Subversion Repositories ALCASAR

Rev

Rev 2678 | Rev 2769 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2678 Rev 2688
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
 
2
 
3
# $Id: alcasar-bl.sh 2678 2018-12-16 20:57:08Z lucas.echard $
3
# $Id: alcasar-bl.sh 2688 2019-01-18 23:15:49Z lucas.echard $
4
 
4
 
5
# alcasar-bl.sh
5
# alcasar-bl.sh
6
# by Franck BOUIJOUX and Richard REY
6
# by Franck BOUIJOUX and Richard REY
7
# This script is distributed under the Gnu General Public License (GPL)
7
# This script is distributed under the Gnu General Public License (GPL)
8
 
8
 
9
# Gestion de la BL pour le filtrage de domaine (via dnsmasq) et d'URL (via E2guardian)
9
# Gestion de la BL pour le filtrage de domaine (via unbound) et d'URL (via E2guardian)
10
# Manage the BL for DnsBlackHole (dnsmasq) and URL filtering (E2guardian)
10
# Manage the BL for DnsBlackHole (unbound) and URL filtering (E2guardian)
11
 
11
 
12
DIR_CONF="/usr/local/etc"
12
DIR_CONF="/usr/local/etc"
13
CONF_FILE="$DIR_CONF/alcasar.conf"
13
CONF_FILE="$DIR_CONF/alcasar.conf"
14
private_ip_mask=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
14
private_ip_mask=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
15
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
15
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
16
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1`			# ALCASAR LAN IP address
-
 
17
DIR_tmp="/tmp/blacklists"
16
DIR_tmp="/tmp/blacklists"
18
DIR_WL_tmp="/tmp/whitelists"
-
 
19
FILE_tmp="/tmp/filesfilter.txt"
17
FILE_tmp="/tmp/filesfilter.txt"
20
FILE_ip_tmp="/tmp/filesipfilter.txt"
18
FILE_ip_tmp="/tmp/filesipfilter.txt"
21
DIR_DG="/etc/e2guardian/lists"
19
DIR_DG="/etc/e2guardian/lists"
22
DIR_DG_BL="$DIR_DG/blacklists"
20
DIR_DG_BL="$DIR_DG/blacklists"
23
GLOBAL_USAGE="$DIR_CONF/alcasar-global-usage"				# file containing the description of the lists
21
GLOBAL_USAGE="$DIR_CONF/alcasar-global-usage"				# file containing the description of the lists
24
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories"				# list of names of the 	BL categories
22
BL_CATEGORIES="$DIR_CONF/alcasar-bl-categories"				# list of names of the 	BL categories
25
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories"				#	'	'	WL categories
23
WL_CATEGORIES="$DIR_CONF/alcasar-wl-categories"				#	'	'	WL categories
26
BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled"		#	'	'	BL enabled categories
24
BL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-bl-categories-enabled"		#	'	'	BL enabled categories
27
WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled"		#	'	'	WL enabled categories
25
WL_CATEGORIES_ENABLED="$DIR_CONF/alcasar-wl-categories-enabled"		#	'	'	WL enabled categories
28
DIR_SHARE="/usr/local/share"
26
DIR_SHARE="/usr/local/share"
29
DIR_DNS_BL="$DIR_SHARE/dnsmasq-bl"					# all the BL in the DNSMASQ format
27
DIR_DNS_BL="$DIR_SHARE/unbound-bl"					# all the BL in the Unbound format
30
DIR_DNS_WL="$DIR_SHARE/dnsmasq-wl"					# all the WL	'	'	'
28
DIR_DNS_WL="$DIR_SHARE/unbound-wl"					# all the WL	'	'	'
31
DIR_IP_BL="$DIR_SHARE/iptables-bl"					# all the IP addresses of the BL
29
DIR_IP_BL="$DIR_SHARE/iptables-bl"					# all the IP addresses of the BL
32
DIR_IP_WL="$DIR_SHARE/iptables-wl"					# IP ossi disabled WL
30
DIR_IP_WL="$DIR_SHARE/iptables-wl"					# IP ossi disabled WL
33
DIR_DNS_BL_ENABLED="$DIR_SHARE/dnsmasq-bl-enabled"			# symbolic link to the domains BL (only enabled categories)
31
DIR_DNS_BL_ENABLED="$DIR_SHARE/unbound-bl-enabled"			# symbolic link to the domains BL (only enabled categories)
34
DIR_DNS_WL_ENABLED="$DIR_SHARE/dnsmasq-wl-enabled"			#	'	'	'	WL	'	'
32
DIR_DNS_WL_ENABLED="$DIR_SHARE/unbound-wl-enabled"			#	'	'	'	WL	'	'
35
DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled"			#	'	'	ip BL (only enabled categories)
33
DIR_IP_BL_ENABLED="$DIR_SHARE/iptables-bl-enabled"			#	'	'	ip BL (only enabled categories)
36
DIR_IP_WL_ENABLED="$DIR_SHARE/iptables-wl-enabled"			#	'	'	ip WL (ossi and ossi-* imported from ACC)
34
DIR_IP_WL_ENABLED="$DIR_SHARE/iptables-wl-enabled"			#	'	'	ip WL (ossi and ossi-* imported from ACC)
37
DNS1=`grep ^DNS1= $CONF_FILE | cut -d'=' -f2-` 			# server DNS1 (for WL domain names)
35
REHABILITATED_DNS_FILE="/etc/unbound/conf.d/blacklist/rehabilitated.conf"
38
BL_SERVER="dsi.ut-capitole.fr"
36
BL_SERVER="dsi.ut-capitole.fr"
39
SED="/bin/sed -i"
37
SED="/bin/sed -i"
40
 
38
 
41
# enable/disable the BL & WL categories
39
# enable/disable the BL & WL categories
42
function cat_choice (){
40
function cat_choice (){
Line 45... Line 43...
45
	do
43
	do
46
		if [ ! -e $LIST ] #  only on install stage
44
		if [ ! -e $LIST ] #  only on install stage
47
		then
45
		then
48
			mkdir $LIST
46
			mkdir $LIST
49
		else
47
		else
50
			rm -rf $LIST/*
48
			rm -rf ${LIST:?}/*
51
		fi
49
		fi
52
		chown root:apache $LIST
50
		chown root:apache $LIST
53
		chmod 770 $LIST
51
		chmod 770 $LIST
54
	done
52
	done
55
	# update categories with rsync
53
	# update categories with rsync
Line 67... Line 65...
67
	do
65
	do
68
		$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES
66
		$SED "/\/$ENABLE_CATEGORIE$/d" $BL_CATEGORIES
69
		$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES
67
		$SED "1i\/etc\/e2guardian\/lists\/blacklists\/$ENABLE_CATEGORIE" $BL_CATEGORIES
70
		ln -sf $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE
68
		ln -sf $DIR_DNS_BL/$ENABLE_CATEGORIE.conf $DIR_DNS_BL_ENABLED/$ENABLE_CATEGORIE
71
		ln -sf $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE
69
		ln -sf $DIR_IP_BL/$ENABLE_CATEGORIE $DIR_IP_BL_ENABLED/$ENABLE_CATEGORIE
72
		# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist  # Blacklisted domains are managed by dnsmasq
70
		# echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/domains>" >> $DIR_DG/bannedsitelist  # Blacklisted domains are managed by unbound
73
		echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist
71
		echo ".Include<$DIR_DG_BL/$ENABLE_CATEGORIE/urls>" >> $DIR_DG/bannedurllist
74
	done
72
	done
75
	sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp
73
	sort +0.0 -0.2 $BL_CATEGORIES -o $FILE_tmp
76
	mv $FILE_tmp $BL_CATEGORIES
74
	mv $FILE_tmp $BL_CATEGORIES
77
	sort +0.0 -0.2 $BL_CATEGORIES_ENABLED -o $FILE_tmp
75
	sort +0.0 -0.2 $BL_CATEGORIES_ENABLED -o $FILE_tmp
Line 99... Line 97...
99
	$SED '/^#.*/d' $FILE_tmp # remove commented lines
97
	$SED '/^#.*/d' $FILE_tmp # remove commented lines
100
	$SED '/^\s*$/d' $FILE_tmp # remove empty lines
98
	$SED '/^\s*$/d' $FILE_tmp # remove empty lines
101
	$SED '/[äâëêïîöôüû@,]/d' $FILE_tmp # remove line with "chelou" characters
99
	$SED '/[äâëêïîöôüû@,]/d' $FILE_tmp # remove line with "chelou" characters
102
	# extract ip addresses for iptables.
100
	# extract ip addresses for iptables.
103
	awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $FILE_tmp > $FILE_ip_tmp
101
	awk '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/{print "add bl_ip_blocked " $0}' $FILE_tmp > $FILE_ip_tmp
104
	# extract domain names for dnsmasq.
102
	# extract domain names for unbound.
105
	$SED -n '/^\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}/!p' $FILE_tmp
103
	$SED -n '/^\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}/!p' $FILE_tmp
106
	# Retrieve max Top Level Domain for domain name synthax
104
	# Retrieve max Top Level Domain for domain name synthax
107
	#MAX_TLD=$(curl http://data.iana.org/TLD/tlds-alpha-by-domain.txt | grep -v '-' | grep -v '#' | wc -L)
105
	#MAX_TLD=$(curl http://data.iana.org/TLD/tlds-alpha-by-domain.txt | grep -v '-' | grep -v '#' | wc -L)
108
	#if [ $(echo $MAX_TLD | wc -c) -eq 0 ];then
106
	#if [ $(echo $MAX_TLD | wc -c) -eq 0 ];then
109
	#	MAX_TLD=18
107
	#	MAX_TLD=18
Line 140... Line 138...
140
		;;
138
		;;
141
	# enable/disable categories (used only during the alcasar install process)
139
	# enable/disable categories (used only during the alcasar install process)
142
	-cat_choice | --cat_choice)
140
	-cat_choice | --cat_choice)
143
		cat_choice
141
		cat_choice
144
		;;
142
		;;
145
	# Adapt Toulouse University BL to ALCASAR architecture (dnsmasq + DG + iptables)
143
	# Adapt Toulouse University BL to ALCASAR architecture (unbound + DG + iptables)
146
	-adapt | --adapt)
144
	-adapt | --adapt)
147
		echo -n "Adaptation process of Toulouse University blackList. Please wait : "
145
		echo -n "Adaptation process of Toulouse University blackList. Please wait : "
148
		if [ -f $DIR_tmp/blacklists.tar.gz ] # when downloading the last version of the BL
146
		if [ -f $DIR_tmp/blacklists.tar.gz ] # when downloading the last version of the BL
149
		then
147
		then
150
			# keep custom files (ossi)
148
			# keep custom files (ossi)
Line 229... Line 227...
229
			if [ $ok != "1" ]
227
			if [ $ok != "1" ]
230
			then
228
			then
231
				$SED "/^$ENABLE_CATEGORIE$/d" $WL_CATEGORIES_ENABLED
229
				$SED "/^$ENABLE_CATEGORIE$/d" $WL_CATEGORIES_ENABLED
232
			fi
230
			fi
233
		done
231
		done
-
 
232
 
234
		# Creation of DNSMASQ and Iptables BL and WL
233
		# Creation of Unbound and Iptables BL and WL
235
		for LIST in $BL_CATEGORIES $WL_CATEGORIES	# for each list (bl and wl)
234
		for LIST in $BL_CATEGORIES $WL_CATEGORIES	# for each list (bl and wl)
236
		do
235
		do
237
			for PATH_FILE in `cat $LIST` # for each category
236
			for PATH_FILE in `cat $LIST` # for each category
238
			do
237
			do
239
				DOMAIN=`basename $PATH_FILE`
238
				DOMAIN=`basename $PATH_FILE`
Line 242... Line 241...
242
				then
241
				then
243
					touch $PATH_FILE/urls
242
					touch $PATH_FILE/urls
244
					chown e2guardian:apache $PATH_FILE/urls
243
					chown e2guardian:apache $PATH_FILE/urls
245
				fi
244
				fi
246
				cp $PATH_FILE/domains $FILE_tmp
245
				cp $PATH_FILE/domains $FILE_tmp
247
				clean_split # clean ossi custom files & split them for dnsmasq and for iptables
246
				clean_split # clean ossi custom files & split them for unbound and for iptables
248
				if [ "$LIST" == "$BL_CATEGORIES" ]
247
				if [ "$LIST" == "$BL_CATEGORIES" ]
249
				then
248
				then
250
					# adapt to the dnsmasq syntax for the blacklist
249
					# adapt to the unbound syntax for the blacklist
251
					$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
250
					$SED "s?.*?local-zone: & typetransparent\nlocal-zone-tag: & blacklist?g" $FILE_tmp
252
					mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf
251
					mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf
253
					mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN
252
					mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN
254
				else
253
				else
255
					# adapt to the dnsmasq syntax for the whitelist
254
					# adapt to the unbound syntax for the whitelist
256
					$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
255
					$SED "s?.*?local-zone: & transparent?g" $FILE_tmp
257
					mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf
256
					mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf
258
				fi
257
				fi
259
			done
258
			done
260
		done
259
		done
261
		echo
260
		echo
Line 274... Line 273...
274
			do
273
			do
275
				CATEGORIE=$(echo $LIGNE_RSYNC | cut -d' ' -f1)
274
				CATEGORIE=$(echo $LIGNE_RSYNC | cut -d' ' -f1)
276
				URL=$(echo $LIGNE_RSYNC | cut -d' ' -f2)
275
				URL=$(echo $LIGNE_RSYNC | cut -d' ' -f2)
277
				PATH_FILE=$(find $DIR_DG_BL/ -type d -name $CATEGORIE) # retrieve directory name of the category
276
				PATH_FILE=$(find $DIR_DG_BL/ -type d -name $CATEGORIE) # retrieve directory name of the category
278
				rsync -rv $URL $(dirname $PATH_FILE ) #rsync inside of the blacklist directory
277
				rsync -rv $URL $(dirname $PATH_FILE ) #rsync inside of the blacklist directory
279
				# Creation of DNSMASQ and Iptables BL and WL
278
				# Creation of unbound and Iptables BL and WL
280
				DOMAIN=$(basename $PATH_FILE)
279
				DOMAIN=$(basename $PATH_FILE)
281
				cp $PATH_FILE/domains $FILE_tmp
280
				cp $PATH_FILE/domains $FILE_tmp
282
				clean_split  # clean ossi custom files & split them for dnsmasq and for iptables
281
				clean_split  # clean ossi custom files & split them for unbound and for iptables
283
				black=`grep black $PATH_FILE/usage |wc -l`
282
				black=`grep black $PATH_FILE/usage |wc -l`
284
				if [ $black == "1" ]
283
				if [ $black == "1" ]
285
				then
284
				then
286
					# adapt to the dnsmasq syntax for the blacklist
285
					# adapt to the unbound syntax for the blacklist
287
					$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
286
					$SED "s?.*?local-zone: & typetransparent\nlocal-zone-tag: & blacklist?g" $FILE_tmp
288
					mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf
287
					mv $FILE_tmp $DIR_DNS_BL/$DOMAIN.conf
289
					mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN
288
					mv $FILE_ip_tmp $DIR_IP_BL/$DOMAIN
290
				else
289
				else
291
					# adapt to the dnsmasq syntax for the whitelist
290
					# adapt to the unbound syntax for the whitelist
292
					$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
291
					$SED "s?.*?local-zone: & transparent?g" $FILE_tmp
293
					mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf
292
					mv $FILE_tmp $DIR_DNS_WL/$DOMAIN.conf
294
					mv $FILE_ip_tmp $DIR_IP_WL/$DOMAIN
293
					mv $FILE_ip_tmp $DIR_IP_WL/$DOMAIN
295
				fi
294
				fi
296
				rm -f $FILE_tmp $FILE_ip_tmp
295
				rm -f $FILE_tmp $FILE_ip_tmp
297
			done
296
			done
-
 
297
			/usr/bin/systemctl restart unbound-whitelist
298
			/usr/bin/systemctl restart dnsmasq-whitelist
298
			/usr/bin/systemctl restart dnsmasq-whitelist
299
			/usr/bin/systemctl restart dnsmasq-blacklist
299
			/usr/bin/systemctl restart unbound-blacklist
300
			/usr/bin/systemctl restart e2guardian
300
			/usr/bin/systemctl restart e2guardian
301
			/usr/local/bin/alcasar-iptables.sh
301
			/usr/local/bin/alcasar-iptables.sh
302
		else
302
		else
303
			echo -n "/usr/local/etc/update_cat.conf is empty ..."
303
			echo -n "/usr/local/etc/update_cat.conf is empty ..."
304
		fi
304
		fi
Line 306... Line 306...
306
		;;
306
		;;
307
	# reload when selected categories are changed or when ossi change his custom files
307
	# reload when selected categories are changed or when ossi change his custom files
308
	-reload | --reload)
308
	-reload | --reload)
309
		# for DG
309
		# for DG
310
		cat_choice
310
		cat_choice
311
		#  for dnsmasq (rehabited domain names)
311
		#  for unbound (rehabilitated domain names)
-
 
312
		rm -f $REHABILITATED_DNS_FILE
312
		if [ `wc -w $DIR_DG/exceptionsitelist|cut -d " " -f1` != "0" ]
313
		if [ "$(wc -w $DIR_DG/exceptionsitelist | cut -d " " -f1)" != "0" ]
313
		then
314
		then
314
			rm -f $DIR_DNS_BL_ENABLED/authorized-ossi-bl $DIR_DNS_BL/authorized-ossi-bl.conf
315
			touch $REHABILITATED_DNS_FILE
315
			touch $DIR_DNS_BL/authorized-ossi-bl.conf
316
			while read -r domain; do
316
			for i in `cat $DIR_DG/exceptionsitelist`
317
				[ -z "$domain" ] && continue
317
			do
-
 
318
				$SED "/$i/d" $DIR_DNS_BL/*
318
				echo "local-zone: $domain typetransparent" >> $REHABILITATED_DNS_FILE
319
				echo "server=/$i/#" >> $DIR_DNS_BL/authorized-ossi-bl.conf
319
				echo "local-zone-tag: $domain \"\"" >> $REHABILITATED_DNS_FILE
320
			done
-
 
321
			ln -s $DIR_DNS_BL/authorized-ossi-bl.conf $DIR_DNS_BL_ENABLED/authorized-ossi-bl
320
			done < $DIR_DG/exceptionsitelist
322
		fi
321
		fi
323
		# adapt OSSI BL & WL custom files
322
		# adapt OSSI BL & WL custom files
324
		for dir in $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENABLED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
323
		for dir in $DIR_DNS_BL_ENABLED $DIR_DNS_WL_ENABLED $DIR_IP_BL_ENABLED $DIR_IP_WL_ENABLED $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
325
		do
324
		do
326
			rm -f $dir/ossi*
325
			rm -f $dir/ossi*
Line 339... Line 338...
339
			else
338
			else
340
				categorie_type="white"
339
				categorie_type="white"
341
			fi
340
			fi
342
			$SED "s/\r//" $ossi_custom_dir/domains $ossi_custom_dir/urls # remove Windows <CR> from custom file
341
			$SED "s/\r//" $ossi_custom_dir/domains $ossi_custom_dir/urls # remove Windows <CR> from custom file
343
			cp $ossi_custom_dir/domains $FILE_tmp
342
			cp $ossi_custom_dir/domains $FILE_tmp
344
			clean_split # clean ossi custom files & split them for dnsmasq and for iptables
343
			clean_split # clean ossi custom files & split them for unbound and for iptables
345
			if [ $categorie_type == "white" ]
344
			if [ $categorie_type == "white" ]
346
			then
345
			then
347
			# adapt the file to the dnsmasq syntax and enable it if needed
346
			# adapt the file to the unbound syntax and enable it if needed
348
			# for the WL
347
			# for the WL
349
				$SED "s?.*?server=/&/$DNS1?g" $FILE_tmp
348
				$SED "s?.*?local-zone: & transparent?g" $FILE_tmp
350
				mv $FILE_tmp $DIR_DNS_WL/$ossi_categorie.conf
349
				mv $FILE_tmp $DIR_DNS_WL/$ossi_categorie.conf
351
				mv $FILE_ip_tmp $DIR_IP_WL/$ossi_categorie
350
				mv $FILE_ip_tmp $DIR_IP_WL/$ossi_categorie
352
				enabled=`grep ^$ossi_categorie$ $WL_CATEGORIES_ENABLED | wc -l`
351
				enabled=`grep ^$ossi_categorie$ $WL_CATEGORIES_ENABLED | wc -l`
353
				if [ $enabled == "1" ]
352
				if [ $enabled == "1" ]
354
				then
353
				then
Line 357... Line 356...
357
					ln -sf $DIR_DNS_WL/$ossi_categorie.conf $DIR_DNS_WL_ENABLED/$ossi_categorie
356
					ln -sf $DIR_DNS_WL/$ossi_categorie.conf $DIR_DNS_WL_ENABLED/$ossi_categorie
358
					ln -sf $DIR_IP_WL/$ossi_categorie $DIR_IP_WL_ENABLED/$ossi_categorie
357
					ln -sf $DIR_IP_WL/$ossi_categorie $DIR_IP_WL_ENABLED/$ossi_categorie
359
				fi
358
				fi
360
			else
359
			else
361
			# for the BL
360
			# for the BL
362
				$SED "s?.*?address=/&/$PRIVATE_IP?g" $FILE_tmp
361
				$SED "s?.*?local-zone: & typetransparent\nlocal-zone-tag: & blacklist?g" $FILE_tmp
363
				mv $FILE_tmp $DIR_DNS_BL/$ossi_categorie.conf
362
				mv $FILE_tmp $DIR_DNS_BL/$ossi_categorie.conf
364
				mv $FILE_ip_tmp $DIR_IP_BL/$ossi_categorie
363
				mv $FILE_ip_tmp $DIR_IP_BL/$ossi_categorie
365
				enabled=`grep ^$ossi_categorie$ $BL_CATEGORIES_ENABLED | wc -l`
364
				enabled=`grep ^$ossi_categorie$ $BL_CATEGORIES_ENABLED | wc -l`
366
				if [ $enabled == "1" ]
365
				if [ $enabled == "1" ]
367
				then
366
				then
Line 381... Line 380...
381
		done
380
		done
382
		chown -R root:apache $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
381
		chown -R root:apache $DIR_DNS_BL $DIR_DNS_WL $DIR_IP_BL $DIR_IP_WL
383
		chmod 660 $DIR_DNS_BL/* $DIR_DNS_WL/* $DIR_IP_BL/* $DIR_IP_WL/*
382
		chmod 660 $DIR_DNS_BL/* $DIR_DNS_WL/* $DIR_IP_BL/* $DIR_IP_WL/*
384
		if [ "$PARENT_SCRIPT" != "alcasar-conf.sh" ] # don't launch on install stage
383
		if [ "$PARENT_SCRIPT" != "alcasar-conf.sh" ] # don't launch on install stage
385
		then
384
		then
386
			/usr/bin/systemctl restart dnsmasq-blacklist
385
			/usr/bin/systemctl restart unbound-blacklist
-
 
386
			/usr/bin/systemctl restart unbound-whitelist
387
			/usr/bin/systemctl restart dnsmasq-whitelist
387
			/usr/bin/systemctl restart dnsmasq-whitelist
388
			/usr/bin/systemctl restart e2guardian
388
			/usr/bin/systemctl restart e2guardian
389
			/usr/local/bin/alcasar-iptables.sh
389
			/usr/local/bin/alcasar-iptables.sh
390
		fi
390
		fi
391
		;;
391
		;;