Subversion Repositories ALCASAR

Rev

Rev 3310 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 3310 Rev 3311
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
# $Id: alcasar-iptables.sh 3310 2026-01-06 12:48:09Z rexy $
 2 
# $Id: alcasar-iptables.sh 3311 2026-01-07 00:06:16Z rexy $
3 
# This script writes the netfilter rules for ALCASAR (see 'alcasar-iptables-bypass.sh' for iptables rules in Bypass mode)
 3 
# This script writes the netfilter rules for ALCASAR (see 'alcasar-iptables-bypass.sh' for iptables rules in Bypass mode)
4 
# Rexy - 3abtux - CPN
 4 
# Rexy - 3abtux - CPN
5 
#
 5 
#
6 
# Reminders
 6 
# Reminders
7 
# There are four channels for log :
 7 
# There are four channels for log :
Line 105... Line 105...
105 
 
 105 
 
106 
# loading of NetFlow probe (ipt_NETFLOW kernel module)
 106 
# loading of NetFlow probe (ipt_NETFLOW kernel module)
107 
modprobe ipt_NETFLOW destination=127.0.0.1:2055
 107 
modprobe ipt_NETFLOW destination=127.0.0.1:2055
108 
 
 108 
 
109 
# set conntrack timer to 1h (3600s) instead of 5 weeks
 109 
# set conntrack timer to 1h (3600s) instead of 5 weeks
110 
echo "net.netfilter.nf_conntrack_tcp_timeout_established = 3600" >> /etc/sysctl.d/alcasar.conf
 110 
sysctl -q net.netfilter.nf_conntrack_tcp_timeout_established=3600
111 
sysctl -p /etc/sysctl.d/alcasar.conf
 - 
 
112 
 
 111 
 
113 
# Flush all existing rules
 112 
# Flush all existing rules
114 
$IPTABLES -F
 113 
$IPTABLES -F
115 
$IPTABLES -t nat -F
 114 
$IPTABLES -t nat -F
116 
$IPTABLES -t mangle -F
 115 
$IPTABLES -t mangle -F