INTIF -p tcp -m mac --mac-source $mac_filtered -j DROP
|
22 |
$IPTABLES -A FORWARD -i $INTIF -p tcp -m mac --mac-source $mac_filtered -j DROP
|
23 |
$IPTABLES -A FORWARD -i $INTIF -p udp -m mac --mac-source $mac_filtered -j DROP
|
23 |
$IPTABLES -A FORWARD -i $INTIF -p udp -m mac --mac-source $mac_filtered -j DROP
|
24 |
$IPTABLES -A FORWARD -i $INTIF -m mac --mac-source $mac_filtered -j DROP
|
24 |
$IPTABLES -A FORWARD -i $INTIF -m mac --mac-source $mac_filtered -j DROP
|
25 |
fi
|
25 |
fi
|
26 |
done < /usr/local/etc/alcasar-iptables-local-mac-filtered
|
26 |
done < /usr/local/etc/alcasar-iptables-local-mac-filtered
|