| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar-iptables-bypass.sh 3043 2022-07-22 17:10:23Z rexy $
|
2 |
# $Id: alcasar-iptables-bypass.sh 3046 2022-07-30 22:07:33Z rexy $
|
| 3 |
|
3 |
|
| 4 |
# alcasar-iptables-bypass.sh
|
4 |
# alcasar-iptables-bypass.sh
|
| 5 |
# by Rexy - 3abtux
|
5 |
# by Rexy - 3abtux
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
|
7 |
|
| Line 33... |
Line 33... |
| 33 |
SSH_WAN_ADMIN_FROM=${SSH_WAN_ADMIN_FROM:="0.0.0.0"}
|
33 |
SSH_WAN_ADMIN_FROM=${SSH_WAN_ADMIN_FROM:="0.0.0.0"}
|
| 34 |
SSH_WAN_ADMIN_FROM=$([ "$SSH_WAN_ADMIN_FROM" == "0.0.0.0" ] && echo "0.0.0.0/0" || echo "$SSH_WAN_ADMIN_FROM" )
|
34 |
SSH_WAN_ADMIN_FROM=$([ "$SSH_WAN_ADMIN_FROM" == "0.0.0.0" ] && echo "0.0.0.0/0" || echo "$SSH_WAN_ADMIN_FROM" )
|
| 35 |
SSH_LAN_ADMIN_FROM=`grep ^SSH_ADMIN_FROM= $CONF_FILE|cut -d"=" -f2|cut -d"/" -f1`
|
35 |
SSH_LAN_ADMIN_FROM=`grep ^SSH_ADMIN_FROM= $CONF_FILE|cut -d"=" -f2|cut -d"/" -f1`
|
| 36 |
SSH_LAN_ADMIN_FROM=${SSH_LAN_ADMIN_FROM:="0.0.0.0"}
|
36 |
SSH_LAN_ADMIN_FROM=${SSH_LAN_ADMIN_FROM:="0.0.0.0"}
|
| 37 |
SSH_LAN_ADMIN_FROM=$([ "$SSH_LAN_ADMIN_FROM" == "0.0.0.0" ] && echo "$PRIVATE_NETWORK_MASK" || echo "$SSH_LAN_ADMIN_FROM" )
|
37 |
SSH_LAN_ADMIN_FROM=$([ "$SSH_LAN_ADMIN_FROM" == "0.0.0.0" ] && echo "$PRIVATE_NETWORK_MASK" || echo "$SSH_LAN_ADMIN_FROM" )
|
| - |
|
38 |
interlan=`grep ^INTERLAN= $CONF_FILE|cut -d"=" -f2`
|
| - |
|
39 |
interlan=${interlan:=off}
|
| 38 |
|
40 |
|
| 39 |
# On vide (flush) toutes les règles existantes
|
41 |
# On vide (flush) toutes les règles existantes
|
| 40 |
# Flush all existing rules
|
42 |
# Flush all existing rules
|
| 41 |
$IPTABLES -F
|
43 |
$IPTABLES -F
|
| 42 |
$IPTABLES -t nat -F
|
44 |
$IPTABLES -t nat -F
|
| Line 116... |
Line 118... |
| 116 |
#############################
|
118 |
#############################
|
| 117 |
# On autorise les retours de connexions légitimes par FORWARD
|
119 |
# On autorise les retours de connexions légitimes par FORWARD
|
| 118 |
# Conntrack on forward
|
120 |
# Conntrack on forward
|
| 119 |
$IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
|
121 |
$IPTABLES -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
|
| 120 |
|
122 |
|
| - |
|
123 |
# On autorise (ou pas) les utilisateurs à accéder au réseau situé entre ALCASAR et le routeur Internet
|
| - |
|
124 |
# Users are allowed (or not allowed) to access the network between ALCASAR and the Internet router
|
| - |
|
125 |
if [ "$interlan" != "on" ]
|
| - |
|
126 |
then
|
| - |
|
127 |
$IPTABLES -A FORWARD -i $TUNIF -d $public_ip_mask -j DROP
|
| - |
|
128 |
fi
|
| - |
|
129 |
|
| 121 |
# Insertion de règles de blocage
|
130 |
# Insertion de règles de blocage
|
| 122 |
# Here, we add block rules
|
131 |
# Here, we add block rules
|
| 123 |
if [ -s /usr/local/etc/alcasar-ip-blocked ]; then
|
132 |
if [ -s /usr/local/etc/alcasar-ip-blocked ]; then
|
| 124 |
while read ip_line
|
133 |
while read ip_line
|
| 125 |
do
|
134 |
do
|