WebSVN – ALCASAR – Diff – /scripts/alcasar-iptables-bypass.sh



#!/bin/bash
# $Id: alcasar-iptables-bypass.sh 1157 2013-07-16 10:48:11Z stephane $
 
# alcasar-iptables-bypass.sh
# by Rexy - 3abtux
# This script is distributed under the Gnu General Public License (GPL)
 

 
# SSHD rules if activate 
if [ $SSH = on ]
	then
	$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j ULOG --ulog-nlgroup 2 --ulog-prefix "RULE ssh-from-LAN -- ACCEPT"
	$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j ACCEPT
	$IPTABLES -A INPUT -i $EXTIF -s $SSH_ADMIN_FROM -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW --syn -j ULOG --ulog-nlgroup 2 --ulog-prefix "RULE ssh-from-WAN -- ACCEPT"
	$IPTABLES -A INPUT -i $EXTIF -s $SSH_ADMIN_FROM -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW -j ACCEPT
 
fi
 
# Insertion de règles locales
# Here, we add local rules (i.e. VPN from Internet)
if [ -f /usr/local/etc/alcasar-iptables-local.sh ]; then

Rev 1154	Rev 1157
Line 1...	Line 1...
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`# $Id: alcasar-iptables-bypass.sh 1154 2013-07-15 14:27:10Z crox53 $`	2	`# $Id: alcasar-iptables-bypass.sh 1157 2013-07-16 10:48:11Z stephane $`
3		3
4	`# alcasar-iptables-bypass.sh`	4	`# alcasar-iptables-bypass.sh`
5	`# by Rexy - 3abtux`	5	`# by Rexy - 3abtux`
6	`# This script is distributed under the Gnu General Public License (GPL)`	6	`# This script is distributed under the Gnu General Public License (GPL)`
7		7
Line 70...	Line 70...
70		70
71	`# SSHD rules if activate`	71	`# SSHD rules if activate`
72	`if [ $SSH = on ]`	72	`if [ $SSH = on ]`
73	`then`	73	`then`
74	`$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j ULOG --ulog-nlgroup 2 --ulog-prefix "RULE ssh-from-LAN -- ACCEPT"`	74	`$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j ULOG --ulog-nlgroup 2 --ulog-prefix "RULE ssh-from-LAN -- ACCEPT"`
75	`$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -j ACCEPT`	75	`$IPTABLES -A INPUT -i $INTIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport ssh -m state --state NEW -j ACCEPT`
76	`$IPTABLES -A INPUT -i $EXTIF -s $SSH_ADMIN_FROM -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW --syn -j ULOG --ulog-nlgroup 2 --ulog-prefix "RULE ssh-from-WAN -- ACCEPT"`	76	`$IPTABLES -A INPUT -i $EXTIF -s $SSH_ADMIN_FROM -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW --syn -j ULOG --ulog-nlgroup 2 --ulog-prefix "RULE ssh-from-WAN -- ACCEPT"`
77	`$IPTABLES -A INPUT -i $EXTIF -s $SSH_ADMIN_FROM -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW,ESTABLISHED -j ACCEPT`	77	`$IPTABLES -A INPUT -i $EXTIF -s $SSH_ADMIN_FROM -d $PUBLIC_IP -p tcp --dport ssh -m state --state NEW -j ACCEPT`
78	`$IPTABLES -A OUTPUT -o $EXTIF -p tcp --sport ssh -m state --state ESTABLISHED -j ACCEPT`	-
79	`fi`	78	`fi`
80		79
81	`# Insertion de règles locales`	80	`# Insertion de règles locales`
82	`# Here, we add local rules (i.e. VPN from Internet)`	81	`# Here, we add local rules (i.e. VPN from Internet)`
83	`if [ -f /usr/local/etc/alcasar-iptables-local.sh ]; then`	82	`if [ -f /usr/local/etc/alcasar-iptables-local.sh ]; then`

Subversion Repositories ALCASAR

(root)/scripts/alcasar-iptables-bypass.sh – Rev 1154 → 1157