| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar-iptables.sh 2187 2017-04-27 22:18:45Z richard $
|
2 |
# $Id: alcasar-iptables.sh 2213 2017-05-08 21:55:08Z richard $
|
| 3 |
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
|
3 |
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
|
| 4 |
# This script writes the netfilter rules for ALCASAR
|
4 |
# This script writes the netfilter rules for ALCASAR
|
| 5 |
# Rexy - 3abtux - CPN
|
5 |
# Rexy - 3abtux - CPN
|
| 6 |
#
|
6 |
#
|
| 7 |
# Reminders
|
7 |
# Reminders
|
| Line 446... |
Line 446... |
| 446 |
#############################
|
446 |
#############################
|
| 447 |
# OUTPUT #
|
447 |
# OUTPUT #
|
| 448 |
#############################
|
448 |
#############################
|
| 449 |
# On laisse tout sortir sur toutes les cartes sauf celle qui est connectée sur l'extérieur
|
449 |
# On laisse tout sortir sur toutes les cartes sauf celle qui est connectée sur l'extérieur
|
| 450 |
# Everything is allowed but traffic through outside network interface
|
450 |
# Everything is allowed but traffic through outside network interface
|
| 451 |
#$IPTABLES -A OUTPUT ! -o $EXTIF -j ACCEPT
|
451 |
$IPTABLES -A OUTPUT ! -o $EXTIF -j ACCEPT
|
| 452 |
$IPTABLES -A OUTPUT -j ACCEPT
|
- |
|
| 453 |
|
452 |
|
| 454 |
# Si configéré, on autorise les requêtes DHCP
|
453 |
# Si configéré, on autorise les requêtes DHCP
|
| 455 |
# Allow DHCP requests if configured
|
454 |
# Allow DHCP requests if configured
|
| 456 |
public_ip_mask=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2` # ALCASAR WAN IP address
|
455 |
public_ip_mask=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2` # ALCASAR WAN IP address
|
| 457 |
if [[ "$public_ip_mask" == "dhcp" ]]
|
456 |
if [[ "$public_ip_mask" == "dhcp" ]]
|