27,6 → 27,8 |
DNSSERVERS="$dns1,$dns2" # first and second DNS IP servers addresses |
PROTOCOLS_FILTERING=`grep PROTOCOLS_FILTERING= $conf_file|cut -d"=" -f2` # Network protocols filter (on/off) |
PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:=off} |
EXT_LAN_FILTERING=`grep EXT_LAN_FILTERING= $conf_file|cut -d"=" -f2` # filter acces to the lan on alcasar/eth0 (on/off) |
EXT_LAN_FILTERING=${EXT_LAN_FILTERING:=off} |
DNS_FILTERING=`grep DNS_FILTERING= $conf_file|cut -d"=" -f2` # DNS and URLs filter (on/off) |
DNS_FILTERING=${DNS_FILTERING:=off} |
QOS=`grep QOS= $conf_file|cut -d"=" -f2` # QOS (on/off) |
196,6 → 198,14 |
$IPTABLES -A FORWARD -i $TUNIF -p udp --dport domain -j REJECT --reject-with icmp-port-unreachable |
$IPTABLES -A FORWARD -i $TUNIF -p tcp --dport domain -j REJECT --reject-with tcp-reset |
|
# Filtrage de l'accès au LAN connecté sur EXTIF (eth0) |
# EXTIF (eth0) connected LAN filtering |
if [ $EXT_LAN_FILTERING = on ]; then |
$IPTABLES -A FORWARD -i $TUNIF -p udp -d $public_ip_mask -j REJECT --reject-with icmp-port-unreachable |
$IPTABLES -A FORWARD -i $TUNIF -p icmp -d $public_ip_mask -j REJECT --reject-with icmp-port-unreachable |
$IPTABLES -A FORWARD -i $TUNIF -p tcp -d $public_ip_mask -j REJECT --reject-with tcp-reset |
fi |
|
# If protocols filter is activate |
if [ $PROTOCOLS_FILTERING = on ]; then |
# Compute exception IP (IP addresses that shouldn't be filtered) |