Subversion Repositories ALCASAR

Rev

Rev 783 | Rev 786 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 783 Rev 784
Line 1... Line 1...
1 
#!/bin/sh
 1 
#!/bin/sh
2 
# $Id: alcasar-iptables.sh 783 2011-12-17 14:24:08Z richard $
 2 
# $Id: alcasar-iptables.sh 784 2011-12-18 14:33:56Z richard $
3 
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
 3 
# Script de mise en place des regles du parefeu d'Alcasar (mode normal)
4 
# This script write the netfilter rules for ALCASAR
 4 
# This script write the netfilter rules for ALCASAR
5 
# Rexy - 3abtux - CPN
 5 
# Rexy - 3abtux - CPN
6 
#
 6 
#
7 
# Reminders
 7 
# Reminders
Line 277... Line 277...
277 
 
 277 
 
278 
# On autorise les requêtes HTTP sortantes
 278 
# On autorise les requêtes HTTP sortantes
279 
# HTTP requests are allowed
 279 
# HTTP requests are allowed
280 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT
 280 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT
281 
 
 281 
 
- 
 
 282 
# On autorise les requêtes FTP
- 
 
 283 
# FTP requests are allowed
- 
 
 284 
modprobe ip_conntrack_ftp
- 
 
 285 
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ftp -j ACCEPT
- 
 
 286 
$IPTABLES -A OUTPUT -o $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
- 
 
 287 
 
282 
# On autorise les requêtes NTP
288 
# On autorise les requêtes NTP
283 
# NTP requests are allowed
 289 
# NTP requests are allowed
284 
$IPTABLES -A OUTPUT -o $EXTIF -p udp --dport ntp -j ACCEPT
 290 
$IPTABLES -A OUTPUT -o $EXTIF -p udp --dport ntp -j ACCEPT
285 
 
 291 
 
286 
# On autorise les requêtes ICMP (ping)
292 
# On autorise les requêtes ICMP (ping)