WebSVN – ALCASAR – Path Comparison – /

Ignore whitespace Rev 1385 → Rev 1386

 /alcasar.sh
 ,10 → 1392,9
 ##########################################################
 BL ()
 {
-# modify iptables init script in order to load the ipsets
-[ -e /usr/libexec/iptables.init.default ] || cp /usr/libexec/iptables.init /usr/libexec/iptables.init.default
-sed -i 's/^IPTABLES_CONFIG=\/etc\/sysconfig\/iptables/IPTABLES_CONFIG=\/etc\/sysconfig\/iptables\nIPSET_CONFIG=\/etc\/sysconfig\/ipset_save/' /usr/libexec/iptables.init
-sed -i 's/if \[ -f \$IPTABLES_CONFIG \]; then/if \[ -f \$IPSET_CONFIG \] \&\& \[ -f \$IPTABLES_CONFIG \]; then\n\t\t\/sbin\/ipset -! restore < \$IPSET_CONFIG/' /usr/libexec/iptables.init
+# modify iptables boot file to start alcasar-iptables.sh when the system is booting
+[ -e /lib/systemd/system/iptables.service.default ] || cp /lib/systemd/system/iptables.service /lib/systemd/system/iptables.service.default
+$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /lib/systemd/system/iptables.service
 # copy and extract toulouse BL
         rm -rf $DIR_DG/lists/blacklists
         tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1
 ,7 → 1402,6
         mkdir $DIR_DG/lists/blacklists/ossi
         touch $DIR_DG/lists/blacklists/ossi/domains $DIR_DG/lists/blacklists/ossi/domains_wl
         touch $DIR_DG/lists/blacklists/ossi/urls $DIR_DG/lists/blacklists/ossi/urls_wl
-        touch $DIR_DEST_SHARE/iptables-wl/ossi
         chown -R dansguardian:apache $DIR_DG $DIR_DEST_SHARE
         chmod -R g+rw $DIR_DG $DIR_DEST_SHARE
 # creation of file for the rehabilited domains and urls

 /scripts/alcasar-iptables.sh
 ,15 → 147,6
         ipset create havp_wl_set hash:net hashsize 1024
 fi
-# Sauvegarde de tous les set sauf ceux d'interception (pour restaurer après redémarrage)
-# Backup all sets except interception set
-ipset save blacklist_ip_blocked > $SAVE_DIR/ipset_save
-ipset save whitelist_ip_allowed >> $SAVE_DIR/ipset_save
-echo "create no_filtering_set hash:net family inet hashsize 1024 maxelem 65536" >> $SAVE_DIR/ipset_save
-echo "create havp_set hash:net family inet hashsize 1024 maxelem 65536" >> $SAVE_DIR/ipset_save
-echo "create havp_bl_set hash:net family inet hashsize 1024 maxelem 65536" >> $SAVE_DIR/ipset_save
-echo "create havp_wl_set hash:net family inet hashsize 1024 maxelem 65536" >> $SAVE_DIR/ipset_save
 #############################
 #       PREROUTING          #
 #############################
 ,8 → 432,5
 # Dynamic NAT on EXTIF
 $IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE
-# Save all rules
-/usr/libexec/iptables.init save
 # End of script

 /scripts/sbin/alcasar-bl.sh
 ,7 → 43,10
 function cat_choice (){
         # saving ip files and ossi category
         mkdir $DIR_tmp
-        cp $DIR_IP_BL_ENABLED/ossi-* $DIR_tmp
+        if [ $(find $DIR_IP_BL_ENABLED -name "ossi-*" | wc -l) -ne 0 ]
+        then
+                cp $DIR_IP_BL_ENABLED/ossi-* $DIR_tmp
+        fi
         cp $DIR_IP_BL/ossi $DIR_tmp
         rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENABLED # cleaning for dnsmasq and iptables
         $SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG
 ,7 → 78,10
         # restoring ip files and ossi category
         mv $DIR_tmp/ossi $DIR_IP_BL
         chown apache $DIR_IP_BL/ossi
-        mv $DIR_tmp/ossi-* $DIR_IP_BL_ENABLED
+        if [ $(find $DIR_tmp -name "ossi-*" | wc -l) -ne 0 ]
+        then
+                mv $DIR_tmp/ossi-* $DIR_IP_BL_ENABLED
+        fi
         rm -rf $DIR_tmp
 }
 function bl_enable (){
 ,8 → 116,15
         if [ ! -d $DIR_IP_WL ]
         then
                 mkdir $DIR_IP_WL
+                touch $DIR_IP_WL/ossi
+                chown apache $DIR_IP_WL/ossi
         else
+                # delete old IPs
+                mkdir $DIR_tmp
+                cp $DIR_IP_WL/ossi $DIR_tmp
                 rm -rf $DIR_IP_WL/*
+                cp $DIR_tmp/ossi $DIR_IP_WL
+                rm -rf $DIR_tmp
         fi
         echo "Retrieving IPs :"
         cd $DIR_DNS_WL
 ,7 → 144,7
                 done
         done
         echo "done"
-        sleep 2
+        sleep 5
         cd $DIR_IP_WL
         for category in `ls`
         do
 ,7 → 168,7
         do
                 echo `host $domain | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}'` >> $OSSI_WL_IP &
         done
-        sleep 2
+        sleep 5
         # one IP per line
         $SED 's/ /\n/g' $OSSI_WL_IP
         # add SET syntax

 /scripts/sbin/alcasar-uninstall.sh
 ,7 → 156,7
 #BL
 echo -en "\n- BL(1) : "
-[ -e /usr/libexec/iptables.init.default ] && mv /usr/libexec/iptables.init.default /usr/libexec/iptables.init && echo "1"
+[ -e /lib/systemd/system/iptables.service.default ] && mv /lib/systemd/system/iptables.service.default /lib/systemd/system/iptables.service && echo "1"
 sleep 1
 #dhcpd

Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1385 → Rev 1386