| 10,22 → 10,22 |
|---|
| # 2 protection of ALCASAR with the Ulog group 1 (default group) |
| # 3 SSH on ALCASAR with the Ulog group 2; |
| # 4 extern access attempts on ALCASAR with the Ulog group 3. |
| # The bootps/dhcp (67) port is always open on tun0/eth1 by coova |
| conf_file="/usr/local/etc/alcasar.conf" |
| private_ip_mask=`grep ^PRIVATE_IP= $conf_file|cut -d"=" -f2` |
| # The bootps/dhcp (67) port is always open on tun0/INTIF by coova |
| CONF_FILE="/usr/local/etc/alcasar.conf" |
| private_ip_mask=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2` |
| private_ip_mask=${private_ip_mask:=192.168.182.1/24} |
| PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1` # ALCASAR LAN IP address |
| private_network=`/bin/ipcalc -n $private_ip_mask|cut -d"=" -f2` # LAN IP address (ie.: 192.168.182.0) |
| private_prefix=`/bin/ipcalc -p $private_ip_mask|cut -d"=" -f2` # LAN prefix (ie. 24) |
| PRIVATE_NETWORK_MASK=$private_network/$private_prefix # Lan IP address + prefix (192.168.182.0/24) |
| public_ip_mask=`grep ^PUBLIC_IP= $conf_file|cut -d"=" -f2` # ALCASAR WAN IP address |
| public_ip_mask=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2` # ALCASAR WAN IP address |
| PUBLIC_IP=`echo $public_ip_mask | cut -d"/" -f1` |
| dns1=`grep ^DNS1= $conf_file|cut -d"=" -f2` # first public DNS server |
| dns1=`grep ^DNS1= $CONF_FILE|cut -d"=" -f2` # first public DNS server |
| dns1=${dns1:=208.67.220.220} |
| dns2=`grep ^DNS2= $conf_file|cut -d"=" -f2` # second public DNS server |
| dns2=`grep ^DNS2= $CONF_FILE|cut -d"=" -f2` # second public DNS server |
| dns2=${dns2:=208.67.222.222} |
| DNSSERVERS="$dns1,$dns2" # first and second DNS IP servers addresses |
| PROTOCOLS_FILTERING=`grep ^PROTOCOLS_FILTERING= $conf_file|cut -d"=" -f2` # Network protocols filter (on/off) |
| PROTOCOLS_FILTERING=`grep ^PROTOCOLS_FILTERING= $CONF_FILE|cut -d"=" -f2` # Network protocols filter (on/off) |
| PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:=off} |
| BL_IP_CAT="/usr/local/share/iptables-bl-enabled" # categories files of the BlackListed IP |
| BL_IP_OSSI="/usr/local/share/iptables-bl/ossi" # ossi categoty |
| 33,18 → 33,18 |
|---|
| DNSMASQ_WL_ENABLED="/usr/local/share/dnsmasq-wl-enabled" # enabled domain names for the Whitelist |
| TMP_users_set_save="/tmp/users_set_save" # tmp file for backup users set |
| TMP_set_save="/tmp/ipset_save" # tmp file for blacklist and whitelist creation |
| QOS=`grep ^QOS= $conf_file|cut -d"=" -f2` # QOS (on/off) |
| QOS=`grep ^QOS= $CONF_FILE|cut -d"=" -f2` # QOS (on/off) |
| QOS=${QOS:=off} |
| SSH=`grep ^SSH= $conf_file|cut -d"=" -f2` # sshd active (on/off) |
| SSH=`grep ^SSH= $CONF_FILE|cut -d"=" -f2` # sshd active (on/off) |
| SSH=${SSH:=off} |
| SSH_ADMIN_FROM=`grep ^SSH_ADMIN_FROM= $conf_file|cut -d"=" -f2` |
| SSH_ADMIN_FROM=`grep ^SSH_ADMIN_FROM= $CONF_FILE|cut -d"=" -f2` |
| SSH_ADMIN_FROM=${SSH_ADMIN_FROM:="0.0.0.0/0.0.0.0"} # WAN IP address to reduce ssh access (all ip allowed on LAN side) |
| LDAP=`grep ^LDAP= $conf_file|cut -d"=" -f2` # LDAP external server active (on/off) |
| LDAP=`grep ^LDAP= $CONF_FILE|cut -d"=" -f2` # LDAP external server active (on/off) |
| LDAP=${LDAP:=off} |
| LDAP_IP=`grep ^LDAP_IP= $conf_file|cut -d"=" -f2` # WAN IP address to reduce LDAP WAN access (all ip allowed on LAN side) |
| LDAP_IP=`grep ^LDAP_IP= $CONF_FILE|cut -d"=" -f2` # WAN IP address to reduce LDAP WAN access (all ip allowed on LAN side) |
| LDAP_IP=${LDAP_IP:="0.0.0.0/0.0.0.0"} |
| EXTIF="enp1s0" |
| INTIF="enp2s0" |
| EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace |
| INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
| TUNIF="tun0" # listen device for chilli daemon |
| IPTABLES="/sbin/iptables" |
| IP_REHABILITEES="/etc/dansguardian/lists/exceptioniplist" # Rehabilitated IP |