| /scripts/sbin/alcasar-uninstall.sh |
|---|
| 156,7 → 156,7 |
| #BL |
| echo -en "\n- BL(1) : " |
| [ -e /lib/systemd/system/iptables.service.default ] && mv /lib/systemd/system/iptables.service.default /lib/systemd/system/iptables.service && echo "1" |
| [ -e /usr/libexec/iptables.init.default ] && mv /usr/libexec/iptables.init.default /usr/libexec/iptables.init && echo "1" |
| sleep 1 |
| #dhcpd |
| /scripts/sbin/alcasar-bl.sh |
|---|
| 43,10 → 43,7 |
| function cat_choice (){ |
| # saving ip files and ossi category |
| mkdir $DIR_tmp |
| if [ $(find $DIR_IP_BL_ENABLED -name "ossi-*" | wc -l) -ne 0 ] |
| then |
| cp $DIR_IP_BL_ENABLED/ossi-* $DIR_tmp |
| fi |
| cp $DIR_IP_BL_ENABLED/ossi-* $DIR_tmp |
| cp $DIR_IP_BL/ossi $DIR_tmp |
| rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENABLED # cleaning for dnsmasq and iptables |
| $SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG |
| 78,10 → 75,7 |
| # restoring ip files and ossi category |
| mv $DIR_tmp/ossi $DIR_IP_BL |
| chown apache $DIR_IP_BL/ossi |
| if [ $(find $DIR_tmp -name "ossi-*" | wc -l) -ne 0 ] |
| then |
| mv $DIR_tmp/ossi-* $DIR_IP_BL_ENABLED |
| fi |
| mv $DIR_tmp/ossi-* $DIR_IP_BL_ENABLED |
| rm -rf $DIR_tmp |
| } |
| function bl_enable (){ |
| 116,15 → 110,8 |
| if [ ! -d $DIR_IP_WL ] |
| then |
| mkdir $DIR_IP_WL |
| touch $DIR_IP_WL/ossi |
| chown apache $DIR_IP_WL/ossi |
| else |
| # delete old IPs |
| mkdir $DIR_tmp |
| cp $DIR_IP_WL/ossi $DIR_tmp |
| rm -rf $DIR_IP_WL/* |
| cp $DIR_tmp/ossi $DIR_IP_WL |
| rm -rf $DIR_tmp |
| fi |
| echo "Retrieving IPs :" |
| cd $DIR_DNS_WL |
| 144,7 → 131,7 |
| done |
| done |
| echo "done" |
| sleep 5 |
| sleep 2 |
| cd $DIR_IP_WL |
| for category in `ls` |
| do |
| 168,7 → 155,7 |
| do |
| echo `host $domain | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}'` >> $OSSI_WL_IP & |
| done |
| sleep 5 |
| sleep 2 |
| # one IP per line |
| $SED 's/ /\n/g' $OSSI_WL_IP |
| # add SET syntax |
| /scripts/alcasar-iptables.sh |
|---|
| 147,6 → 147,15 |
| ipset create havp_wl_set hash:net hashsize 1024 |
| fi |
| # Sauvegarde de tous les set sauf ceux d'interception (pour restaurer après redémarrage) |
| # Backup all sets except interception set |
| ipset save blacklist_ip_blocked > $SAVE_DIR/ipset_save |
| ipset save whitelist_ip_allowed >> $SAVE_DIR/ipset_save |
| echo "create no_filtering_set hash:net family inet hashsize 1024 maxelem 65536" >> $SAVE_DIR/ipset_save |
| echo "create havp_set hash:net family inet hashsize 1024 maxelem 65536" >> $SAVE_DIR/ipset_save |
| echo "create havp_bl_set hash:net family inet hashsize 1024 maxelem 65536" >> $SAVE_DIR/ipset_save |
| echo "create havp_wl_set hash:net family inet hashsize 1024 maxelem 65536" >> $SAVE_DIR/ipset_save |
| ############################# |
| # PREROUTING # |
| ############################# |
| 432,5 → 441,8 |
| # Dynamic NAT on EXTIF |
| $IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE |
| # Save all rules |
| /usr/libexec/iptables.init save |
| # End of script |