36,8 → 36,7 |
PROTOCOLS_FILTERING=`grep ^PROTOCOLS_FILTERING= $CONF_FILE|cut -d"=" -f2` # Network protocols filter (on/off) |
PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:=off} |
BL_IP_CAT="/usr/local/share/iptables-bl-enabled" # categories files of the BlackListed IP |
BL_IP_OSSI="/usr/local/share/iptables-bl/ossi" # ossi categoty |
DIR_WL_IP_ENABLED="/usr/local/share/iptables-wl-enabled/" # ip files repository of the WL (feature : imported wl file from ACC) |
WL_IP_CAT="/usr/local/share/iptables-wl-enabled" # categories files of the WhiteListed IP |
TMP_users_set_save="/tmp/users_set_save" # tmp file for backup users set |
TMP_set_save="/tmp/ipset_save" # tmp file for blacklist and whitelist creation |
SSH=`grep ^SSH= $CONF_FILE|cut -d"=" -f2` # sshd active (on/off) |
103,7 → 102,7 |
|
###### BL set ########### |
# Calcul de la taille / Compute the length |
bl_set_length=$(($(wc -l $BL_IP_CAT/* | awk '{print $1}' | tail -n 1)+$(wc -l $BL_IP_OSSI | awk '{print $1}'))) |
bl_set_length=$(wc -l $BL_IP_CAT/* | awk '{print $1}' | tail -n 1) |
# Chargement / loading |
echo "create bl_ip_blocked hash:net family inet hashsize 1024 maxelem $bl_set_length" > $TMP_set_save |
for category in `ls -1 $BL_IP_CAT | cut -d '@' -f1` |
110,7 → 109,6 |
do |
cat $BL_IP_CAT/$category >> $TMP_set_save |
done |
cat $BL_IP_OSSI >> $TMP_set_save |
ipset -! restore < $TMP_set_save |
rm -f $TMP_set_save |
# Suppression des ip réhabilitées / Removing of rehabilitated ip |
120,15 → 118,14 |
done |
|
###### WL set ########### |
# Calcul de la taille / Compute the length |
#wl_set_length=$(($(wc -l $DIR_WL_IP_ENABLED/* | awk '{print $1}' | tail -n 1)*3)) |
# taille fixe, car peupler par dnsmasq / fixe length due to dnsmasq dynamic loading |
wl_set_length=65536 |
# Chargement Loading |
echo "create wl_ip_allowed hash:net family inet hashsize 1024 maxelem $wl_set_length" > $TMP_set_save |
#get ip-wl files from ACC |
for ossi in `ls -1 $DIR_WL_IP_ENABLED` |
for category in `ls -1 $WL_IP_CAT |cut -d '@' -f1` |
do |
cat $DIR_WL_IP_ENABLED/$ossi >> $TMP_set_save |
cat $WL_IP_CAT/$category >> $TMP_set_save |
done |
ipset -! restore < $TMP_set_save |
rm -f $TMP_set_save |