456,12 → 456,14 |
$SED "s?^EXTIF=.*?EXTIF=\"$EXTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh |
$SED "s?^INTIF=.*?INTIF=\"$INTIF\"?g" $DIR_DEST_BIN/alcasar-iptables.sh $DIR_DEST_BIN/alcasar-iptables-bypass.sh |
chmod o+r $DIR_DEST_BIN/alcasar-iptables.sh #lecture possible pour apache (interface php du filtrage réseau) |
# create the filter exxeption file |
# create the filter exception file and ip_bloqued file |
touch $DIR_DEST_ETC/alcasar-filter-exceptions |
# create the ip_blocked file with a first line (LAN between ALCASAR and the Internet GW) |
echo "#$PUBLIC_IP/$PUBLIC_PREFIX LAN-ALCASAR-BOX" > $DIR_DEST_ETC/alcasar-ip-blocked |
# load conntrack ftp module |
[ -e /etc/modprobe.preload.default ] || cp /etc/modprobe.preload /etc/modprobe.preload.default |
echo "ip_conntrack_ftp" >> /etc/modprobe.preload |
# le script $DIR_DEST_BIN/alcasar-iptables.sh est lancé à la fin (pour ne pas perturber une mise à jour via ssh) |
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh |
} # End of network () |
|
################################################################## |
1401,7 → 1403,7 |
# sshd écoute côté LAN et WAN |
$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config |
$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config |
# Put the default value in conf file (sshd, QOS and protocols/dns/ext_LAN filtering are off)(web antivirus is on) |
# Put the default value in conf file (sshd, QOS and protocols/dns/ are off)(web antivirus is on) |
/sbin/chkconfig --del sshd |
echo "SSH=off" >> $CONF_FILE |
echo 'Admin_from_IP="0.0.0.0/0.0.0.0"' >> $CONF_FILE |
1409,7 → 1411,6 |
echo "LDAP=off" >> $CONF_FILE |
echo "LDAP_IP=0.0.0.0/0.0.0.0" >> $CONF_FILE |
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE |
echo "EXT_LAN_FILTERING=off" >> $CONF_FILE |
echo "DNS_FILTERING=off" >> $CONF_FILE |
echo "WEB_ANTIVIRUS=on" >> $CONF_FILE |
# Coloration des prompts |