No changes between revisions
/conf/etc/alcasar-iptables-block |
--- scripts/alcasar-iptables.sh (revision 847) |
+++ scripts/alcasar-iptables.sh (revision 848) |
@@ -118,8 +118,15 @@ |
|
# Insertion de règles de blocage (Devel) |
# Here, we add block rules (Devel) |
-if [ -f /usr/local/etc/alcasar-iptables-block.sh ]; then |
- . /usr/local/etc/alcasar-iptables-block.sh |
+if [ -s /usr/local/etc/alcasar-iptables-block ]; then |
+ while read ip_blocked |
+ do |
+ echo "Network Address blocked : $ip_blocked" |
+ $IPTABLES -A FORWARD -d $ip_blocked -j ULOG --ulog-prefix "RULE IP-blocked -- REJECT " |
+ $IPTABLES -A FORWARD -d $ip_blocked -j REJECT |
+ $IPTABLES -A FORWARD -s $ip_blocked -j ULOG --ulog-prefix "RULE IP-blocked -- REJECT " |
+ $IPTABLES -A FORWARD -s $ip_blocked -j REJECT |
+ done < /usr/local/etc/alcasar-iptables-block |
fi |
|
# Rejet des demandes de connexions non conformes (FIN-URG-PUSH, XMAS, NullScan, SYN-RST et NEW not SYN) |