WebSVN – ALCASAR – Diff – /scripts/alcasar-conf.sh



#!/bin/bash
# $Id: alcasar-conf.sh 2744 2019-07-28 09:29:15Z rexy $
 
# alcasar-conf.sh
# by REXY
# This script is distributed under the Gnu General Public License (GPL)
 
# Ce script permet la mise à jour d'un ALCASAR
#	- (alcasar-conf.sh -create) : création de l'archive des fichiers de configuration (/var/tmp/alcasar-conf.tar.gz)
#	- (alcasar-conf.sh -load) : chargement de l'archive des fichiers de configuration. Le cas échéant, c'est ici qu'on met à jour les fichiers entre versions
#	- (alcasar-conf.sh -apply) : application des directives du fichier de conf central "/usr/local/etc/alcasar.conf". Peut aussi être exploité à chaud après avoir changé des valeurs du fichier de conf.
# This script allows ALCASAR update
#	- (alcasar-conf.sh -create) : create the configuration files backup (/var/tmp/alcasar-conf.tar.gz)
#	- (alcasar-conf.sh -load) : load the backup of configuration files. If needed, it's here we update files between versions
#	- (alcasar-conf.sh -load) : apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf". Can be use after changes of conf file values.
 
DIR_UPDATE="/var/tmp/conf"				# répertoire de stockage des fichier de conf pour une mise à jour
DIR_WEB="/var/www/html"					# répertoire du centre de gestion
DIR_BIN="/usr/local/bin"				# scripts directory
DIR_ETC="/usr/local/etc"				# conf directory

		PUBLIC_IP_MASK=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2`
		PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"
		if [[ "$PUBLIC_IP_MASK" == "dhcp" ]]
		then
			PUBLIC_GATEWAY="dhcp"
 
		else
			if ! echo $PUBLIC_IP_MASK | egrep -q $PTN
			then
				echo "Syntax error for PUBLIC_IP_MASK ($PUBLIC_IP_MASK)"
				exit 0

			then
				$DIR_BIN/alcasar-dhcp.sh --off
			else
				$DIR_BIN/alcasar-dhcp.sh --on
			fi
 
# Set the local DNS (or not)
			if [ "$INT_DNS_mode" = "on" ] || [ "$INT_DNS_mode" = "On" ] || [ "$INT_DNS_mode" = "ON" ]
			then
				$DIR_BIN/alcasar-dns-local.sh --on
			else
				$DIR_BIN/alcasar-dns-local.sh --off
			fi
 
# Set the pure ip option (or not)
			if [ "$BL_PUREIP" = "off" ] || [ "$BL_PUREIP" = "Off" ] || [ "$BL_PUREIP" = "OFF" ]
			then
				bl_filter_param+="--pureip_off"
			else
				bl_filter_param+="--pureip_on"
			fi
 
# Set the safesearch options (or not)
			bl_filter_param=""
			if [ "$BL_SAFESEARCH" = "on" ] || [ "$BL_SAFESEARCH" = "On" ] || [ "$BL_SAFESEARCH" = "ON" ]
			then
				bl_filter_param+="--safesearch_on "
			else
				bl_filter_param+="--safesearch_off "
			fi
 
			$DIR_BIN/alcasar-url_filter_bl.sh $bl_filter_param
 
			if [ "$WL_SAFESEARCH" = "on" ] || [ "$WL_SAFESEARCH" = "On" ] || [ "$WL_SAFESEARCH" = "ON" ]
			then
				$DIR_BIN/alcasar-url_filter_wl.sh --safesearch_on
			else
				$DIR_BIN/alcasar-url_filter_wl.sh --safesearch_off
			fi
 
# Reload the local dns configuration
			$DIR_BIN/alcasar-dns-local.sh --reload
 
# Logout everybody
			$DIR_BIN/alcasar-logout.sh all
# Services stop
			echo -n "Stop services : "
			for i in ntpd tinyproxy e2guardian unbound unbound-whitelist dnsmasq-whitelist unbound-blacklist unbound-blackhole chilli network lighttpd

		$SED "s@'https://\(.\+\)/acc'@'https://$HOSTNAME.$DOMAIN/acc'@" /etc/mageia-release
# Lighttpd
		$SED "s?^server\.bind.*?server\.bind = \"$PRIVATE_IP\"?g" /etc/lighttpd/lighttpd.conf
		$SED 's/^$SERVER\["socket"\] == ".*:443.*/$SERVER\["socket"\] == "'"$PRIVATE_IP"':443" {/g' /etc/lighttpd/vhosts.d/alcasar.conf
		$SED "s/^\([\t ]*\)var.server_name.*/\1var.server_name = \"$PRIVATE_IP\"/g" /etc/lighttpd/vhosts.d/alcasar.conf
# FreeRADIUS
		$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf
		$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf
# CoovaChilli
		$SED "s/^uamallowed.*/uamallowed\t$HOSTNAME,$HOSTNAME.$DOMAIN/g" /etc/chilli.conf
		$SED "s/^locationname.*/locationname\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf

# unbound
		# removing unbound configuration files
		rm -f /etc/unbound/conf.d/{forward,blacklist,whitelist,blackhole}/iface.*
		rm -f /etc/unbound/conf.d/common/forward-zone.conf
		find /etc/unbound/conf.d/common/local-dns/ ! -name "global.conf" -type f -delete
 
		# Configuration file for the dns servers forward-zone
		cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf
forward-zone:
	name: "."
	forward-addr: $DNS1
	forward-addr: $DNS2
EOF
 
		# Configuration file of ALCASAR main domains for $INTIF
		cat << EOF > /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
server:
	local-zone: "$HOSTNAME.$DOMAIN" static
	local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP"
	local-zone: "$HOSTNAME" static
	local-data: "$HOSTNAME A $PRIVATE_IP"
EOF
 
		# Configuration file for lo of forward unbound
		cat << EOF > /etc/unbound/conf.d/forward/iface.lo.conf
server:
	interface: 127.0.0.1@53
	access-control-view: 127.0.0.1/8 lo
 
view:
	name: "lo"
	view-first: yes
	local-zone: "$HOSTNAME.$DOMAIN" static
	local-data: "$HOSTNAME.$DOMAIN A 127.0.0.1"
	local-zone: "$HOSTNAME" static
	local-data: "$HOSTNAME A 127.0.0.1"
	local-zone: "$DOMAIN." static
	local-data: "$DOMAIN. A"
EOF
 
		if [ "$HOSTNAME" != 'alcasar' ]
		then
			echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
			echo -e "\tlocal-zone: \"alcasar A $PRIVATE_IP\"" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
			echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/forward/iface.lo.conf
			echo -e "\tlocal-zone: \"alcasar A 127.0.0.1\"" >> /etc/unbound/conf.d/forward/iface.lo.conf
		fi
 
		# Configuration file for $INTIF of forward unbound
		cat << EOF > /etc/unbound/conf.d/forward/iface.${INTIF}.conf
server:
	interface: ${PRIVATE_IP}@53
	access-control-view: $PRIVATE_NETWORK_MASK $INTIF
 
view:
	name: "$INTIF"
	view-first: yes
EOF
 
		# Configuration file for $INTIF of blacklist unbound
		cat << EOF > /etc/unbound/conf.d/blacklist/iface.${INTIF}.conf
server:
	interface: ${PRIVATE_IP}@54
	access-control: $PRIVATE_IP_MASK allow
	access-control-tag: $PRIVATE_IP_MASK "blacklist"
	access-control-tag-action: $PRIVATE_IP_MASK "blacklist" redirect
	access-control-tag-data: $PRIVATE_IP_MASK "blacklist" "A $PRIVATE_IP"
EOF
 
		# Configuration file for $INTIF of whitelist unbound
		cat << EOF > /etc/unbound/conf.d/whitelist/iface.${INTIF}.conf
server:
	interface: ${PRIVATE_IP}@55
	access-control: $PRIVATE_IP_MASK allow
	access-control-tag: $PRIVATE_IP_MASK "whitelist"
	access-control-tag-action: $PRIVATE_IP_MASK "whitelist" redirect
	access-control-tag-data: $PRIVATE_IP_MASK "whitelist" "A $PRIVATE_IP"
EOF
 
		# Configuration file for $INTIF of blackhole unbound
		cat << EOF > /etc/unbound/conf.d/blackhole/iface.${INTIF}.conf
server:
	interface: ${PRIVATE_IP}@56
	access-control-view: $PRIVATE_NETWORK_MASK $INTIF
 
view:
	name: "$INTIF"
	local-zone: "." redirect
	local-data: ". A $PRIVATE_IP"
EOF
 
# dhcpd
		cat <<EOF > /etc/dhcpd.conf
ddns-update-style none;
subnet $PRIVATE_NETWORK netmask $PRIVATE_NETMASK {
	option routers $PRIVATE_IP;
	option subnet-mask $PRIVATE_NETMASK;
	option domain-name-servers $PRIVATE_IP;
 
	range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP;
	default-lease-time 21600;
	max-lease-time 43200;
}
EOF

Rev 2707	Rev 2744
Line 1...	Line 1...
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar-conf.sh 2707 2019-03-05 22:54:17Z tom.houdayer $`	2	`# $Id: alcasar-conf.sh 2744 2019-07-28 09:29:15Z rexy $`
3		3
4	`# alcasar-conf.sh`	4	`# alcasar-conf.sh`
5	`# by REXY`	5	`# by REXY`
6	`# This script is distributed under the Gnu General Public License (GPL)`	6	`# This script is distributed under the Gnu General Public License (GPL)`
7		7
8	`# Ce script permet de mettre à jour d'ALCASAR`	8	`# Ce script permet la mise à jour d'un ALCASAR`
9	`# - création de l'archive des fichiers de configuration "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)`	9	`# - (alcasar-conf.sh -create) : création de l'archive des fichiers de configuration (/var/tmp/alcasar-conf.tar.gz)`
10	`# - chargement de l'archive de fichiers de configuration lors de la mise à jour d'un alcasar (alcasar-conf -load). Le cas échéant, c'est ici qu'on met à jour les fichiers entre versions`	10	`# - (alcasar-conf.sh -load) : chargement de l'archive des fichiers de configuration. Le cas échéant, c'est ici qu'on met à jour les fichiers entre versions`
11	`# - application des directives du fichier de conf central "/usr/local/etc/alcasar.conf" à chaud (alcasar-conf -apply)`	11	`# - (alcasar-conf.sh -apply) : application des directives du fichier de conf central "/usr/local/etc/alcasar.conf". Peut aussi être exploité à chaud après avoir changé des valeurs du fichier de conf.`
12	`# This script allows ALCASAR update`	12	`# This script allows ALCASAR update`
13	`# - create the configuration files backup "/var/tmp/alcasar-conf.tar.gz" (alcasar-conf.sh -create)`	13	`# - (alcasar-conf.sh -create) : create the configuration files backup (/var/tmp/alcasar-conf.tar.gz)`
14	`# - load the backup of configuration files during the update process (alcasar-conf -load). If needed, it's here we update files between versions`	14	`# - (alcasar-conf.sh -load) : load the backup of configuration files. If needed, it's here we update files between versions`
15	`# - apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf" when hot modification are needed (alcasar-conf -apply)`	15	`# - (alcasar-conf.sh -load) : apply ALCASAR central configuration file "/usr/local/etc/alcasar.conf". Can be use after changes of conf file values.`
16		16
17	`DIR_UPDATE="/var/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour`	17	`DIR_UPDATE="/var/tmp/conf" # répertoire de stockage des fichier de conf pour une mise à jour`
18	`DIR_WEB="/var/www/html" # répertoire du centre de gestion`	18	`DIR_WEB="/var/www/html" # répertoire du centre de gestion`
19	`DIR_BIN="/usr/local/bin" # scripts directory`	19	`DIR_BIN="/usr/local/bin" # scripts directory`
20	`DIR_ETC="/usr/local/etc" # conf directory`	20	`DIR_ETC="/usr/local/etc" # conf directory`
Line 239...	Line 239...
239	PUBLIC_IP_MASK=`grep ^PUBLIC_IP= $CONF_FILE\|cut -d"=" -f2`	239	PUBLIC_IP_MASK=`grep ^PUBLIC_IP= $CONF_FILE\|cut -d"=" -f2`
240	`PTN="\b(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\b"`	240	`PTN="\b(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\b"`
241	`if [[ "$PUBLIC_IP_MASK" == "dhcp" ]]`	241	`if [[ "$PUBLIC_IP_MASK" == "dhcp" ]]`
242	`then`	242	`then`
243	`PUBLIC_GATEWAY="dhcp"`	243	`PUBLIC_GATEWAY="dhcp"`
244		-
245	`else`	244	`else`
246	`if ! echo $PUBLIC_IP_MASK \| egrep -q $PTN`	245	`if ! echo $PUBLIC_IP_MASK \| egrep -q $PTN`
247	`then`	246	`then`
248	`echo "Syntax error for PUBLIC_IP_MASK ($PUBLIC_IP_MASK)"`	247	`echo "Syntax error for PUBLIC_IP_MASK ($PUBLIC_IP_MASK)"`
249	`exit 0`	248	`exit 0`
Line 284...	Line 283...
284	`then`	283	`then`
285	`$DIR_BIN/alcasar-dhcp.sh --off`	284	`$DIR_BIN/alcasar-dhcp.sh --off`
286	`else`	285	`else`
287	`$DIR_BIN/alcasar-dhcp.sh --on`	286	`$DIR_BIN/alcasar-dhcp.sh --on`
288	`fi`	287	`fi`
289		-
290	`# Set the local DNS (or not)`	288	`# Set the local DNS (or not)`
291	`if [ "$INT_DNS_mode" = "on" ] \|\| [ "$INT_DNS_mode" = "On" ] \|\| [ "$INT_DNS_mode" = "ON" ]`	289	`if [ "$INT_DNS_mode" = "on" ] \|\| [ "$INT_DNS_mode" = "On" ] \|\| [ "$INT_DNS_mode" = "ON" ]`
292	`then`	290	`then`
293	`$DIR_BIN/alcasar-dns-local.sh --on`	291	`$DIR_BIN/alcasar-dns-local.sh --on`
294	`else`	292	`else`
295	`$DIR_BIN/alcasar-dns-local.sh --off`	293	`$DIR_BIN/alcasar-dns-local.sh --off`
296	`fi`	294	`fi`
297		-
298	`# Set the pure ip option (or not)`	295	`# Set the pure ip option (or not)`
299	`if [ "$BL_PUREIP" = "off" ] \|\| [ "$BL_PUREIP" = "Off" ] \|\| [ "$BL_PUREIP" = "OFF" ]`	296	`if [ "$BL_PUREIP" = "off" ] \|\| [ "$BL_PUREIP" = "Off" ] \|\| [ "$BL_PUREIP" = "OFF" ]`
300	`then`	297	`then`
301	`bl_filter_param+="--pureip_off"`	298	`bl_filter_param+="--pureip_off"`
302	`else`	299	`else`
303	`bl_filter_param+="--pureip_on"`	300	`bl_filter_param+="--pureip_on"`
304	`fi`	301	`fi`
305		-
306	`# Set the safesearch options (or not)`	302	`# Set the safesearch options (or not)`
307	`bl_filter_param=""`	303	`bl_filter_param=""`
308	`if [ "$BL_SAFESEARCH" = "on" ] \|\| [ "$BL_SAFESEARCH" = "On" ] \|\| [ "$BL_SAFESEARCH" = "ON" ]`	304	`if [ "$BL_SAFESEARCH" = "on" ] \|\| [ "$BL_SAFESEARCH" = "On" ] \|\| [ "$BL_SAFESEARCH" = "ON" ]`
309	`then`	305	`then`
310	`bl_filter_param+="--safesearch_on "`	306	`bl_filter_param+="--safesearch_on "`
311	`else`	307	`else`
312	`bl_filter_param+="--safesearch_off "`	308	`bl_filter_param+="--safesearch_off "`
313	`fi`	309	`fi`
314		-
315	`$DIR_BIN/alcasar-url_filter_bl.sh $bl_filter_param`	310	`$DIR_BIN/alcasar-url_filter_bl.sh $bl_filter_param`
316		-
317	`if [ "$WL_SAFESEARCH" = "on" ] \|\| [ "$WL_SAFESEARCH" = "On" ] \|\| [ "$WL_SAFESEARCH" = "ON" ]`	311	`if [ "$WL_SAFESEARCH" = "on" ] \|\| [ "$WL_SAFESEARCH" = "On" ] \|\| [ "$WL_SAFESEARCH" = "ON" ]`
318	`then`	312	`then`
319	`$DIR_BIN/alcasar-url_filter_wl.sh --safesearch_on`	313	`$DIR_BIN/alcasar-url_filter_wl.sh --safesearch_on`
320	`else`	314	`else`
321	`$DIR_BIN/alcasar-url_filter_wl.sh --safesearch_off`	315	`$DIR_BIN/alcasar-url_filter_wl.sh --safesearch_off`
322	`fi`	316	`fi`
323		-
324	`# Reload the local dns configuration`	317	`# Reload the local dns configuration`
325	`$DIR_BIN/alcasar-dns-local.sh --reload`	318	`$DIR_BIN/alcasar-dns-local.sh --reload`
326		-
327	`# Logout everybody`	319	`# Logout everybody`
328	`$DIR_BIN/alcasar-logout.sh all`	320	`$DIR_BIN/alcasar-logout.sh all`
329	`# Services stop`	321	`# Services stop`
330	`echo -n "Stop services : "`	322	`echo -n "Stop services : "`
331	`for i in ntpd tinyproxy e2guardian unbound unbound-whitelist dnsmasq-whitelist unbound-blacklist unbound-blackhole chilli network lighttpd`	323	`for i in ntpd tinyproxy e2guardian unbound unbound-whitelist dnsmasq-whitelist unbound-blacklist unbound-blackhole chilli network lighttpd`
Line 397...	Line 389...
397	`$SED "s@'https://\(.\+\)/acc'@'https://$HOSTNAME.$DOMAIN/acc'@" /etc/mageia-release`	389	`$SED "s@'https://\(.\+\)/acc'@'https://$HOSTNAME.$DOMAIN/acc'@" /etc/mageia-release`
398	`# Lighttpd`	390	`# Lighttpd`
399	`$SED "s?^server\.bind.*?server\.bind = \"$PRIVATE_IP\"?g" /etc/lighttpd/lighttpd.conf`	391	`$SED "s?^server\.bind.*?server\.bind = \"$PRIVATE_IP\"?g" /etc/lighttpd/lighttpd.conf`
400	`$SED 's/^$SERVER\["socket"\] == ".:443./$SERVER\["socket"\] == "'"$PRIVATE_IP"':443" {/g' /etc/lighttpd/vhosts.d/alcasar.conf`	392	`$SED 's/^$SERVER\["socket"\] == ".:443./$SERVER\["socket"\] == "'"$PRIVATE_IP"':443" {/g' /etc/lighttpd/vhosts.d/alcasar.conf`
401	`$SED "s/^\([\t ]\)var.server_name./\1var.server_name = \"$PRIVATE_IP\"/g" /etc/lighttpd/vhosts.d/alcasar.conf`	393	`$SED "s/^\([\t ]\)var.server_name./\1var.server_name = \"$PRIVATE_IP\"/g" /etc/lighttpd/vhosts.d/alcasar.conf`
402	`# FreeRADIUS Web`	394	`# FreeRADIUS`
403	`$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf`	395	`$SED "s?^nas1_name:.*?nas1_name: alcasar-$ORGANISME?g" /etc/freeradius-web/naslist.conf`
404	`$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf`	396	`$SED "s?^nas1_ip:.*?nas1_ip: $PRIVATE_IP?g" /etc/freeradius-web/naslist.conf`
405	`# CoovaChilli`	397	`# CoovaChilli`
406	`$SED "s/^uamallowed.*/uamallowed\t$HOSTNAME,$HOSTNAME.$DOMAIN/g" /etc/chilli.conf`	398	`$SED "s/^uamallowed.*/uamallowed\t$HOSTNAME,$HOSTNAME.$DOMAIN/g" /etc/chilli.conf`
407	`$SED "s/^locationname.*/locationname\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf`	399	`$SED "s/^locationname.*/locationname\t$HOSTNAME.$DOMAIN/g" /etc/chilli.conf`
Line 422...	Line 414...
422	`# unbound`	414	`# unbound`
423	`# removing unbound configuration files`	415	`# removing unbound configuration files`
424	`rm -f /etc/unbound/conf.d/{forward,blacklist,whitelist,blackhole}/iface.*`	416	`rm -f /etc/unbound/conf.d/{forward,blacklist,whitelist,blackhole}/iface.*`
425	`rm -f /etc/unbound/conf.d/common/forward-zone.conf`	417	`rm -f /etc/unbound/conf.d/common/forward-zone.conf`
426	`find /etc/unbound/conf.d/common/local-dns/ ! -name "global.conf" -type f -delete`	418	`find /etc/unbound/conf.d/common/local-dns/ ! -name "global.conf" -type f -delete`
427		-
428	`# Configuration file for the dns servers forward-zone`	419	`# Configuration file for the dns servers forward-zone`
429	`cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf`	420	`cat << EOF > /etc/unbound/conf.d/common/forward-zone.conf`
430	`forward-zone:`	421	`forward-zone:`
431	`name: "."`	422	`name: "."`
432	`forward-addr: $DNS1`	423	`forward-addr: $DNS1`
433	`forward-addr: $DNS2`	424	`forward-addr: $DNS2`
434	`EOF`	425	`EOF`
435		-
436	`# Configuration file of ALCASAR main domains for $INTIF`	426	`# Configuration file of ALCASAR main domains for $INTIF`
437	`cat << EOF > /etc/unbound/conf.d/common/local-dns/${INTIF}.conf`	427	`cat << EOF > /etc/unbound/conf.d/common/local-dns/${INTIF}.conf`
438	`server:`	428	`server:`
439	`local-zone: "$HOSTNAME.$DOMAIN" static`	429	`local-zone: "$HOSTNAME.$DOMAIN" static`
440	`local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP"`	430	`local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP"`
441	`local-zone: "$HOSTNAME" static`	431	`local-zone: "$HOSTNAME" static`
442	`local-data: "$HOSTNAME A $PRIVATE_IP"`	432	`local-data: "$HOSTNAME A $PRIVATE_IP"`
443	`EOF`	433	`EOF`
444		-
445	`# Configuration file for lo of forward unbound`	434	`# Configuration file for lo of forward unbound`
446	`cat << EOF > /etc/unbound/conf.d/forward/iface.lo.conf`	435	`cat << EOF > /etc/unbound/conf.d/forward/iface.lo.conf`
447	`server:`	436	`server:`
448	`interface: 127.0.0.1@53`	437	`interface: 127.0.0.1@53`
449	`access-control-view: 127.0.0.1/8 lo`	438	`access-control-view: 127.0.0.1/8 lo`
450		-
451	`view:`	439	`view:`
452	`name: "lo"`	440	`name: "lo"`
453	`view-first: yes`	441	`view-first: yes`
454	`local-zone: "$HOSTNAME.$DOMAIN" static`	442	`local-zone: "$HOSTNAME.$DOMAIN" static`
455	`local-data: "$HOSTNAME.$DOMAIN A 127.0.0.1"`	443	`local-data: "$HOSTNAME.$DOMAIN A 127.0.0.1"`
456	`local-zone: "$HOSTNAME" static`	444	`local-zone: "$HOSTNAME" static`
457	`local-data: "$HOSTNAME A 127.0.0.1"`	445	`local-data: "$HOSTNAME A 127.0.0.1"`
458	`local-zone: "$DOMAIN." static`	446	`local-zone: "$DOMAIN." static`
459	`local-data: "$DOMAIN. A"`	447	`local-data: "$DOMAIN. A"`
460	`EOF`	448	`EOF`
461		-
462	`if [ "$HOSTNAME" != 'alcasar' ]`	449	`if [ "$HOSTNAME" != 'alcasar' ]`
463	`then`	450	`then`
464	`echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf`	451	`echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf`
465	`echo -e "\tlocal-zone: \"alcasar A $PRIVATE_IP\"" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf`	452	`echo -e "\tlocal-zone: \"alcasar A $PRIVATE_IP\"" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf`
466	`echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/forward/iface.lo.conf`	453	`echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/forward/iface.lo.conf`
467	`echo -e "\tlocal-zone: \"alcasar A 127.0.0.1\"" >> /etc/unbound/conf.d/forward/iface.lo.conf`	454	`echo -e "\tlocal-zone: \"alcasar A 127.0.0.1\"" >> /etc/unbound/conf.d/forward/iface.lo.conf`
468	`fi`	455	`fi`
469		-
470	`# Configuration file for $INTIF of forward unbound`	456	`# Configuration file for $INTIF of forward unbound`
471	`cat << EOF > /etc/unbound/conf.d/forward/iface.${INTIF}.conf`	457	`cat << EOF > /etc/unbound/conf.d/forward/iface.${INTIF}.conf`
472	`server:`	458	`server:`
473	`interface: ${PRIVATE_IP}@53`	459	`interface: ${PRIVATE_IP}@53`
474	`access-control-view: $PRIVATE_NETWORK_MASK $INTIF`	460	`access-control-view: $PRIVATE_NETWORK_MASK $INTIF`
475		461
476	`view:`	462	`view:`
477	`name: "$INTIF"`	463	`name: "$INTIF"`
478	`view-first: yes`	464	`view-first: yes`
479	`EOF`	465	`EOF`
480		-
481	`# Configuration file for $INTIF of blacklist unbound`	466	`# Configuration file for $INTIF of blacklist unbound`
482	`cat << EOF > /etc/unbound/conf.d/blacklist/iface.${INTIF}.conf`	467	`cat << EOF > /etc/unbound/conf.d/blacklist/iface.${INTIF}.conf`
483	`server:`	468	`server:`
484	`interface: ${PRIVATE_IP}@54`	469	`interface: ${PRIVATE_IP}@54`
485	`access-control: $PRIVATE_IP_MASK allow`	470	`access-control: $PRIVATE_IP_MASK allow`
486	`access-control-tag: $PRIVATE_IP_MASK "blacklist"`	471	`access-control-tag: $PRIVATE_IP_MASK "blacklist"`
487	`access-control-tag-action: $PRIVATE_IP_MASK "blacklist" redirect`	472	`access-control-tag-action: $PRIVATE_IP_MASK "blacklist" redirect`
488	`access-control-tag-data: $PRIVATE_IP_MASK "blacklist" "A $PRIVATE_IP"`	473	`access-control-tag-data: $PRIVATE_IP_MASK "blacklist" "A $PRIVATE_IP"`
489	`EOF`	474	`EOF`
490		-
491	`# Configuration file for $INTIF of whitelist unbound`	475	`# Configuration file for $INTIF of whitelist unbound`
492	`cat << EOF > /etc/unbound/conf.d/whitelist/iface.${INTIF}.conf`	476	`cat << EOF > /etc/unbound/conf.d/whitelist/iface.${INTIF}.conf`
493	`server:`	477	`server:`
494	`interface: ${PRIVATE_IP}@55`	478	`interface: ${PRIVATE_IP}@55`
495	`access-control: $PRIVATE_IP_MASK allow`	479	`access-control: $PRIVATE_IP_MASK allow`
496	`access-control-tag: $PRIVATE_IP_MASK "whitelist"`	480	`access-control-tag: $PRIVATE_IP_MASK "whitelist"`
497	`access-control-tag-action: $PRIVATE_IP_MASK "whitelist" redirect`	481	`access-control-tag-action: $PRIVATE_IP_MASK "whitelist" redirect`
498	`access-control-tag-data: $PRIVATE_IP_MASK "whitelist" "A $PRIVATE_IP"`	482	`access-control-tag-data: $PRIVATE_IP_MASK "whitelist" "A $PRIVATE_IP"`
499	`EOF`	483	`EOF`
500		-
501	`# Configuration file for $INTIF of blackhole unbound`	484	`# Configuration file for $INTIF of blackhole unbound`
502	`cat << EOF > /etc/unbound/conf.d/blackhole/iface.${INTIF}.conf`	485	`cat << EOF > /etc/unbound/conf.d/blackhole/iface.${INTIF}.conf`
503	`server:`	486	`server:`
504	`interface: ${PRIVATE_IP}@56`	487	`interface: ${PRIVATE_IP}@56`
505	`access-control-view: $PRIVATE_NETWORK_MASK $INTIF`	488	`access-control-view: $PRIVATE_NETWORK_MASK $INTIF`
506		-
507	`view:`	489	`view:`
508	`name: "$INTIF"`	490	`name: "$INTIF"`
509	`local-zone: "." redirect`	491	`local-zone: "." redirect`
510	`local-data: ". A $PRIVATE_IP"`	492	`local-data: ". A $PRIVATE_IP"`
511	`EOF`	493	`EOF`
512		-
513	`# dhcpd`	494	`# dhcpd`
514	`cat <<EOF > /etc/dhcpd.conf`	495	`cat <<EOF > /etc/dhcpd.conf`
515	`ddns-update-style none;`	496	`ddns-update-style none;`
516	`subnet $PRIVATE_NETWORK netmask $PRIVATE_NETMASK {`	497	`subnet $PRIVATE_NETWORK netmask $PRIVATE_NETMASK {`
517	`option routers $PRIVATE_IP;`	498	`option routers $PRIVATE_IP;`
518	`option subnet-mask $PRIVATE_NETMASK;`	499	`option subnet-mask $PRIVATE_NETMASK;`
519	`option domain-name-servers $PRIVATE_IP;`	500	`option domain-name-servers $PRIVATE_IP;`
520		-
521	`range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP;`	501	`range dynamic-bootp $PRIVATE_SECOND_IP $PRIVATE_LAST_IP;`
522	`default-lease-time 21600;`	502	`default-lease-time 21600;`
523	`max-lease-time 43200;`	503	`max-lease-time 43200;`
524	`}`	504	`}`
525	`EOF`	505	`EOF`

Subversion Repositories ALCASAR

(root)/scripts/alcasar-conf.sh – Rev 2707 → 2744