BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → /scripts/alcasar-iptables.sh @ 1071

  → /scripts/alcasar-iptables.sh @ 1072

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Ignore whitespace Rev 1071 → Rev 1072

/scripts/alcasar-iptables.sh
29,6 → 29,7
PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:=off}
DNS_FILTERING=`grep DNS_FILTERING= $conf_file|cut -d"=" -f2` # DNS and URLs filter (on/off)
DNS_FILTERING=${DNS_FILTERING:=off}
BL_IP_CAT="/usr/local/share/iptables-bl-enabled" # categories files of the BlackListed IP
QOS=`grep QOS= $conf_file|cut -d"=" -f2` # QOS (on/off)
QOS=${QOS:=off}
SSH=`grep SSH= $conf_file|cut -d"=" -f2` # sshd active (on/off)
82,7 → 83,7
# $IPTABLES -A PREROUTING -t nat -i $TUNIF -p udp -d $PRIVATE_IP -m udp --dport 54 -j ULOG --ulog-prefix "RULE DNS-proxy -- DENY "
$IPTABLES -A PREROUTING -t mangle -i $TUNIF -d $PRIVATE_IP -p tcp --dport 54 -j MARK --set-mark 2
# Si le filtrage est activé, redirection des flux DNS vers le port 54 (dns+blackhole) sauf pour les IP en exceptions
# Si le filtrage DNS est activé, redirection des flux DNS vers le port 54 (dns+blackhole) sauf pour les IP en exceptions
# If DNS filter is on, redirect DNS request to udp 54 (dns+blackhole) except for exception IP addresses
if [ $DNS_FILTERING = on ]; then
# Compute exception IP
214,7 → 215,7
$IPTABLES -A FORWARD -i $TUNIF -p tcp --dport domain -j REJECT --reject-with tcp-reset
# Insertion des règles de blocage IP
# Here, we add IP block rules
# Here, we add local IP block rules
if [ -s /usr/local/etc/alcasar-ip-blocked ]; then
while read ip_line
do
230,6 → 231,23
done < /usr/local/etc/alcasar-ip-blocked
fi
# Si le filtrage de domain est activé, blocage des IP de la BL
# If DNS filter is on, reject IP of BL
# Comment : loading time is too long and iptables should become oveloaded !!!
#if [ $DNS_FILTERING = on ]; then
# cd $BL_IP_CAT
# for category in `ls -1 | cut -d"@" -f1`
# do
# while read ip_blocked
# do
# $IPTABLES -A FORWARD -i $TUNIF -d $ip_blocked -j ULOG --ulog-prefix "RULE IP-blocked -- REJECT "
# $IPTABLES -A FORWARD -i $TUNIF -d $ip_blocked -p udp -j REJECT --reject-with icmp-port-unreachable
# $IPTABLES -A FORWARD -i $TUNIF -d $ip_blocked -p icmp -j REJECT --reject-with icmp-port-unreachable
# $IPTABLES -A FORWARD -i $TUNIF -d $ip_blocked -p tcp -j REJECT --reject-with tcp-reset
# done < $BL_IP_CAT/$category
# done
#fi
# Autorisation des retours de connexions légitimes
# Allow conntrack
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT