| 33,8 → 33,6 |
|---|
| dns1=${dns1:=208.67.220.220} |
| dns2=${dns2:=208.67.222.222} |
| DNSSERVERS="$dns1,$dns2" # first and second public DNS servers |
| INT_DNS_IP=`grep INT_DNS_IP $CONF_FILE|cut -d"=" -f2` # Adresse du serveur DNS interne |
| INT_DNS_ACTIVE=`grep INT_DNS_ACTIVE $CONF_FILE|cut -d"=" -f2` # Activation de la redirection DNS interne |
| BL_IP_CAT="/usr/local/share/iptables-bl-enabled" # categories files of the BlackListed IP |
| WL_IP_CAT="/usr/local/share/iptables-wl-enabled" # categories files of the WhiteListed IP |
| TMP_users_set_save="/tmp/users_set_save" # tmp file for backup users set |
| 47,12 → 45,6 |
|---|
| IP_REHABILITEES="/etc/e2guardian/lists/exceptioniplist" # Rehabilitated IP |
| SITE_DIRECT="/usr/local/etc/alcasar-site-direct" # Site Direct (no havp and no filtrage) for user BL |
| |
| # Allow requests to internal DNS if activated |
| if [ "$INT_DNS_ACTIVE" = "on" ] |
| then |
| DNSSERVERS="$DNSSERVERS,$INT_DNS_IP" |
| fi |
| |
| # Sauvegarde des SET des utilisateurs connectés si ils existent |
| # Saving SET of connected users if it exists |
| ipset list not_filtered 1>/dev/null 2>&1 |
| 119,7 → 111,7 |
|---|
| # Suppression des ip réhabilitées / Removing of rehabilitated ip |
| for ip in $(cat $IP_REHABILITEES) |
| do |
| ipset -q del bl_ip_blocked $ip |
| ipset del bl_ip_blocked $ip |
| done |
| |
| # rajout exception havp_bl --> Site en direct pour les Utilisateurs filtrés |
| 130,7 → 122,7 |
|---|
| done |
| |
| ###### WL set ########### |
| # taille fixe, car peuplé par dnsmasq / fixe length due to dnsmasq dynamic loading |
| # taille fixe, car peupler par dnsmasq / fixe length due to dnsmasq dynamic loading |
| wl_set_length=65536 |
| # Chargement Loading |
| echo "create wl_ip_allowed hash:net family inet hashsize 1024 maxelem $wl_set_length" > $TMP_set_save |
| 293,18 → 285,18 |
|---|
| $IPTABLES -A INPUT -i $TUNIF -p udp --dport 56 -m mark --mark 5 -j REJECT --reject-with icmp-port-unreachable |
| $IPTABLES -A INPUT -i $TUNIF -p tcp --dport 56 -m mark --mark 3 -j REJECT --reject-with tcp-reset |
| |
| # autorisation des connexion légitime à Unbound (avec blacklist) |
| # Allow connections for Unbound (with blacklist) |
| # autorisation des connexion légitime à DNSMASQ (avec blacklist) |
| # Allow connections for DNSMASQ (with blacklist) |
| $IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p udp --dport 54 -j ACCEPT |
| $IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport 54 -j ACCEPT |
| |
| # autorisation des connexion légitime à Unbound (avec whitelist) |
| # Allow connections for Unbound (with whitelist) |
| # autorisation des connexion légitime à DNSMASQ (avec whitelist) |
| # Allow connections for DNSMASQ (with whitelist) |
| $IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p udp --dport 55 -j ACCEPT |
| $IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport 55 -j ACCEPT |
| |
| # autorisation des connexion légitime à Unbound (mode blackhole) |
| # Allow connections for Unbound (blackhole mode) |
| # autorisation des connexion légitime à DNSMASQ (mode blackhole) |
| # Allow connections for DNSMASQ (blackhole mode) |
| $IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p udp --dport 56 -j ACCEPT |
| $IPTABLES -A INPUT -i $TUNIF -s $PRIVATE_NETWORK_MASK -d $PRIVATE_IP -p tcp --dport 56 -j ACCEPT |
| |