/scripts/sbin/alcasar-uninstall.sh |
---|
156,7 → 156,7 |
#BL |
echo -en "\n- BL(1) : " |
[ -e /lib/systemd/system/iptables.service.default ] && mv /lib/systemd/system/iptables.service.default /lib/systemd/system/iptables.service && echo "1" |
[ -e /usr/libexec/iptables.init.default ] && mv /usr/libexec/iptables.init.default /usr/libexec/iptables.init && echo "1" |
sleep 1 |
#dhcpd |
/scripts/sbin/alcasar-bl.sh |
---|
43,10 → 43,7 |
function cat_choice (){ |
# saving ip files and ossi category |
mkdir $DIR_tmp |
if [ $(find $DIR_IP_BL_ENABLED -name "ossi-*" | wc -l) -ne 0 ] |
then |
cp $DIR_IP_BL_ENABLED/ossi-* $DIR_tmp |
fi |
cp $DIR_IP_BL_ENABLED/ossi-* $DIR_tmp |
cp $DIR_IP_BL/ossi $DIR_tmp |
rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENABLED # cleaning for dnsmasq and iptables |
$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG |
78,10 → 75,7 |
# restoring ip files and ossi category |
mv $DIR_tmp/ossi $DIR_IP_BL |
chown apache $DIR_IP_BL/ossi |
if [ $(find $DIR_tmp -name "ossi-*" | wc -l) -ne 0 ] |
then |
mv $DIR_tmp/ossi-* $DIR_IP_BL_ENABLED |
fi |
mv $DIR_tmp/ossi-* $DIR_IP_BL_ENABLED |
rm -rf $DIR_tmp |
} |
function bl_enable (){ |
116,15 → 110,8 |
if [ ! -d $DIR_IP_WL ] |
then |
mkdir $DIR_IP_WL |
touch $DIR_IP_WL/ossi |
chown apache $DIR_IP_WL/ossi |
else |
# delete old IPs |
mkdir $DIR_tmp |
cp $DIR_IP_WL/ossi $DIR_tmp |
rm -rf $DIR_IP_WL/* |
cp $DIR_tmp/ossi $DIR_IP_WL |
rm -rf $DIR_tmp |
fi |
echo "Retrieving IPs :" |
cd $DIR_DNS_WL |
144,7 → 131,7 |
done |
done |
echo "done" |
sleep 5 |
sleep 2 |
cd $DIR_IP_WL |
for category in `ls` |
do |
168,7 → 155,7 |
do |
echo `host $domain | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}'` >> $OSSI_WL_IP & |
done |
sleep 5 |
sleep 2 |
# one IP per line |
$SED 's/ /\n/g' $OSSI_WL_IP |
# add SET syntax |
/scripts/alcasar-iptables.sh |
---|
147,6 → 147,15 |
ipset create havp_wl_set hash:net hashsize 1024 |
fi |
# Sauvegarde de tous les set sauf ceux d'interception (pour restaurer après redémarrage) |
# Backup all sets except interception set |
ipset save blacklist_ip_blocked > $SAVE_DIR/ipset_save |
ipset save whitelist_ip_allowed >> $SAVE_DIR/ipset_save |
echo "create no_filtering_set hash:net family inet hashsize 1024 maxelem 65536" >> $SAVE_DIR/ipset_save |
echo "create havp_set hash:net family inet hashsize 1024 maxelem 65536" >> $SAVE_DIR/ipset_save |
echo "create havp_bl_set hash:net family inet hashsize 1024 maxelem 65536" >> $SAVE_DIR/ipset_save |
echo "create havp_wl_set hash:net family inet hashsize 1024 maxelem 65536" >> $SAVE_DIR/ipset_save |
############################# |
# PREROUTING # |
############################# |
432,5 → 441,8 |
# Dynamic NAT on EXTIF |
$IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE |
# Save all rules |
/usr/libexec/iptables.init save |
# End of script |