/alcasar.sh |
---|
1392,10 → 1392,9 |
########################################################## |
BL () |
{ |
# modify iptables init script in order to load the ipsets |
[ -e /usr/libexec/iptables.init.default ] || cp /usr/libexec/iptables.init /usr/libexec/iptables.init.default |
sed -i 's/^IPTABLES_CONFIG=\/etc\/sysconfig\/iptables/IPTABLES_CONFIG=\/etc\/sysconfig\/iptables\nIPSET_CONFIG=\/etc\/sysconfig\/ipset_save/' /usr/libexec/iptables.init |
sed -i 's/if \[ -f \$IPTABLES_CONFIG \]; then/if \[ -f \$IPSET_CONFIG \] \&\& \[ -f \$IPTABLES_CONFIG \]; then\n\t\t\/sbin\/ipset -! restore < \$IPSET_CONFIG/' /usr/libexec/iptables.init |
# modify iptables boot file to start alcasar-iptables.sh when the system is booting |
[ -e /lib/systemd/system/iptables.service.default ] || cp /lib/systemd/system/iptables.service /lib/systemd/system/iptables.service.default |
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /lib/systemd/system/iptables.service |
# copy and extract toulouse BL |
rm -rf $DIR_DG/lists/blacklists |
tar zxf $DIR_CONF/blacklists.tar.gz --directory=$DIR_DG/lists/ > /dev/null 2>&1 |
1403,7 → 1402,6 |
mkdir $DIR_DG/lists/blacklists/ossi |
touch $DIR_DG/lists/blacklists/ossi/domains $DIR_DG/lists/blacklists/ossi/domains_wl |
touch $DIR_DG/lists/blacklists/ossi/urls $DIR_DG/lists/blacklists/ossi/urls_wl |
touch $DIR_DEST_SHARE/iptables-wl/ossi |
chown -R dansguardian:apache $DIR_DG $DIR_DEST_SHARE |
chmod -R g+rw $DIR_DG $DIR_DEST_SHARE |
# creation of file for the rehabilited domains and urls |
/scripts/alcasar-iptables.sh |
---|
147,15 → 147,6 |
ipset create havp_wl_set hash:net hashsize 1024 |
fi |
# Sauvegarde de tous les set sauf ceux d'interception (pour restaurer après redémarrage) |
# Backup all sets except interception set |
ipset save blacklist_ip_blocked > $SAVE_DIR/ipset_save |
ipset save whitelist_ip_allowed >> $SAVE_DIR/ipset_save |
echo "create no_filtering_set hash:net family inet hashsize 1024 maxelem 65536" >> $SAVE_DIR/ipset_save |
echo "create havp_set hash:net family inet hashsize 1024 maxelem 65536" >> $SAVE_DIR/ipset_save |
echo "create havp_bl_set hash:net family inet hashsize 1024 maxelem 65536" >> $SAVE_DIR/ipset_save |
echo "create havp_wl_set hash:net family inet hashsize 1024 maxelem 65536" >> $SAVE_DIR/ipset_save |
############################# |
# PREROUTING # |
############################# |
441,8 → 432,5 |
# Dynamic NAT on EXTIF |
$IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE |
# Save all rules |
/usr/libexec/iptables.init save |
# End of script |
/scripts/sbin/alcasar-bl.sh |
---|
43,7 → 43,10 |
function cat_choice (){ |
# saving ip files and ossi category |
mkdir $DIR_tmp |
cp $DIR_IP_BL_ENABLED/ossi-* $DIR_tmp |
if [ $(find $DIR_IP_BL_ENABLED -name "ossi-*" | wc -l) -ne 0 ] |
then |
cp $DIR_IP_BL_ENABLED/ossi-* $DIR_tmp |
fi |
cp $DIR_IP_BL/ossi $DIR_tmp |
rm -rf $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENABLED # cleaning for dnsmasq and iptables |
$SED "/\.Include/d" $DIR_DG/bannedsitelist $DIR_DG/bannedurllist # cleaning for DG |
75,7 → 78,10 |
# restoring ip files and ossi category |
mv $DIR_tmp/ossi $DIR_IP_BL |
chown apache $DIR_IP_BL/ossi |
mv $DIR_tmp/ossi-* $DIR_IP_BL_ENABLED |
if [ $(find $DIR_tmp -name "ossi-*" | wc -l) -ne 0 ] |
then |
mv $DIR_tmp/ossi-* $DIR_IP_BL_ENABLED |
fi |
rm -rf $DIR_tmp |
} |
function bl_enable (){ |
110,8 → 116,15 |
if [ ! -d $DIR_IP_WL ] |
then |
mkdir $DIR_IP_WL |
touch $DIR_IP_WL/ossi |
chown apache $DIR_IP_WL/ossi |
else |
# delete old IPs |
mkdir $DIR_tmp |
cp $DIR_IP_WL/ossi $DIR_tmp |
rm -rf $DIR_IP_WL/* |
cp $DIR_tmp/ossi $DIR_IP_WL |
rm -rf $DIR_tmp |
fi |
echo "Retrieving IPs :" |
cd $DIR_DNS_WL |
131,7 → 144,7 |
done |
done |
echo "done" |
sleep 2 |
sleep 5 |
cd $DIR_IP_WL |
for category in `ls` |
do |
155,7 → 168,7 |
do |
echo `host $domain | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}'` >> $OSSI_WL_IP & |
done |
sleep 2 |
sleep 5 |
# one IP per line |
$SED 's/ /\n/g' $OSSI_WL_IP |
# add SET syntax |
/scripts/sbin/alcasar-uninstall.sh |
---|
156,7 → 156,7 |
#BL |
echo -en "\n- BL(1) : " |
[ -e /usr/libexec/iptables.init.default ] && mv /usr/libexec/iptables.init.default /usr/libexec/iptables.init && echo "1" |
[ -e /lib/systemd/system/iptables.service.default ] && mv /lib/systemd/system/iptables.service.default /lib/systemd/system/iptables.service && echo "1" |
sleep 1 |
#dhcpd |