| 62,6 → 62,8 |
|---|
| ipset save havp_set >> $TMP_users_set_save |
| ipset save havp_bl_set >> $TMP_users_set_save |
| ipset save havp_wl_set >> $TMP_users_set_save |
| ipset save user_not_connected_yet >> $TMP_users_set_save |
| ipset save ipset_users >> $TMP_users_set_save |
| fi |
| |
| # loading of NetFlow probe (ipt_NETFLOW kernel module) |
| 137,6 → 139,15 |
|---|
| ipset create havp_set hash:net hashsize 1024 |
| ipset create havp_bl_set hash:net hashsize 1024 |
| ipset create havp_wl_set hash:net hashsize 1024 |
| #utilisé pour l'interception des utilisateurs non authentifiés au réseau |
| #used for intercepting users not connected to the network |
| ipset create user_not_connected_yet hash:net hashsize 1024 |
| ipset create ipset_users_list list:set |
| ipset add ipset_users_list havp_set |
| ipset add ipset_users_list havp_wl_set |
| ipset add ipset_users_list havp_bl_set |
| ipset add ipset_users_list no_filtering_set |
| ipset add ipset_users_list user_not_connected_yet |
| fi |
| |
| ############################# |
| 201,6 → 212,11 |
|---|
| # Redirect NTP request in local NTP server |
| $IPTABLES -A PREROUTING -t nat -i $TUNIF -s $PRIVATE_NETWORK_MASK ! -d $PRIVATE_IP -p udp --dport ntp -j REDIRECT --to-port 123 |
| |
| # Redirection des requetes DNS des utilisateurs non connectés dans le DNS-Blackhole |
| # Redirect users not connected DNS requests in DNS-Blackhole |
| $IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set ipset_users_list src -d $PRIVATE_IP -p tcp --dport domain -j REDIRECT --to-port 56 |
| $IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set ipset_users_list src -d $PRIVATE_IP -p udp --dport domain -j REDIRECT --to-port 56 |
| |
| ############################# |
| # INPUT # |
| ############################# |