Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1931 → Rev 1932

/scripts/alcasar-iptables.sh
36,8 → 36,7
PROTOCOLS_FILTERING=`grep ^PROTOCOLS_FILTERING= $CONF_FILE|cut -d"=" -f2` # Network protocols filter (on/off)
PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:=off}
BL_IP_CAT="/usr/local/share/iptables-bl-enabled" # categories files of the BlackListed IP
BL_IP_OSSI="/usr/local/share/iptables-bl/ossi" # ossi categoty
DIR_WL_IP_ENABLED="/usr/local/share/iptables-wl-enabled/" # ip files repository of the WL (feature : imported wl file from ACC)
WL_IP_CAT="/usr/local/share/iptables-wl-enabled" # categories files of the WhiteListed IP
TMP_users_set_save="/tmp/users_set_save" # tmp file for backup users set
TMP_set_save="/tmp/ipset_save" # tmp file for blacklist and whitelist creation
SSH=`grep ^SSH= $CONF_FILE|cut -d"=" -f2` # sshd active (on/off)
103,7 → 102,7
 
###### BL set ###########
# Calcul de la taille / Compute the length
bl_set_length=$(($(wc -l $BL_IP_CAT/* | awk '{print $1}' | tail -n 1)+$(wc -l $BL_IP_OSSI | awk '{print $1}')))
bl_set_length=$(wc -l $BL_IP_CAT/* | awk '{print $1}' | tail -n 1)
# Chargement / loading
echo "create bl_ip_blocked hash:net family inet hashsize 1024 maxelem $bl_set_length" > $TMP_set_save
for category in `ls -1 $BL_IP_CAT | cut -d '@' -f1`
110,7 → 109,6
do
cat $BL_IP_CAT/$category >> $TMP_set_save
done
cat $BL_IP_OSSI >> $TMP_set_save
ipset -! restore < $TMP_set_save
rm -f $TMP_set_save
# Suppression des ip réhabilitées / Removing of rehabilitated ip
120,15 → 118,14
done
 
###### WL set ###########
# Calcul de la taille / Compute the length
#wl_set_length=$(($(wc -l $DIR_WL_IP_ENABLED/* | awk '{print $1}' | tail -n 1)*3))
# taille fixe, car peupler par dnsmasq / fixe length due to dnsmasq dynamic loading
wl_set_length=65536
# Chargement Loading
echo "create wl_ip_allowed hash:net family inet hashsize 1024 maxelem $wl_set_length" > $TMP_set_save
#get ip-wl files from ACC
for ossi in `ls -1 $DIR_WL_IP_ENABLED`
for category in `ls -1 $WL_IP_CAT |cut -d '@' -f1`
do
cat $DIR_WL_IP_ENABLED/$ossi >> $TMP_set_save
cat $WL_IP_CAT/$category >> $TMP_set_save
done
ipset -! restore < $TMP_set_save
rm -f $TMP_set_save