Subversion Repositories ALCASAR

Rev

Rev 634 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
672 richard 1 
#/bin/bash
63 franck 2 
# $Id: alcasar-nf.sh 672 2011-07-08 15:34:22Z richard $
3 
 
672 richard 4 
# alcasar-nf.sh
5 
# by Richard REY
6 
# This script is distributed under the Gnu General Public License (GPL)
7 
 
520 richard 8 
# active ou desactive le filtrage de protocoles réseau
9 
# enable or disable the network protocols filter
10 
 
1 root 11 
SED="/bin/sed -i"
12 
FIC_SERVICES="/usr/local/etc/alcasar-services"
28 richard 13 
FIC_EXCEPTIONS="/usr/local/etc/alcasar-filter-exceptions"
612 richard 14 
FIC_CONF="/usr/local/etc/alcasar.conf"
1 root 15 
 
634 richard 16 
usage="Usage: alcasar-nf.sh {--on | -on} | {--off | -off}"
1 root 17 
nb_args=$#
18 
args=$1
19 
if [ $nb_args -eq 0 ]
20 
then
634 richard 21 
	/usr/local/bin/alcasar-iptables.sh
22 
	exit 1
1 root 23 
fi
24 
case $args in
25 
	-\? | -h* | --h*)
26 
		echo "$usage"
27 
		exit 0
28 
		;;
615 richard 29 
	-on|-on) # enable protocols filter
30 
		# sort service file
31 
		$SED "/^$/d" $FIC_SERVICES # delete empty lines
1 root 32 
		sort -k2n $FIC_SERVICES > /tmp/alcasar-services-sort
33 
		mv -f /tmp/alcasar-services-sort $FIC_SERVICES
34 
		chown root:apache $FIC_SERVICES
35 
		chmod 660 $FIC_SERVICES
615 richard 36 
		# vérify exception file
25 richard 37 
		[ -e $FIC_EXCEPTIONS ] || touch $FIC_EXCEPTIONS
38 
		chown root:apache $FIC_EXCEPTIONS
39 
		chmod 664 $FIC_EXCEPTIONS
615 richard 40 
		$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=on?g" $FIC_CONF
1 root 41 
		/usr/local/bin/alcasar-iptables.sh
42 
		;;
615 richard 43 
	--off|-off) # disable protocols filter
612 richard 44 
		$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=off?g" $FIC_CONF
1 root 45 
		/usr/local/bin/alcasar-iptables.sh
46 
		;;
47 
	*)
48 
		echo "Argument inconnu :$1";
49 
		echo "$usage"
50 
		exit 1
51 
		;;
52 
esac
53