You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
108 lines
1.6 KiB
108 lines
1.6 KiB
#!/usr/bin/env bash
|
|
|
|
set -eu
|
|
|
|
DESC="Configuration de base pur le TP DMZ."
|
|
|
|
SYSTEMS="bigboss lambda nomade societe tiny web"
|
|
|
|
setFirewall() {
|
|
vdn-ssh root@societe '
|
|
cat << EOF > /etc/network/fw-start
|
|
#!/bin/sh
|
|
|
|
set -x
|
|
|
|
# Vide les tables
|
|
|
|
iptables -F
|
|
iptables -t nat -F
|
|
iptables -t mangle -F
|
|
iptables -X
|
|
|
|
# fixe les politiques par défaut
|
|
|
|
iptables -P INPUT DROP
|
|
iptables -P FORWARD ACCEPT
|
|
iptables -P OUTPUT ACCEPT
|
|
|
|
# spécifique à VDN (Début)
|
|
|
|
iptables -A INPUT -i eth3 -j ACCEPT
|
|
iptables -A OUTPUT -o eth3 -j ACCEPT
|
|
|
|
# spécifique à VDN (Fin)
|
|
|
|
# Autorise l''interface loopback
|
|
|
|
iptables -A INPUT -i lo -j ACCEPT
|
|
iptables -A OUTPUT -o lo -j ACCEPT
|
|
|
|
# Log
|
|
|
|
iptables -A INPUT -j LOG --log-prefix "fw INPUT "
|
|
|
|
EOF
|
|
|
|
chmod 755 /etc/network/fw-start
|
|
|
|
cat << EOF > /etc/network/fw-stop
|
|
#!/bin/sh
|
|
|
|
# Vide les tables
|
|
|
|
iptables -F
|
|
iptables -t nat -F
|
|
iptables -t mangle -F
|
|
iptables -X
|
|
|
|
# fixe les politiques par défaut
|
|
|
|
iptables -P INPUT ACCEPT
|
|
iptables -P OUTPUT ACCEPT
|
|
iptables -P FORWARD ACCEPT
|
|
|
|
EOF
|
|
|
|
chmod 755 /etc/network/fw-stop
|
|
|
|
/etc/network/fw-stop
|
|
'
|
|
|
|
# disable ipv4.ip_forward
|
|
|
|
vdn-ssh root@societe "echo 0 > /proc/sys/net/ipv4/ip_forward"
|
|
|
|
}
|
|
|
|
|
|
run() {
|
|
setErrorHandler
|
|
echoStart
|
|
|
|
### Configuration de base (hostname, hosts, interfaces)
|
|
|
|
parallelDisablePause
|
|
|
|
vdn-scripts baseConfigAll
|
|
|
|
### Page d'accueil des serveurs Web
|
|
|
|
for i in lambda web bigboss; do
|
|
vdn-ssh root@$i "
|
|
echo \"<html><body><h1>Bienvenue sur le serveur Web de $i!</h1></body></html>\" > /var/www/index.html
|
|
"
|
|
done
|
|
|
|
### /etc/network/fw-start /etc/network/fw-stop
|
|
|
|
setFirewall
|
|
|
|
### A COMPLETER ###
|
|
|
|
|
|
unsetErrorHandler
|
|
echoDone
|
|
}
|
|
|