| 18,10 → 18,10 |
|---|
| then |
| mac_filtered=`echo $mac_line|cut -d" " -f1` |
| echo "MAC filtered = $mac_filtered" |
| $IPTABLES -A FORWARD -i $INTIF -m mac --mac-source $mac_filtered -j NFLOG --nflog-group 1 --nflog-prefix "$mac_filtered -- Filt_DROP" |
| $IPTABLES -A FORWARD -i $INTIF -m mac --mac-source $mac_filtered -j NFLOG --nflog-group 1 --nflog-prefix "$mac_filtered -- Filt_DROP" |
| $IPTABLES -A FORWARD -i $INTIF -p tcp -m mac --mac-source $mac_filtered -j DROP |
| $IPTABLES -A FORWARD -i $INTIF -p udp -m mac --mac-source $mac_filtered -j DROP |
| $IPTABLES -A FORWARD -i $INTIF -m mac --mac-source $mac_filtered -j DROP |
| $IPTABLES -A FORWARD -i $INTIF -m mac --mac-source $mac_filtered -j DROP |
| fi |
| done < /usr/local/etc/alcasar-iptables-local-mac-filtered |
| fi |
| 33,8 → 33,8 |
|---|
| |
| # On autorise l'accès à un serveur MAIL (SMTP) pour l'envoie de rapports, alertes (logwatch, etc.) |
| #SMTP_IP=0.0.0.0 # renseigner l'@IP du serveur SMTP |
| #$IPTABLES -A OUTPUT -p tcp -d $SMTP_IP --dport smtp -m state --state NEW,ESTABLISHED -j ACCEPT |
| #$IPTABLES -A INPUT -p tcp -s $SMTP_IP --sport smtp -m state --state ESTABLISHED -j ACCEPT |
| #$IPTABLES -A OUTPUT -p tcp -d $SMTP_IP --dport smtp -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT |
| #$IPTABLES -A INPUT -p tcp -s $SMTP_IP --sport smtp -m conntrack --ctstate ESTABLISHED -j ACCEPT |
| |
| # On autorise du PAT (Port Adresse Translation) afin de pouvoir joindre des équipements du LAN depuis Internet |
| #m_ports=5000,5001 |
| 44,4 → 44,3 |
|---|
| #$IPTABLES -A FORWARD -o $EXTIF -p tcp -s $to_ip -m multiport --sports $m_ports -j ACCEPT |
| |
| # Fin du script des règles du parefeu |
| |
| Property changes: |
|---|
| Modified: svn:eol-style |
|---|
| -native |
|---|
| \ No newline at end of property |
|---|
| +LF |
|---|
| \ No newline at end of property |
|---|