Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2546 → Rev 2547

/conf/etc/alcasar-iptables-local.sh
15,19 → 15,19
 
# Local MAC addresses filtering (MAC are in '/usr/local/etc/alcasar-iptables-local-mac-filtered'. Format : aa:09:23:2f:4d:ee)
if [ -s /usr/local/etc/alcasar-iptables-local-mac-filtered ]; then
while read mac_line
do
ip_on=`echo $mac_line|cut -b1`
if [ $ip_on != "#" ]
then
mac_filtered=`echo $mac_line|cut -d" " -f1`
echo "MAC filtered = $mac_filtered"
$IPTABLES -A FORWARD -i $INTIF -m mac --mac-source $mac_filtered -j NFLOG --nflog-group 1 --nflog-prefix "$mac_filtered -- Filt_DROP"
$IPTABLES -A FORWARD -i $INTIF -p tcp -m mac --mac-source $mac_filtered -j DROP
$IPTABLES -A FORWARD -i $INTIF -p udp -m mac --mac-source $mac_filtered -j DROP
$IPTABLES -A FORWARD -i $INTIF -m mac --mac-source $mac_filtered -j DROP
fi
done < /usr/local/etc/alcasar-iptables-local-mac-filtered
while read mac_line
do
ip_on=`echo $mac_line|cut -b1`
if [ $ip_on != "#" ]
then
mac_filtered=`echo $mac_line|cut -d" " -f1`
echo "MAC filtered = $mac_filtered"
$IPTABLES -A FORWARD -i $INTIF -m mac --mac-source $mac_filtered -j NFLOG --nflog-group 1 --nflog-prefix "$mac_filtered -- Filt_DROP"
$IPTABLES -A FORWARD -i $INTIF -p tcp -m mac --mac-source $mac_filtered -j DROP
$IPTABLES -A FORWARD -i $INTIF -p udp -m mac --mac-source $mac_filtered -j DROP
$IPTABLES -A FORWARD -i $INTIF -m mac --mac-source $mac_filtered -j DROP
fi
done < /usr/local/etc/alcasar-iptables-local-mac-filtered
fi
 
# On autorise le ping (echo & request) (ICMP N°0 & 8) en provenance de l'extérieur vers ALCASAR
51,7 → 51,9
 
# Deny access to protected networks from internal LAN
#protectedNetworks='10.0.0.0/8,172.16.0.0/12,192.168.0.0/16' # (RFC 1918)
#$IPTABLES -A FORWARD -i $TUNIF -d $protectedNetworks -j DROP
#[ -n "$TUNIF" ] && consultationIF=$TUNIF || consultationIF=$INTIF
#$IPTABLES -A FORWARD -i $consultationIF -d $protectedNetworks -j DROP
#$IPTABLES -A FORWARD -o $consultationIF -s $protectedNetworks -j DROP
 
# Allow managers to access ACC from the external network
#managerIPs='192.168.111.10'