Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 858 → Rev 859

/scripts/sbin/alcasar-nf.sh
2,7 → 2,7
# $Id$
 
# alcasar-nf.sh
# by Richard REY
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
 
# active ou desactive le filtrage de protocoles réseau
9,16 → 9,14
# enable or disable the network protocols filter
 
SED="/bin/sed -i"
FIC_SERVICES="/usr/local/etc/alcasar-services"
FIC_EXCEPTIONS="/usr/local/etc/alcasar-filter-exceptions"
FIC_CONF="/usr/local/etc/alcasar.conf"
 
usage="Usage: alcasar-nf.sh {--on | -on} | {--off | -off} | {--lan_ext_filter_on | -lan_ext_filter_on} | {--lan_ext_filter_off | -lan_ext_filter_off}"
usage="Usage: alcasar-nf.sh {--on | -on} | {--off | -off}"
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
then
/usr/local/bin/alcasar-iptables.sh
echo $usage
exit 1
fi
case $args in
27,16 → 25,6
exit 0
;;
-on|-on) # enable protocols filter
# sort service file
$SED "/^$/d" $FIC_SERVICES # delete empty lines
sort -k2n $FIC_SERVICES > /tmp/alcasar-services-sort
mv -f /tmp/alcasar-services-sort $FIC_SERVICES
chown root:apache $FIC_SERVICES
chmod 660 $FIC_SERVICES
# vérify exception file
[ -e $FIC_EXCEPTIONS ] || touch $FIC_EXCEPTIONS
chown root:apache $FIC_EXCEPTIONS
chmod 664 $FIC_EXCEPTIONS
$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=on?g" $FIC_CONF
/usr/local/bin/alcasar-iptables.sh
;;
44,14 → 32,6
$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=off?g" $FIC_CONF
/usr/local/bin/alcasar-iptables.sh
;;
--lan_ext_filter_on|-lan_ext_filter_on) # allow external LAN access (LAN located between ALCASAR and the Internet gateway)
$SED "s?^EXT_LAN_FILTERING.*?EXT_LAN_FILTERING=on?g" $FIC_CONF
/usr/local/bin/alcasar-iptables.sh
;;
--lan_ext_filter_off|-lan_ext_filter_off) # allow external LAN access (LAN located between ALCASAR and the Internet gateway)
$SED "s?^EXT_LAN_FILTERING.*?EXT_LAN_FILTERING=off?g" $FIC_CONF
/usr/local/bin/alcasar-iptables.sh
;;
*)
echo "Argument inconnu :$1";
echo "$usage"