| 1402,7 → 1402,7 |
|---|
| [ -e /etc/sysconfig/dnsmasq.default ] || cp /etc/sysconfig/dnsmasq /etc/sysconfig/dnsmasq.default |
| $SED "s?^OPTION=.*?OPTION=-C /etc/dnsmasq.conf?g" /etc/sysconfig/dnsmasq # default conf file for the first dnsmasq instance |
| [ -e /etc/dnsmasq.conf.default ] || cp /etc/dnsmasq.conf /etc/dnsmasq.conf.default |
| # 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if bypass is on. |
| # 1st dnsmasq listen on udp 53 ("dnsmasq - forward"). It's used as dhcp server only if "alcasar-bypass" is on. |
| cat << EOF > /etc/dnsmasq.conf |
| # Configuration file for "dnsmasq in forward mode" |
| conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions |
| 1433,13 → 1433,14 |
|---|
| cat << EOF > /etc/dnsmasq-blacklist.conf |
| # Configuration file for "dnsmasq with blacklist" |
| # Add Toulouse blacklist domains |
| conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions |
| conf-dir=$DIR_DEST_SHARE/dnsmasq-bl-enabled |
| conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions |
| pid-file=/var/run/dnsmasq-blacklist.pid |
| listen-address=$PRIVATE_IP |
| port=54 |
| no-dhcp-interface=$INTIF |
| no-dhcp-interface=tun0 |
| no-dhcp-interface=lo |
| bind-interfaces |
| cache-size=256 |
| domain=$DOMAIN |
| 1454,13 → 1455,14 |
|---|
| cat << EOF > /etc/dnsmasq-whitelist.conf |
| # Configuration file for "dnsmasq with whitelist" |
| # Inclusion de la whitelist <domains> de Toulouse dans la configuration |
| conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions |
| conf-dir=$DIR_DEST_SHARE/dnsmasq-wl-enabled |
| conf-file=$DIR_DEST_ETC/alcasar-dns-name # zone de definition de noms DNS locaux |
| pid-file=/var/run/dnsmasq-whitelist.pid |
| listen-address=$PRIVATE_IP |
| pid-file=/var/run/dnsmasq-whitelist.pid |
| port=55 |
| no-dhcp-interface=$INTIF |
| no-dhcp-interface=tun0 |
| no-dhcp-interface=lo |
| bind-interfaces |
| cache-size=256 |
| domain=$DOMAIN |
| 1468,18 → 1470,39 |
|---|
| expand-hosts |
| bogus-priv |
| filterwin2k |
| address=/#/$PRIVATE_IP |
| ipset=/#/whitelist_ip_allowed |
| address=/#/$PRIVATE_IP # for Domain name without local resolution (WL) |
| ipset=/#/whitelist_ip_allowed # dynamicly add the resolv IP address in the Firewall rules |
| EOF |
| # 4th dnsmasq listen on udp 56 ("blackhole") |
| cat << EOF > /etc/dnsmasq-blackhole.conf |
| # Configuration file for "dnsmasq as a blackhole" |
| conf-file=$DIR_DEST_ETC/alcasar-dns-name # local DNS resolutions |
| address=/#/$PRIVATE_IP # redirect all on ALCASAR IP address |
| pid-file=/var/run/dnsmasq-blackhole.pid |
| listen-address=$PRIVATE_IP |
| port=56 |
| no-dhcp-interface=$INTIF |
| no-dhcp-interface=tun0 |
| no-dhcp-interface=lo |
| bind-interfaces |
| cache-size=256 |
| domain=$DOMAIN |
| domain-needed |
| expand-hosts |
| bogus-priv |
| filterwin2k |
| EOF |
| |
| # Start after chilli (which create tun0) |
| $SED "s?^After=.*?After=syslog.target network.target chilli.service?g" /lib/systemd/system/dnsmasq.service |
| # Create dnsmasq-blacklist and dnsmasq-whitelist unit |
| cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-blacklist.service |
| cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-whitelist.service |
| cp -f /lib/systemd/system/dnsmasq.service /lib/systemd/system/dnsmasq-blacklist.service /lib/systemd/system/dnsmasq-whitelist.service /lib/systemd/system/dnsmasq-blackhole.service |
| $SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-blacklist.conf?g" /lib/systemd/system/dnsmasq-blacklist.service |
| $SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-whitelist.conf?g" /lib/systemd/system/dnsmasq-whitelist.service |
| $SED "s?^ExecStart=.*?ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq-blackhole.conf?g" /lib/systemd/system/dnsmasq-blackhole.service |
| $SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-blacklist.pid?g" /lib/systemd/system/dnsmasq-blacklist.service |
| $SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-whitelist.pid?g" /lib/systemd/system/dnsmasq-whitelist.service |
| $SED "s?^PIDFile=.*?PIDFile=/var/run/dnsmasq-blackhole.pid?g" /lib/systemd/system/dnsmasq-blackhole.service |
| } # End dnsmasq |
| |
| ########################################################## |
| 1792,7 → 1815,7 |
|---|
| /sbin/chkconfig --add $i |
| done |
| # processes launched at boot time (Systemctl) |
| for i in alcasar-load_balancing mysqld httpd ntpd iptables dnsmasq dnsmasq-blacklist dnsmasq-whitelist radiusd nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban |
| for i in alcasar-load_balancing mysqld httpd ntpd iptables dnsmasq dnsmasq-blacklist dnsmasq-whitelist dnsmasq-blackhole radiusd nfsen dansguardian freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban |
| do |
| systemctl -q enable $i.service |
| done |
| 1840,14 → 1863,6 |
|---|
| do |
| /bin/systemctl -q disable $svc |
| done |
| # for rm_users in games |
| # do |
| # user=`cat /etc/passwd|grep $rm_users|cut -d":" -f1` |
| # if [ "$user" == "$rm_users" ] |
| # then |
| # /usr/sbin/userdel -r $rm_users |
| # fi |
| # done |
| # Load and apply the previous conf file |
| if [ "$mode" = "update" ] |
| then |