Subversion Repositories ALCASAR

Rev

Rev 1862 | Rev 1867 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 1862 Rev 1863
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
# $Id: alcasar-iptables.sh 1862 2016-05-03 11:30:31Z raphael.pion $
 2 
# $Id: alcasar-iptables.sh 1863 2016-05-03 12:18:07Z raphael.pion $
3 
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
 3 
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
4 
# This script writes the netfilter rules for ALCASAR
 4 
# This script writes the netfilter rules for ALCASAR
5 
# Rexy - 3abtux - CPN
 5 
# Rexy - 3abtux - CPN
6 
#
 6 
#
7 
# Reminders
 7 
# Reminders
Line 437... Line 437...
437 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j NETFLOW
 437 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j NETFLOW
438 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT
 438 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT
439 
 
 439 
 
440 
# On autorise les requêtes RSYNC sortantes (maj BL de Toulouse)
 440 
# On autorise les requêtes RSYNC sortantes (maj BL de Toulouse)
441 
# RSYNC requests are allowed (to update BL of Toulouse)
 441 
# RSYNC requests are allowed (to update BL of Toulouse)
442 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport rsync -j NETFLOW
 - 
 
443 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport rsync -j ACCEPT
 442 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport rsync -j ACCEPT
444 
 
 443 
 
445 
# On autorise les requêtes FTP
444 
# On autorise les requêtes FTP
446 
# FTP requests are allowed
 445 
# FTP requests are allowed
447 
modprobe nf_conntrack_ftp
 446 
modprobe nf_conntrack_ftp