Subversion Repositories ALCASAR

Rev

Rev 2454 | Rev 3043 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2454 Rev 2474
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
# $Id: alcasar-iptables-bypass.sh 2454 2017-12-09 18:59:31Z tom.houdayer $
2
# $Id: alcasar-iptables-bypass.sh 2474 2017-12-30 02:00:04Z tom.houdayer $
3
 
3
 
4
# alcasar-iptables-bypass.sh
4
# alcasar-iptables-bypass.sh
5
# by Rexy - 3abtux
5
# by Rexy - 3abtux
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
 
7
 
8
# applique les regles du parefeu en mode ByPass
8
# applique les regles du parefeu en mode ByPass
9
# put the firewall rules in 'ByPass' mode
9
# put the firewall rules in 'ByPass' mode
10
 
10
 
11
CONF_FILE="/usr/local/etc/alcasar.conf"
11
CONF_FILE="/usr/local/etc/alcasar.conf"
12
private_ip_mask=`grep PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
12
private_ip_mask=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
13
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
13
private_ip_mask=${private_ip_mask:=192.168.182.1/24}
14
private_network=`/bin/ipcalc -n $private_ip_mask|cut -d"=" -f2`		# LAN IP address (ie.: 192.168.182.0)
14
private_network=`/bin/ipcalc -n $private_ip_mask|cut -d"=" -f2`		# LAN IP address (ie.: 192.168.182.0)
15
private_prefix=`/bin/ipcalc -p $private_ip_mask|cut -d"=" -f2`		# LAN prefix (ie. 24)
15
private_prefix=`/bin/ipcalc -p $private_ip_mask|cut -d"=" -f2`		# LAN prefix (ie. 24)
16
IPTABLES="/sbin/iptables"
16
IPTABLES="/sbin/iptables"
17
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2`				# EXTernal InterFace
17
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2`				# EXTernal InterFace
18
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2`				# INTernal InterFace
18
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2`				# INTernal InterFace
19
PRIVATE_NETWORK_MASK=$private_network/$private_prefix			# Lan IP address + prefix (192.168.182.0/24)
19
PRIVATE_NETWORK_MASK=$private_network/$private_prefix			# Lan IP address + prefix (192.168.182.0/24)
20
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1`			# ALCASAR LAN IP address
20
PRIVATE_IP=`echo $private_ip_mask | cut -d"/" -f1`			# ALCASAR LAN IP address
21
public_ip_mask=`grep PUBLIC_IP= $CONF_FILE|cut -d"=" -f2`		# ALCASAR WAN IP address
21
public_ip_mask=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2`		# ALCASAR WAN IP address
22
PUBLIC_IP=`echo $public_ip_mask | cut -d"/" -f1`
22
PUBLIC_IP=`echo $public_ip_mask | cut -d"/" -f1`
23
SSH=`grep SSH= $CONF_FILE|cut -d"=" -f2`				# sshd active (on/off)
23
SSH=`grep ^SSH= $CONF_FILE|cut -d"=" -f2`				# sshd active (on/off)
24
SSH=${SSH:=off}
24
SSH=${SSH:=off}
25
SSH_ADMIN_FROM=`grep SSH_ADMIN_FROM= $CONF_FILE|cut -d"=" -f2`
25
SSH_ADMIN_FROM=`grep ^SSH_ADMIN_FROM= $CONF_FILE|cut -d"=" -f2`
26
SSH_ADMIN_FROM=${SSH_ADMIN_FROM:="0.0.0.0/0.0.0.0"}				# WAN IP address to reduce ssh access (all ip allowed on LAN side)
26
SSH_ADMIN_FROM=${SSH_ADMIN_FROM:="0.0.0.0/0.0.0.0"}				# WAN IP address to reduce ssh access (all ip allowed on LAN side)
27
 
27
 
28
 
28
 
29
# On vide (flush) toutes les règles existantes
29
# On vide (flush) toutes les règles existantes
30
# Flush all existing rules
30
# Flush all existing rules