210,8 → 210,10 |
# On installe les paquetages complémentaires |
urpmi --auto $PACKAGES |
# On empêche les mises à jour de coova-chilli et freeradius par le biais des dépôts |
echo -n "/^coova/" >> /etc/urpmi/skip.list |
echo -n "/^freeradius/" >> /etc/urpmi/skip.list |
for rpmskip in coova freeradius |
do |
echo -n "/^$rpmskip/" >> /etc/urpmi/skip.list |
done |
# On supprime les paquetages, les services et les utilisateurs inutiles |
for rm_rpm in dhcp-server avahi mandi shorewall libc-icap0 cyrus-sasl |
do |
530,6 → 532,7 |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
# Allow from $SRC_ADMIN |
require valid-user |
AuthType digest |
AuthName $HOSTNAME |
544,6 → 547,7 |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
# Allow from $SRC_ADMIN |
require valid-user |
AuthType digest |
AuthName $HOSTNAME |
558,6 → 562,7 |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
# Allow from $SRC_ADMIN |
require valid-user |
AuthType digest |
AuthName $HOSTNAME |
572,6 → 577,7 |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
# Allow from $SRC_ADMIN |
require valid-user |
AuthType digest |
AuthName $HOSTNAME |
587,6 → 593,7 |
Deny from all |
Allow from 127.0.0.1 |
Allow from $PRIVATE_NETWORK_MASK |
# Allow from $SRC_ADMIN |
require valid-user |
AuthType digest |
AuthName $HOSTNAME |
873,7 → 880,7 |
# la page d'interception est en français |
$SED "s?^language =.*?language = french?g" /etc/dansguardian/dansguardian.conf |
# on limite l'écoute de Dansguardian côté LAN |
$SED "s?^filterip =.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf |
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf |
# on chaîne Dansguardian au proxy antivirus HAVP |
$SED "s?^proxyport.*?proxyport = 8090?g" /etc/dansguardian/dansguardian.conf |
# on remplace la page d'interception (template) |
955,10 → 962,10 |
################################################################################## |
firewall () |
{ |
$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh |
$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh |
$SED "s?^PRIVATE_NETWORK_MASK=.*?PRIVATE_NETWORK_MASK=\"$PRIVATE_NETWORK_MASK\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh |
$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh |
$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh $DIR_DEST_ETC/alcasar-iptables-local.sh |
$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh $DIR_DEST_ETC/alcasar-iptables-local.sh |
$SED "s?^PRIVATE_NETWORK_MASK=.*?PRIVATE_NETWORK_MASK=\"$PRIVATE_NETWORK_MASK\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh $DIR_DEST_ETC/alcasar-iptables-local.sh |
$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh $DIR_DEST_ETC/alcasar-iptables-local.sh |
chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau) |
[ -d /var/log/firewall ] || mkdir -p /var/log/firewall |
[ -e /var/log/firewall/firewall.log ] || touch /var/log/firewall/firewall.log |