Subversion Repositories ALCASAR

Rev

Rev 2370 | Rev 2454 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2370 Rev 2386
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
# $Id: alcasar-iptables.sh 2370 2017-08-09 23:20:58Z tom.houdayer $
 2 
# $Id: alcasar-iptables.sh 2386 2017-08-22 16:38:58Z tom.houdayer $
3 
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
 3 
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
4 
# This script writes the netfilter rules for ALCASAR
 4 
# This script writes the netfilter rules for ALCASAR
5 
# Rexy - 3abtux - CPN
 5 
# Rexy - 3abtux - CPN
6 
#
 6 
#
7 
# Reminders
 7 
# Reminders
Line 45... Line 45...
45 
LDAP=${LDAP:=off}
 45 
LDAP=${LDAP:=off}
46 
LDAP_IP=`grep ^LDAP_IP= $CONF_FILE|cut -d"=" -f2`			# WAN IP address to reduce LDAP WAN access (all ip allowed on LAN side)
 46 
LDAP_IP=`grep ^LDAP_IP= $CONF_FILE|cut -d"=" -f2`			# WAN IP address to reduce LDAP WAN access (all ip allowed on LAN side)
47 
LDAP_IP=${LDAP_IP:="0.0.0.0/0.0.0.0"}
 47 
LDAP_IP=${LDAP_IP:="0.0.0.0/0.0.0.0"}
48 
IPTABLES="/sbin/iptables"
 48 
IPTABLES="/sbin/iptables"
49 
IP_REHABILITEES="/etc/dansguardian/lists/exceptioniplist"		# Rehabilitated IP
 49 
IP_REHABILITEES="/etc/dansguardian/lists/exceptioniplist"		# Rehabilitated IP
50 
SAVE_DIR="/etc/sysconfig"						# Saving path
 - 
 
51 
 
 50 
 
52 
# Sauvegarde des SET des utilisateurs connectés si ils existent
 51 
# Sauvegarde des SET des utilisateurs connectés si ils existent
53 
# Saving SET of connected users if it exists
 52 
# Saving SET of connected users if it exists
54 
ipset list not_filtered 1>/dev/null 2>&1
 53 
ipset list not_filtered 1>/dev/null 2>&1
55 
if [ $? -eq 0 ];
 54 
if [ $? -eq 0 ];
Line 135... Line 134...
135 
if [ -e $TMP_users_set_save ];
 134 
if [ -e $TMP_users_set_save ];
136 
then
 135 
then
137 
	ipset -! restore < $TMP_users_set_save
 136 
	ipset -! restore < $TMP_users_set_save
138 
	rm -f $TMP_users_set_save
 137 
	rm -f $TMP_users_set_save
139 
else
 138 
else
140 
	ipset create not_filtered hash:net hashsize 1024
 139 
	ipset create not_filtered hash:ip hashsize 1024
141 
	ipset create havp hash:net hashsize 1024
 140 
	ipset create havp hash:ip hashsize 1024
142 
	ipset create havp_bl hash:net hashsize 1024
 141 
	ipset create havp_bl hash:ip hashsize 1024
143 
	ipset create havp_wl hash:net hashsize 1024
 142 
	ipset create havp_wl hash:ip hashsize 1024
144 
	#pour les filtrages de protocole par utilisateur
 143 
	#pour les filtrages de protocole par utilisateur
145 
	ipset create proto_0 hash:net hashsize 1024
 144 
	ipset create proto_0 hash:ip hashsize 1024
146 
	ipset create proto_1 hash:net hashsize 1024
 145 
	ipset create proto_1 hash:ip hashsize 1024
147 
	ipset create proto_2 hash:net hashsize 1024
 146 
	ipset create proto_2 hash:ip hashsize 1024
148 
	ipset create proto_3 hash:net hashsize 1024
 147 
	ipset create proto_3 hash:ip hashsize 1024
149 
fi
 148 
fi
150 
 
 149 
 
151 
#############################
 150 
#############################
152 
#       PREROUTING          #
 151 
#       PREROUTING          #
153 
#############################
 152 
#############################