BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → /scripts/alcasar-iptables.sh @ 2223

  → /scripts/alcasar-iptables.sh @ 2224

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Ignore whitespace Rev 2223 → Rev 2224

/scripts/alcasar-iptables.sh
58,6 → 58,8
ipset save havp >> $TMP_users_set_save
ipset save havp_bl >> $TMP_users_set_save
ipset save havp_wl >> $TMP_users_set_save
ipset save not_auth_yet >> $TMP_users_set_save
ipset save users_list >> $TMP_users_set_save
ipset save proto_0 >> $TMP_users_set_save
ipset save proto_1 >> $TMP_users_set_save
ipset save proto_2 >> $TMP_users_set_save
141,6 → 143,15
ipset create havp hash:net hashsize 1024
ipset create havp_bl hash:net hashsize 1024
ipset create havp_wl hash:net hashsize 1024
#utilisé pour l'interception des utilisateurs non authentifiés au réseau
#used for intercepting users not connected to the network
ipset create not_auth_yet hash:net hashsize 1024
ipset create users_list list:set
ipset add users_list havp
ipset add users_list havp_wl
ipset add users_list havp_bl
ipset add users_list not_filtered
ipset add users_list not_auth_yet
#pour les filtrages de protocole par utilisateur
ipset create proto_0 hash:net hashsize 1024
ipset create proto_1 hash:net hashsize 1024
152,6 → 163,11
# PREROUTING #
#############################
# Redirection des requetes DNS des utilisateurs non connectés dans le DNS-Blackhole
# Redirect users not connected DNS requests in DNS-Blackhole
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set users_list src -d $PRIVATE_IP -p tcp --dport domain -j REDIRECT --to-port 56
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set ! --match-set users_list src -d $PRIVATE_IP -p udp --dport domain -j REDIRECT --to-port 56
# Marquage des paquets qui tentent d'accéder directement à un serveur sans authentification en mode proxy pour pouvoir les rejeter en INPUT
# Mark packets that attempt to directly access a server without authentication with proxy client to reject them in INPUT rules
#$IPTABLES -A PREROUTING -t mangle -i $TUNIF -s $PRIVATE_NETWORK_MASK -p tcp -m tcp --dport 80 -m string --string 'GET http' --algo bm --from 50 --to 70 -j MARK --set-mark 10