Subversion Repositories ALCASAR

Rev

Rev 1855 | Rev 1863 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1855 Rev 1862
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
# $Id: alcasar-iptables.sh 1855 2016-05-02 09:44:08Z raphael.pion $
 2 
# $Id: alcasar-iptables.sh 1862 2016-05-03 11:30:31Z raphael.pion $
3 
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
 3 
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
4 
# This script writes the netfilter rules for ALCASAR
 4 
# This script writes the netfilter rules for ALCASAR
5 
# Rexy - 3abtux - CPN
 5 
# Rexy - 3abtux - CPN
6 
#
 6 
#
7 
# Reminders
 7 
# Reminders
Line 435... Line 435...
435 
# On autorise les requêtes HTTP sortantes
 435 
# On autorise les requêtes HTTP sortantes
436 
# HTTP requests are allowed
 436 
# HTTP requests are allowed
437 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j NETFLOW
 437 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j NETFLOW
438 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT
 438 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT
439 
 
 439 
 
- 
 
 440 
# On autorise les requêtes RSYNC sortantes (maj BL de Toulouse)
- 
 
 441 
# RSYNC requests are allowed (to update BL of Toulouse)
- 
 
 442 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport rsync -j NETFLOW
- 
 
 443 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport rsync -j ACCEPT
- 
 
 444 
 
440 
# On autorise les requêtes FTP
445 
# On autorise les requêtes FTP
441 
# FTP requests are allowed
 446 
# FTP requests are allowed
442 
modprobe nf_conntrack_ftp
 447 
modprobe nf_conntrack_ftp
443 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ftp -j ACCEPT
 448 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ftp -j ACCEPT
444 
$IPTABLES -A OUTPUT -o $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
 449 
$IPTABLES -A OUTPUT -o $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT