| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar-iptables.sh 3099 2022-12-28 11:30:30Z rexy $
|
2 |
# $Id: alcasar-iptables.sh 3103 2022-12-30 23:45:23Z rexy $
|
| 3 |
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
|
3 |
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
|
| 4 |
# This script writes the netfilter rules for ALCASAR
|
4 |
# This script writes the netfilter rules for ALCASAR
|
| 5 |
# Rexy - 3abtux - CPN
|
5 |
# Rexy - 3abtux - CPN
|
| 6 |
#
|
6 |
#
|
| 7 |
# Reminders
|
7 |
# Reminders
|
| Line 548... |
Line 548... |
| 548 |
# RSYNC requests are allowed (update of Toulouse BL)
|
548 |
# RSYNC requests are allowed (update of Toulouse BL)
|
| 549 |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport rsync -j ACCEPT
|
549 |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport rsync -j ACCEPT
|
| 550 |
|
550 |
|
| 551 |
# On autorise les requêtes FTP
|
551 |
# On autorise les requêtes FTP
|
| 552 |
# FTP requests are allowed
|
552 |
# FTP requests are allowed
|
| 553 |
modprobe nf_conntrack_ftp
|
553 |
# modprobe nf_conntrack_ftp # no more needed with kernel > 5.15.85
|
| 554 |
$IPTABLES -t raw -A OUTPUT -p tcp --dport ftp -j CT --helper ftp
|
554 |
# $IPTABLES -t raw -A OUTPUT -p tcp --dport ftp -j CT --helper ftp # no more needed with kernel > 5.15.85
|
| 555 |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ftp -j ACCEPT
|
555 |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ftp -j ACCEPT
|
| 556 |
$IPTABLES -A OUTPUT -o $EXTIF -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
556 |
$IPTABLES -A OUTPUT -o $EXTIF -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
| 557 |
|
557 |
|
| 558 |
# On autorise les requêtes NTP
|
558 |
# On autorise les requêtes NTP
|
| 559 |
# NTP requests are allowed
|
559 |
# NTP requests are allowed
|