Subversion Repositories ALCASAR

Rev

Rev 2530 | Rev 2668 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2530 Rev 2642
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
# $Id: alcasar-iptables.sh 2530 2018-04-20 14:21:35Z lucas.echard $
 2 
# $Id: alcasar-iptables.sh 2642 2018-09-24 17:39:20Z rexy $
3 
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
 3 
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
4 
# This script writes the netfilter rules for ALCASAR
 4 
# This script writes the netfilter rules for ALCASAR
5 
# Rexy - 3abtux - CPN
 5 
# Rexy - 3abtux - CPN
6 
#
 6 
#
7 
# Reminders
 7 
# Reminders
Line 466... Line 466...
466 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport rsync -j ACCEPT
 466 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport rsync -j ACCEPT
467 
 
 467 
 
468 
# On autorise les requêtes FTP
 468 
# On autorise les requêtes FTP
469 
# FTP requests are allowed
 469 
# FTP requests are allowed
470 
modprobe nf_conntrack_ftp
 470 
modprobe nf_conntrack_ftp
- 
 
 471 
$IPTABLES -t raw -A OUTPUT -p tcp --dport ftp -j CT --helper ftp
471 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ftp -j ACCEPT
 472 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ftp -j ACCEPT
472 
$IPTABLES -A OUTPUT -o $EXTIF -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 473 
$IPTABLES -A OUTPUT -o $EXTIF -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
473 
 
 474 
 
474 
# On autorise les requêtes NTP
 475 
# On autorise les requêtes NTP
475 
# NTP requests are allowed
 476 
# NTP requests are allowed