Subversion Repositories ALCASAR

Rev

Rev 791 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 791 Rev 859
Line 1... Line 1...
1 
#/bin/bash
 1 
#/bin/bash
2 
# $Id: alcasar-nf.sh 791 2012-01-13 21:31:36Z richard $
 2 
# $Id: alcasar-nf.sh 859 2012-04-19 22:21:31Z richard $
3 
 
 3 
 
4 
# alcasar-nf.sh
 4 
# alcasar-nf.sh
5 
# by Richard REY
 5 
# by Rexy
6 
# This script is distributed under the Gnu General Public License (GPL)
 6 
# This script is distributed under the Gnu General Public License (GPL)
7 
 
 7 
 
8 
# active ou desactive le filtrage de protocoles réseau
 8 
# active ou desactive le filtrage de protocoles réseau
9 
# enable or disable the network protocols filter
 9 
# enable or disable the network protocols filter
10 
 
 10 
 
11 
SED="/bin/sed -i"
 11 
SED="/bin/sed -i"
12 
FIC_SERVICES="/usr/local/etc/alcasar-services"
 - 
 
13 
FIC_EXCEPTIONS="/usr/local/etc/alcasar-filter-exceptions"
 - 
 
14 
FIC_CONF="/usr/local/etc/alcasar.conf"
 12 
FIC_CONF="/usr/local/etc/alcasar.conf"
15 
 
 13 
 
16 
usage="Usage: alcasar-nf.sh {--on | -on} | {--off | -off} | {--lan_ext_filter_on | -lan_ext_filter_on} | {--lan_ext_filter_off | -lan_ext_filter_off}"
 14 
usage="Usage: alcasar-nf.sh {--on | -on} | {--off | -off}"
17 
nb_args=$#
 15 
nb_args=$#
18 
args=$1
 16 
args=$1
19 
if [ $nb_args -eq 0 ]
 17 
if [ $nb_args -eq 0 ]
20 
then
 18 
then
21 
	/usr/local/bin/alcasar-iptables.sh
 19 
	echo $usage
22 
	exit 1
 20 
	exit 1
23 
fi
 21 
fi
24 
case $args in
 22 
case $args in
25 
	-\? | -h* | --h*)
 23 
	-\? | -h* | --h*)
26 
		echo "$usage"
 24 
		echo "$usage"
27 
		exit 0
 25 
		exit 0
28 
		;;
 26 
		;;
29 
	-on|-on) # enable protocols filter
 27 
	-on|-on) # enable protocols filter
30 
		# sort service file
 - 
 
31 
		$SED "/^$/d" $FIC_SERVICES # delete empty lines
 - 
 
32 
		sort -k2n $FIC_SERVICES > /tmp/alcasar-services-sort
 - 
 
33 
		mv -f /tmp/alcasar-services-sort $FIC_SERVICES
 - 
 
34 
		chown root:apache $FIC_SERVICES
 - 
 
35 
		chmod 660 $FIC_SERVICES
 - 
 
36 
		# vérify exception file
- 
 
37 
		[ -e $FIC_EXCEPTIONS ] || touch $FIC_EXCEPTIONS
 - 
 
38 
		chown root:apache $FIC_EXCEPTIONS
 - 
 
39 
		chmod 664 $FIC_EXCEPTIONS
 - 
 
40 
		$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=on?g" $FIC_CONF
 28 
		$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=on?g" $FIC_CONF
41 
		/usr/local/bin/alcasar-iptables.sh
 29 
		/usr/local/bin/alcasar-iptables.sh
42 
		;;
 30 
		;;
43 
	--off|-off) # disable protocols filter
 31 
	--off|-off) # disable protocols filter
44 
		$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=off?g" $FIC_CONF
 32 
		$SED "s?^PROTOCOLS_FILTERING.*?PROTOCOLS_FILTERING=off?g" $FIC_CONF
45 
		/usr/local/bin/alcasar-iptables.sh
 33 
		/usr/local/bin/alcasar-iptables.sh
46 
		;;
 34 
		;;
47 
	--lan_ext_filter_on|-lan_ext_filter_on) # allow external LAN access (LAN located between ALCASAR and the Internet gateway)
 - 
 
48 
		$SED "s?^EXT_LAN_FILTERING.*?EXT_LAN_FILTERING=on?g" $FIC_CONF
 - 
 
49 
		/usr/local/bin/alcasar-iptables.sh
 - 
 
50 
		;;
 - 
 
51 
	--lan_ext_filter_off|-lan_ext_filter_off) # allow external LAN access (LAN located between ALCASAR and the Internet gateway)
 - 
 
52 
		$SED "s?^EXT_LAN_FILTERING.*?EXT_LAN_FILTERING=off?g" $FIC_CONF
 - 
 
53 
		/usr/local/bin/alcasar-iptables.sh
 - 
 
54 
		;;
 - 
 
55 
	*)
 35 
	*)
56 
		echo "Argument inconnu :$1";
 36 
		echo "Argument inconnu :$1";
57 
		echo "$usage"
 37 
		echo "$usage"
58 
		exit 1
 38 
		exit 1
59 
		;;
 39 
		;;