echo 1 proc sys net ipv4 icmp echo ignore broadcasts
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 13445
Echo Web Application Framework 1.1.4
Echo Web Application Framework is an object-oriented, event-driven Web application framework. more>>
Echo is a framework for developing object-oriented, event-driven Web applications.
Echo removes the developer from having to think in terms of "page-based" applications and enables him/her to develop applications using the conventional object-oriented and event-driven paradigm for user interface development.
Knowledge of HTML, HTTP, and JavaScript is not required. Echo is open-source software distributed under the terms of the Mozilla Public License or the GNU LGPL License.
Enhancements:
- Version 1.1.4 adds support for specifying the order of tab-based navigation of components. The release also fixes bugs reported in previous versions, including the issues discovered with setting component focus.
<<lessEcho removes the developer from having to think in terms of "page-based" applications and enables him/her to develop applications using the conventional object-oriented and event-driven paradigm for user interface development.
Knowledge of HTML, HTTP, and JavaScript is not required. Echo is open-source software distributed under the terms of the Mozilla Public License or the GNU LGPL License.
Enhancements:
- Version 1.1.4 adds support for specifying the order of tab-based navigation of components. The release also fixes bugs reported in previous versions, including the issues discovered with setting component focus.
Download (0.80MB)
Added: 2005-05-05 License: LGPL (GNU Lesser General Public License) Price:
1635 downloads
Very restrictive set of firewall rules
Very restrictive set of firewall rules script is a sample firewall for ip_tables. more>>
Very restrictive set of firewall rules script is a sample firewall for ip_tables, the tool for doing firewalling and masquerading under the 2.3.x/2.4.x series of kernels.
Be warned, this is a very restrictive set of firewall rules (and they should be, for proper security). Anything that you do not _specifically_ allow is logged and dropped into /dev/null, so if youre wondering why something isnt working, check /var/log/messages.
This is about as close as you get to a secure firewall. Its nasty, its harsh, and it will make your machine nearly invisible to the rest of the internet world. Have fun.
To run this script you must chmod 700 iptables-script and then execute it. To stop it from running, run iptables -F
Sample:
#Point this to your copy of ip_tables
IPT="/usr/local/bin/iptables"
#Load the module.
modprobe ip_tables
#Flush old rules, delete the firewall chain if it exists
$IPT -F
$IPT -F -t nat
$IPT -X firewall
#Setup Masquerading. Change the IP to your internal network and uncomment
#this in order to enable it.
#$IPT -A POSTROUTING -t nat -s 192.168.1.0/24 -j MASQUERADE
#$IPT -P FORWARD ACCEPT
#echo 1 > /proc/sys/net/ipv4/ip_forward
#Set up the firewall chain
$IPT -N firewall
$IPT -A firewall -j LOG --log-level info --log-prefix "Firewall:"
$IPT -A firewall -j DROP
#Accept ourselves
$IPT -A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
#If youre using IP Masquerading, change this IP to whatever your internl
#IP addres is and uncomment it
#$IPT -A INPUT -s 192.168.1.1/32 -d 0/0 -j ACCEPT
#Accept DNS, cause its warm and friendly
$IPT -A INPUT -p udp --source-port 53 -j ACCEPT
$IPT -A INPUT -p tcp --source-port 113 -j ACCEPT
$IPT -A INPUT -p tcp --destination-port 113 -j ACCEPT
#Allow ftp to send data back and forth.
$IPT -A INPUT -p tcp ! --syn --source-port 20 --destination-port 1024:65535 -j ACCEPT
#Accept SSH. Duh.
#$IPT -A INPUT -p tcp --destination-port 22 -j ACCEPT
#Send everything else ot the firewall.
$IPT -A INPUT -p icmp -j firewall
$IPT -A INPUT -p tcp --syn -j firewall
$IPT -A INPUT -p udp -j firewall
<<lessBe warned, this is a very restrictive set of firewall rules (and they should be, for proper security). Anything that you do not _specifically_ allow is logged and dropped into /dev/null, so if youre wondering why something isnt working, check /var/log/messages.
This is about as close as you get to a secure firewall. Its nasty, its harsh, and it will make your machine nearly invisible to the rest of the internet world. Have fun.
To run this script you must chmod 700 iptables-script and then execute it. To stop it from running, run iptables -F
Sample:
#Point this to your copy of ip_tables
IPT="/usr/local/bin/iptables"
#Load the module.
modprobe ip_tables
#Flush old rules, delete the firewall chain if it exists
$IPT -F
$IPT -F -t nat
$IPT -X firewall
#Setup Masquerading. Change the IP to your internal network and uncomment
#this in order to enable it.
#$IPT -A POSTROUTING -t nat -s 192.168.1.0/24 -j MASQUERADE
#$IPT -P FORWARD ACCEPT
#echo 1 > /proc/sys/net/ipv4/ip_forward
#Set up the firewall chain
$IPT -N firewall
$IPT -A firewall -j LOG --log-level info --log-prefix "Firewall:"
$IPT -A firewall -j DROP
#Accept ourselves
$IPT -A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
#If youre using IP Masquerading, change this IP to whatever your internl
#IP addres is and uncomment it
#$IPT -A INPUT -s 192.168.1.1/32 -d 0/0 -j ACCEPT
#Accept DNS, cause its warm and friendly
$IPT -A INPUT -p udp --source-port 53 -j ACCEPT
$IPT -A INPUT -p tcp --source-port 113 -j ACCEPT
$IPT -A INPUT -p tcp --destination-port 113 -j ACCEPT
#Allow ftp to send data back and forth.
$IPT -A INPUT -p tcp ! --syn --source-port 20 --destination-port 1024:65535 -j ACCEPT
#Accept SSH. Duh.
#$IPT -A INPUT -p tcp --destination-port 22 -j ACCEPT
#Send everything else ot the firewall.
$IPT -A INPUT -p icmp -j firewall
$IPT -A INPUT -p tcp --syn -j firewall
$IPT -A INPUT -p udp -j firewall
Download (MB)
Added: 2007-02-14 License: GPL (GNU General Public License) Price:
984 downloads
NAT iptables firewall script
NAT iptables firewall script is an iptables firewall script. more>>
NAT iptables firewall script is an iptables firewall script.
This script is meant to be run once per boot the rules will be double added if you try to run it twice if you need to add another rule during runtime, change the -A to a -I to add it to the top of the list of rules if you use -A it will go at the end after the reject rule.
Sample:
# interface definitions
BAD_IFACE=eth0
DMZ_IFACE=eth1
DMZ_ADDR=x.x.x.96/28
GOOD_IFACE=eth2
GOOD_ADDR=192.168.1.0/24
MASQ_SERVER=x.x.x.98
FTP_SERVER=x.x.x.100
MAIL_SERVER=x.x.x.99
MAIL_SERVER_INTERNAL=192.168.1.3
# testing
#set -x
ip route del x.x.x.96/28 dev $BAD_IFACE
ip route del x.x.x.96/28 dev $DMZ_IFACE
ip route add x.x.x.97 dev $BAD_IFACE
ip route add x.x.x.96/28 dev $DMZ_IFACE
# we need proxy arp for the dmz network
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
# turn on ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# turn on antispoofing protection
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f; done
# flush all rules in the filter table
#iptables -F
# flush built in rules
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
# deny everything for now
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP
iptables -A OUTPUT -j DROP
# make the chains to define packet directions
# bad is the internet, dmz is our dmz, good is our masqed network
iptables -N good-dmz
iptables -N bad-dmz
iptables -N good-bad
iptables -N dmz-good
iptables -N dmz-bad
iptables -N bad-good
iptables -N icmp-acc
# accept related packets
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# internal client masqing
iptables -t nat -A POSTROUTING -s $GOOD_ADDR -o $BAD_IFACE -j SNAT --to $MASQ_SERVER
# mail server masqing
iptables -t nat -A PREROUTING -p tcp -d $MAIL_SERVER --dport smtp -j DNAT --to $MAIL_SERVER_INTERNAL:25
iptables -t nat -A PREROUTING -p tcp -d $MAIL_SERVER --dport http -j DNAT --to $MAIL_SERVER_INTERNAL:80
iptables -t nat -A PREROUTING -p tcp -d $MAIL_SERVER --dport https -j DNAT --to $MAIL_SERVER_INTERNAL:443
# to allow the above to work you need something like
# iptables -A bad-good -p tcp --dport smtp -d $MAIL_SERVER_INTERNAL -j ACCEPT
# set which addresses jump to which chains
iptables -A FORWARD -s $GOOD_ADDR -o $DMZ_IFACE -j good-dmz
iptables -A FORWARD -s $GOOD_ADDR -o $BAD_IFACE -j good-bad
iptables -A FORWARD -s $DMZ_ADDR -i $DMZ_IFACE -o $BAD_IFACE -j dmz-bad
iptables -A FORWARD -s $DMZ_ADDR -i $DMZ_IFACE -o $GOOD_IFACE -j dmz-good
iptables -A FORWARD -o $DMZ_IFACE -j bad-dmz
iptables -A FORWARD -o $GOOD_IFACE -j bad-good
# drop anything that doesnt fit these
iptables -A FORWARD -j LOG --log-prefix "chain-jump "
iptables -A FORWARD -j DROP
# icmp acceptance
iptables -A icmp-acc -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A icmp-acc -p icmp --icmp-type source-quench -j ACCEPT
iptables -A icmp-acc -p icmp --icmp-type time-exceeded -j ACCEPT
iptables -A icmp-acc -p icmp --icmp-type echo-request -j ACCEPT
iptables -A icmp-acc -p icmp --icmp-type echo-reply -j ACCEPT
# iptables -A icmp-acc -j LOG --log-prefix "icmp-acc "
iptables -A icmp-acc -j DROP
# from internal to dmz
iptables -A good-dmz -p tcp --dport smtp -j ACCEPT
iptables -A good-dmz -p tcp --dport pop3 -j ACCEPT
iptables -A good-dmz -p udp --dport domain -j ACCEPT
iptables -A good-dmz -p tcp --dport domain -j ACCEPT
iptables -A good-dmz -p tcp --dport www -j ACCEPT
iptables -A good-dmz -p tcp --dport https -j ACCEPT
iptables -A good-dmz -p tcp --dport ssh -j ACCEPT
iptables -A good-dmz -p tcp --dport telnet -j ACCEPT
iptables -A good-dmz -p tcp --dport auth -j ACCEPT
iptables -A good-dmz -p tcp --dport ftp -j ACCEPT
iptables -A good-dmz -p tcp --dport 1521 -j ACCEPT
iptables -A good-dmz -p icmp -j icmp-acc
iptables -A good-dmz -j LOG --log-prefix "good-dmz "
iptables -A good-dmz -j DROP
# from external to dmz
iptables -A bad-dmz -p tcp --dport smtp -j ACCEPT
iptables -A bad-dmz -p udp --dport domain -j ACCEPT
iptables -A bad-dmz -p tcp --dport domain -j ACCEPT
iptables -A bad-dmz -p tcp --dport www -j ACCEPT
iptables -A bad-dmz -p tcp --dport https -j ACCEPT
iptables -A bad-dmz -p tcp --dport ssh -j ACCEPT
iptables -A bad-dmz -p tcp -d $FTP_SERVER --dport ftp -j ACCEPT
iptables -A bad-dmz -p icmp -j icmp-acc
iptables -A bad-dmz -j LOG --log-prefix "bad-dmz "
iptables -A bad-dmz -j DROP
# from internal to external
iptables -A good-bad -j ACCEPT
# iptables -t nat -A POSTROUTING -o $BAD_IFACE -j SNAT --to $MASQ_SERVER
#iptables -A good-bad -p tcp -j MASQ
#iptables -A good-bad -p udp -j MASQ
#iptables -A good-bad -p icmp -j MASQ
#ipchains -A good-bad -p tcp --dport www -j MASQ
#ipchains -A good-bad -p tcp --dport ssh -j MASQ
#ipchains -A good-bad -p udp --dport 33434:33500 -j MASQ
#ipchains -A good-bad -p tcp --dport ftp -j MASQ
#ipchains -A good-bad -p icmp --icmp-type ping -j MASQ
#ipchains -A good-bad -j REJECT -l
# from dmz to internal
# iptables -A dmz-good -p tcp ! --syn --sport smtp -j ACCEPT
iptables -A dmz-good -p tcp --dport smtp -j ACCEPT
iptables -A dmz-good -p tcp --sport smtp -j ACCEPT
iptables -A dmz-good -p udp --sport domain -j ACCEPT
iptables -A dmz-good -p tcp ! --syn --sport domain -j ACCEPT
iptables -A dmz-good -p tcp ! --syn --sport www -j ACCEPT
iptables -A dmz-good -p tcp ! --syn --sport ssh -j ACCEPT
iptables -A dmz-good -p tcp -d 192.168.1.34 --dport smtp -j ACCEPT
iptables -A dmz-good -p icmp -j icmp-acc
iptables -A dmz-good -j LOG --log-prefix "dmz-good "
iptables -A dmz-good -j DROP
# from dmz to external
iptables -A dmz-bad -p tcp --dport smtp -j ACCEPT
iptables -A dmz-bad -p tcp --sport smtp -j ACCEPT
iptables -A dmz-bad -p udp --dport domain -j ACCEPT
iptables -A dmz-bad -p tcp --dport domain -j ACCEPT
iptables -A dmz-bad -p tcp --dport www -j ACCEPT
iptables -A dmz-bad -p tcp --dport https -j ACCEPT
iptables -A dmz-bad -p tcp --dport ssh -j ACCEPT
iptables -A dmz-bad -p tcp --dport ftp -j ACCEPT
iptables -A dmz-bad -p tcp --dport whois -j ACCEPT
iptables -A dmz-bad -p tcp --dport telnet -j ACCEPT
iptables -A dmz-bad -p udp --dport ntp -j ACCEPT
# ipchains -A good-bad -p udp --dport 33434:33500 -j MASQ
iptables -A dmz-bad -p icmp -j icmp-acc
iptables -A dmz-bad -j LOG --log-prefix "dmz-bad "
iptables -A dmz-bad -j DROP
# from external to internal
iptables -A bad-good -p tcp --dport smtp -d $MAIL_SERVER_INTERNAL -j ACCEPT
iptables -A bad-good -p tcp --dport http -d $MAIL_SERVER_INTERNAL -j ACCEPT
iptables -A bad-good -p tcp --dport https -d $MAIL_SERVER_INTERNAL -j ACCEPT
iptables -A bad-good -j LOG --log-prefix "bad-good "
iptables -A bad-good -j REJECT
# rules for this machine itself
iptables -N bad-if
iptables -N dmz-if
iptables -N good-if
# set up the jumps to each chain
iptables -A INPUT -i $BAD_IFACE -j bad-if
iptables -A INPUT -i $DMZ_IFACE -j dmz-if
iptables -A INPUT -i $GOOD_IFACE -j good-if
# external iface
iptables -A bad-if -p icmp -j icmp-acc
iptables -A bad-if -j ACCEPT
#ipchains -A bad-if -i ! ppp0 -j DENY -l
#ipchains -A bad-if -p TCP --dport 61000:65095 -j ACCEPT
#ipchains -A bad-if -p UDP --dport 61000:65095 -j ACCEPT
#ipchains -A bad-if -p ICMP --icmp-type pong -j ACCEPT
#ipchains -A bad-if -j icmp-acc
#ipchains -A bad-if -j DENY
# dmz iface
iptables -A bad-if -p icmp -j icmp-acc
iptables -A dmz-if -j ACCEPT
# internal iface
iptables -A good-if -p tcp --dport ssh -j ACCEPT
iptables -A good-if -p ICMP --icmp-type ping -j ACCEPT
iptables -A good-if -p ICMP --icmp-type pong -j ACCEPT
iptables -A good-if -j icmp-acc
iptables -A good-if -j DROP
# remove the complete blocks
iptables -D INPUT 1
iptables -D FORWARD 1
iptables -D OUTPUT 1
<<lessThis script is meant to be run once per boot the rules will be double added if you try to run it twice if you need to add another rule during runtime, change the -A to a -I to add it to the top of the list of rules if you use -A it will go at the end after the reject rule.
Sample:
# interface definitions
BAD_IFACE=eth0
DMZ_IFACE=eth1
DMZ_ADDR=x.x.x.96/28
GOOD_IFACE=eth2
GOOD_ADDR=192.168.1.0/24
MASQ_SERVER=x.x.x.98
FTP_SERVER=x.x.x.100
MAIL_SERVER=x.x.x.99
MAIL_SERVER_INTERNAL=192.168.1.3
# testing
#set -x
ip route del x.x.x.96/28 dev $BAD_IFACE
ip route del x.x.x.96/28 dev $DMZ_IFACE
ip route add x.x.x.97 dev $BAD_IFACE
ip route add x.x.x.96/28 dev $DMZ_IFACE
# we need proxy arp for the dmz network
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
# turn on ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# turn on antispoofing protection
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f; done
# flush all rules in the filter table
#iptables -F
# flush built in rules
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
# deny everything for now
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP
iptables -A OUTPUT -j DROP
# make the chains to define packet directions
# bad is the internet, dmz is our dmz, good is our masqed network
iptables -N good-dmz
iptables -N bad-dmz
iptables -N good-bad
iptables -N dmz-good
iptables -N dmz-bad
iptables -N bad-good
iptables -N icmp-acc
# accept related packets
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# internal client masqing
iptables -t nat -A POSTROUTING -s $GOOD_ADDR -o $BAD_IFACE -j SNAT --to $MASQ_SERVER
# mail server masqing
iptables -t nat -A PREROUTING -p tcp -d $MAIL_SERVER --dport smtp -j DNAT --to $MAIL_SERVER_INTERNAL:25
iptables -t nat -A PREROUTING -p tcp -d $MAIL_SERVER --dport http -j DNAT --to $MAIL_SERVER_INTERNAL:80
iptables -t nat -A PREROUTING -p tcp -d $MAIL_SERVER --dport https -j DNAT --to $MAIL_SERVER_INTERNAL:443
# to allow the above to work you need something like
# iptables -A bad-good -p tcp --dport smtp -d $MAIL_SERVER_INTERNAL -j ACCEPT
# set which addresses jump to which chains
iptables -A FORWARD -s $GOOD_ADDR -o $DMZ_IFACE -j good-dmz
iptables -A FORWARD -s $GOOD_ADDR -o $BAD_IFACE -j good-bad
iptables -A FORWARD -s $DMZ_ADDR -i $DMZ_IFACE -o $BAD_IFACE -j dmz-bad
iptables -A FORWARD -s $DMZ_ADDR -i $DMZ_IFACE -o $GOOD_IFACE -j dmz-good
iptables -A FORWARD -o $DMZ_IFACE -j bad-dmz
iptables -A FORWARD -o $GOOD_IFACE -j bad-good
# drop anything that doesnt fit these
iptables -A FORWARD -j LOG --log-prefix "chain-jump "
iptables -A FORWARD -j DROP
# icmp acceptance
iptables -A icmp-acc -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A icmp-acc -p icmp --icmp-type source-quench -j ACCEPT
iptables -A icmp-acc -p icmp --icmp-type time-exceeded -j ACCEPT
iptables -A icmp-acc -p icmp --icmp-type echo-request -j ACCEPT
iptables -A icmp-acc -p icmp --icmp-type echo-reply -j ACCEPT
# iptables -A icmp-acc -j LOG --log-prefix "icmp-acc "
iptables -A icmp-acc -j DROP
# from internal to dmz
iptables -A good-dmz -p tcp --dport smtp -j ACCEPT
iptables -A good-dmz -p tcp --dport pop3 -j ACCEPT
iptables -A good-dmz -p udp --dport domain -j ACCEPT
iptables -A good-dmz -p tcp --dport domain -j ACCEPT
iptables -A good-dmz -p tcp --dport www -j ACCEPT
iptables -A good-dmz -p tcp --dport https -j ACCEPT
iptables -A good-dmz -p tcp --dport ssh -j ACCEPT
iptables -A good-dmz -p tcp --dport telnet -j ACCEPT
iptables -A good-dmz -p tcp --dport auth -j ACCEPT
iptables -A good-dmz -p tcp --dport ftp -j ACCEPT
iptables -A good-dmz -p tcp --dport 1521 -j ACCEPT
iptables -A good-dmz -p icmp -j icmp-acc
iptables -A good-dmz -j LOG --log-prefix "good-dmz "
iptables -A good-dmz -j DROP
# from external to dmz
iptables -A bad-dmz -p tcp --dport smtp -j ACCEPT
iptables -A bad-dmz -p udp --dport domain -j ACCEPT
iptables -A bad-dmz -p tcp --dport domain -j ACCEPT
iptables -A bad-dmz -p tcp --dport www -j ACCEPT
iptables -A bad-dmz -p tcp --dport https -j ACCEPT
iptables -A bad-dmz -p tcp --dport ssh -j ACCEPT
iptables -A bad-dmz -p tcp -d $FTP_SERVER --dport ftp -j ACCEPT
iptables -A bad-dmz -p icmp -j icmp-acc
iptables -A bad-dmz -j LOG --log-prefix "bad-dmz "
iptables -A bad-dmz -j DROP
# from internal to external
iptables -A good-bad -j ACCEPT
# iptables -t nat -A POSTROUTING -o $BAD_IFACE -j SNAT --to $MASQ_SERVER
#iptables -A good-bad -p tcp -j MASQ
#iptables -A good-bad -p udp -j MASQ
#iptables -A good-bad -p icmp -j MASQ
#ipchains -A good-bad -p tcp --dport www -j MASQ
#ipchains -A good-bad -p tcp --dport ssh -j MASQ
#ipchains -A good-bad -p udp --dport 33434:33500 -j MASQ
#ipchains -A good-bad -p tcp --dport ftp -j MASQ
#ipchains -A good-bad -p icmp --icmp-type ping -j MASQ
#ipchains -A good-bad -j REJECT -l
# from dmz to internal
# iptables -A dmz-good -p tcp ! --syn --sport smtp -j ACCEPT
iptables -A dmz-good -p tcp --dport smtp -j ACCEPT
iptables -A dmz-good -p tcp --sport smtp -j ACCEPT
iptables -A dmz-good -p udp --sport domain -j ACCEPT
iptables -A dmz-good -p tcp ! --syn --sport domain -j ACCEPT
iptables -A dmz-good -p tcp ! --syn --sport www -j ACCEPT
iptables -A dmz-good -p tcp ! --syn --sport ssh -j ACCEPT
iptables -A dmz-good -p tcp -d 192.168.1.34 --dport smtp -j ACCEPT
iptables -A dmz-good -p icmp -j icmp-acc
iptables -A dmz-good -j LOG --log-prefix "dmz-good "
iptables -A dmz-good -j DROP
# from dmz to external
iptables -A dmz-bad -p tcp --dport smtp -j ACCEPT
iptables -A dmz-bad -p tcp --sport smtp -j ACCEPT
iptables -A dmz-bad -p udp --dport domain -j ACCEPT
iptables -A dmz-bad -p tcp --dport domain -j ACCEPT
iptables -A dmz-bad -p tcp --dport www -j ACCEPT
iptables -A dmz-bad -p tcp --dport https -j ACCEPT
iptables -A dmz-bad -p tcp --dport ssh -j ACCEPT
iptables -A dmz-bad -p tcp --dport ftp -j ACCEPT
iptables -A dmz-bad -p tcp --dport whois -j ACCEPT
iptables -A dmz-bad -p tcp --dport telnet -j ACCEPT
iptables -A dmz-bad -p udp --dport ntp -j ACCEPT
# ipchains -A good-bad -p udp --dport 33434:33500 -j MASQ
iptables -A dmz-bad -p icmp -j icmp-acc
iptables -A dmz-bad -j LOG --log-prefix "dmz-bad "
iptables -A dmz-bad -j DROP
# from external to internal
iptables -A bad-good -p tcp --dport smtp -d $MAIL_SERVER_INTERNAL -j ACCEPT
iptables -A bad-good -p tcp --dport http -d $MAIL_SERVER_INTERNAL -j ACCEPT
iptables -A bad-good -p tcp --dport https -d $MAIL_SERVER_INTERNAL -j ACCEPT
iptables -A bad-good -j LOG --log-prefix "bad-good "
iptables -A bad-good -j REJECT
# rules for this machine itself
iptables -N bad-if
iptables -N dmz-if
iptables -N good-if
# set up the jumps to each chain
iptables -A INPUT -i $BAD_IFACE -j bad-if
iptables -A INPUT -i $DMZ_IFACE -j dmz-if
iptables -A INPUT -i $GOOD_IFACE -j good-if
# external iface
iptables -A bad-if -p icmp -j icmp-acc
iptables -A bad-if -j ACCEPT
#ipchains -A bad-if -i ! ppp0 -j DENY -l
#ipchains -A bad-if -p TCP --dport 61000:65095 -j ACCEPT
#ipchains -A bad-if -p UDP --dport 61000:65095 -j ACCEPT
#ipchains -A bad-if -p ICMP --icmp-type pong -j ACCEPT
#ipchains -A bad-if -j icmp-acc
#ipchains -A bad-if -j DENY
# dmz iface
iptables -A bad-if -p icmp -j icmp-acc
iptables -A dmz-if -j ACCEPT
# internal iface
iptables -A good-if -p tcp --dport ssh -j ACCEPT
iptables -A good-if -p ICMP --icmp-type ping -j ACCEPT
iptables -A good-if -p ICMP --icmp-type pong -j ACCEPT
iptables -A good-if -j icmp-acc
iptables -A good-if -j DROP
# remove the complete blocks
iptables -D INPUT 1
iptables -D FORWARD 1
iptables -D OUTPUT 1
Download (MB)
Added: 2007-02-14 License: GPL (GNU General Public License) Price:
603 downloads
Shell over ICMP 0.5
Shell over ICMP project allows a user to connect to a remote shell daemon, by using ICMP protocol instead of classical TCP. more>>
Shell over ICMP consists of two free and open source applications: one server and one client. Shell over ICMP project allows a user to connect to a remote shell daemon, by using ICMP protocol instead of classical TCP.
Entirely written in Python, soicmp is a working proof-of-concept to demonstrate that data can be transmitted across a network by hiding it in traffic that normally does not contain payloads.
How does it work?
The soicmp server is a daemon that must be started on the remote server. When the server receives a request from the client it looks into the packets payload. The payload must respect certain protocol rules. In detail the client must specify:
command
communication mode (echo|echo/reply)
authentication (y|n)
This is an example of a correct payload string sent by client to server:
$CMD ls -a $MODE echo/reply $PWD root2005 $END
If the payload matches with the server protocol specification then it will pipe the command to "/bin/sh" or "cmd.exe" and execute it. The server then reads the result from the pipe and sends it back to the client that will print it to stdout.
Moreover every client will send ICMP packets having id equal to the clients current process ID and will accept only ICMP replies having the same id value. This prevents output to be printed by other client instances running on the same workstation (this argument is also treated in the FAQs section).
Main features:
- Platform independent.
- Possibility to run soicmp daemon on multiple ethernet interfaces simultaneously handling multiple client connections.
- Possibility to specify the buffer size of outgoing packets.
- Client side source IP address spoofing.
- Remote client case-sensitive (plain texted) authentication.
- Possibility to select two communication types:
- One based on encapsulating command output in unique "one way" ICMP_ECHOREPLY (type 0) packets sent by server to client (see fig. 1).
- Another one that guarantees the correct packets delivering by using the request/response nature of ECHO and ECHOREPLY ICMP packet types (see fig.2)
- No listening sockets are listed by netstat or similar programs.
<<lessEntirely written in Python, soicmp is a working proof-of-concept to demonstrate that data can be transmitted across a network by hiding it in traffic that normally does not contain payloads.
How does it work?
The soicmp server is a daemon that must be started on the remote server. When the server receives a request from the client it looks into the packets payload. The payload must respect certain protocol rules. In detail the client must specify:
command
communication mode (echo|echo/reply)
authentication (y|n)
This is an example of a correct payload string sent by client to server:
$CMD ls -a $MODE echo/reply $PWD root2005 $END
If the payload matches with the server protocol specification then it will pipe the command to "/bin/sh" or "cmd.exe" and execute it. The server then reads the result from the pipe and sends it back to the client that will print it to stdout.
Moreover every client will send ICMP packets having id equal to the clients current process ID and will accept only ICMP replies having the same id value. This prevents output to be printed by other client instances running on the same workstation (this argument is also treated in the FAQs section).
Main features:
- Platform independent.
- Possibility to run soicmp daemon on multiple ethernet interfaces simultaneously handling multiple client connections.
- Possibility to specify the buffer size of outgoing packets.
- Client side source IP address spoofing.
- Remote client case-sensitive (plain texted) authentication.
- Possibility to select two communication types:
- One based on encapsulating command output in unique "one way" ICMP_ECHOREPLY (type 0) packets sent by server to client (see fig. 1).
- Another one that guarantees the correct packets delivering by using the request/response nature of ECHO and ECHOREPLY ICMP packet types (see fig.2)
- No listening sockets are listed by netstat or similar programs.
Download (0.58MB)
Added: 2006-11-07 License: GPL (GNU General Public License) Price:
1081 downloads
Packet filtering setup script
Packet filtering setup script by Anthony C. Zboralski. more>>
Packet filtering setup script by Anthony C. Zboralski. Adapted by Didi Damian for iptables version 1.0.0
Sample:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# Set up variables
EXT_IF="eth0"
INT_IF="eth1"
EXT_IP=24.x.x.x/32
INT_IP=192.168.0.1/32
EXT_NET=24.x.x.0/24
INT_NET=192.168.0.0/24
MASQ_NETS="192.168.0.0/24"
LOCAL_ADDRS="127.0.0.0/8 192.168.0.1/32 24.x.x.x/32"
MAIL_RELAY=24.x.x.x/32
SMB_ACCESS="192.168.0.2/32"
SMB_BCAST="192.168.0.255/32"
# Turn on IP forwarding
echo Turning on IP forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
# Load the ip_tables module
echo Loading ip_tables module.
/sbin/modprobe ip_tables || exit 1
# I let the kernel dynamically load the other modules
echo Flush standard tables.
iptables --flush INPUT
iptables --flush OUTPUT
iptables --flush FORWARD
echo Deny everything until firewall setup is completed.
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP
CHAINS=`iptables -n -L |perl -n -e /Chains+(S+)/ && !($1 =~ /^(INPUT|FORWARD|OUTPUT)$/) && print "$1 "`
echo Remove remaining chains:
echo $CHAINS
for chain in $CHAINS; do
iptables --flush $chain
done
# 2nd step cause of dependencies
for chain in $CHAINS; do
iptables --delete-chain $chain
done
for net in $MASQ_NETS; do
# I delete all the rules so you can rerun the scripts without bloating
# your nat entries.
iptables -D POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE 2>/dev/null
iptables -A POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE || exit 1
done
iptables --policy FORWARD ACCEPT
# Create a target for logging and dropping packets
iptables --new LDROP 2>/dev/null
iptables -A LDROP --proto tcp -j LOG --log-level info
--log-prefix "TCP Drop "
iptables -A LDROP --proto udp -j LOG --log-level info
--log-prefix "UDP Drop "
iptables -A LDROP --proto icmp -j LOG --log-level info
--log-prefix "ICMP Drop "
iptables -A LDROP --proto gre -j LOG --log-level info
--log-prefix "GRE Drop "
iptables -A LDROP -f -j LOG --log-level emerg
--log-prefix "FRAG Drop "
iptables -A LDROP -j DROP
# Create a table for watching some accepting rules
iptables --new WATCH 2>/dev/null
iptables -A WATCH -m limit -j LOG --log-level warn --log-prefix "ACCEPT "
iptables -A WATCH -j ACCEPT
echo Special target for local addresses:
iptables --new LOCAL 2>/dev/null
echo $LOCAL_ADDRS
for ip in $LOCAL_ADDRS; do
iptables -A INPUT --dst $ip -j LOCAL
# iptables -A INPUT --src $ip -i ! lo -j LDROP # lame spoof protect
done
echo Authorize mail from mail relay.
iptables -A LOCAL --proto tcp --syn --src $MAIL_RELAY --dst $EXT_IP --dport 25 -j ACCEPT
echo Authorizing samba access to:
echo $SMB_ACCESS
iptables --new SMB 2>/dev/null
for ip in $SMB_ACCESS; do
iptables -A SMB -s $ip -j ACCEPT
done
iptables -A LOCAL --proto udp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 445 -j SMB
iptables -A INPUT -i ! $EXT_IF --dst $SMB_BCAST -j ACCEPT #lame samba broadcast
echo Drop and log every other incoming tcp connection attempts.
iptables -A LOCAL -i ! lo --proto tcp --syn --j LDROP
echo Authorize dns access for local nets.
for net in $MASQ_NETS 127.0.0.0/8; do
iptables -A INPUT --proto udp --src $net --dport 53 -j ACCEPT
done
echo Enforcing up ICMP policies, use iptables -L ICMP to check.
# If you deny all ICMP messages you head for trouble since it would
# break lots of tcp/ip algorythm (acz)
iptables --new ICMP 2>/dev/null
iptables -A INPUT --proto icmp -j ICMP
iptables -A ICMP -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A ICMP -p icmp --icmp-type destination-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type protocol-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type port-unreachable -j ACCEPT
iptables -A ICMP -p icmp --icmp-type fragmentation-needed -j LDROP
iptables -A ICMP -p icmp --icmp-type source-route-failed -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type network-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type communication-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-precedence-violation -j LDROP
iptables -A ICMP -p icmp --icmp-type precedence-cutoff -j LDROP
iptables -A ICMP -p icmp --icmp-type source-quench -j LDROP
iptables -A ICMP -p icmp --icmp-type redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type echo-request -j WATCH
iptables -A ICMP -p icmp --icmp-type router-advertisement -j LDROP
iptables -A ICMP -p icmp --icmp-type router-solicitation -j LDROP
iptables -A ICMP -p icmp --icmp-type time-exceeded -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-transit -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-reassembly -j WATCH
iptables -A ICMP -p icmp --icmp-type parameter-problem -j WATCH
iptables -A ICMP -p icmp --icmp-type ip-header-bad -j WATCH
iptables -A ICMP -p icmp --icmp-type required-option-missing -j WATCH
iptables -A ICMP -p icmp --icmp-type timestamp-request -j LDROP
iptables -A ICMP -p icmp --icmp-type timestamp-reply -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-request -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-reply -j LDROP
iptables -A ICMP -p icmp -j LDROP
echo Authorize tcp traffic.
iptables -A INPUT --proto tcp -j ACCEPT
echo Authorize packet output.
iptables --policy OUTPUT ACCEPT
#echo reject ident if you drop em you gotta wait for timeout
#iptables -I LOCAL --proto tcp --syn --dst $EXT_IP --dport 113 -j REJECT
echo Drop and log all udp below 1024.
iptables -A INPUT -i ! lo --proto udp --dport :1023 -j LDROP
echo Drop rpc dynamic udp port:
RPC_UDP=`rpcinfo -p localhost|perl -n -e /.*udps+(d+)s+/ && print $1,"n"|sort -u`
echo $RPC_UDP
for port in $RPC_UDP; do
iptables -A LOCAL -i ! lo --proto udp --dport $port -j LDROP
done
echo Authorize udp above 1024.
iptables -A INPUT --proto udp --dport 1024: -j ACCEPT
<<lessSample:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# Set up variables
EXT_IF="eth0"
INT_IF="eth1"
EXT_IP=24.x.x.x/32
INT_IP=192.168.0.1/32
EXT_NET=24.x.x.0/24
INT_NET=192.168.0.0/24
MASQ_NETS="192.168.0.0/24"
LOCAL_ADDRS="127.0.0.0/8 192.168.0.1/32 24.x.x.x/32"
MAIL_RELAY=24.x.x.x/32
SMB_ACCESS="192.168.0.2/32"
SMB_BCAST="192.168.0.255/32"
# Turn on IP forwarding
echo Turning on IP forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
# Load the ip_tables module
echo Loading ip_tables module.
/sbin/modprobe ip_tables || exit 1
# I let the kernel dynamically load the other modules
echo Flush standard tables.
iptables --flush INPUT
iptables --flush OUTPUT
iptables --flush FORWARD
echo Deny everything until firewall setup is completed.
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP
CHAINS=`iptables -n -L |perl -n -e /Chains+(S+)/ && !($1 =~ /^(INPUT|FORWARD|OUTPUT)$/) && print "$1 "`
echo Remove remaining chains:
echo $CHAINS
for chain in $CHAINS; do
iptables --flush $chain
done
# 2nd step cause of dependencies
for chain in $CHAINS; do
iptables --delete-chain $chain
done
for net in $MASQ_NETS; do
# I delete all the rules so you can rerun the scripts without bloating
# your nat entries.
iptables -D POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE 2>/dev/null
iptables -A POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE || exit 1
done
iptables --policy FORWARD ACCEPT
# Create a target for logging and dropping packets
iptables --new LDROP 2>/dev/null
iptables -A LDROP --proto tcp -j LOG --log-level info
--log-prefix "TCP Drop "
iptables -A LDROP --proto udp -j LOG --log-level info
--log-prefix "UDP Drop "
iptables -A LDROP --proto icmp -j LOG --log-level info
--log-prefix "ICMP Drop "
iptables -A LDROP --proto gre -j LOG --log-level info
--log-prefix "GRE Drop "
iptables -A LDROP -f -j LOG --log-level emerg
--log-prefix "FRAG Drop "
iptables -A LDROP -j DROP
# Create a table for watching some accepting rules
iptables --new WATCH 2>/dev/null
iptables -A WATCH -m limit -j LOG --log-level warn --log-prefix "ACCEPT "
iptables -A WATCH -j ACCEPT
echo Special target for local addresses:
iptables --new LOCAL 2>/dev/null
echo $LOCAL_ADDRS
for ip in $LOCAL_ADDRS; do
iptables -A INPUT --dst $ip -j LOCAL
# iptables -A INPUT --src $ip -i ! lo -j LDROP # lame spoof protect
done
echo Authorize mail from mail relay.
iptables -A LOCAL --proto tcp --syn --src $MAIL_RELAY --dst $EXT_IP --dport 25 -j ACCEPT
echo Authorizing samba access to:
echo $SMB_ACCESS
iptables --new SMB 2>/dev/null
for ip in $SMB_ACCESS; do
iptables -A SMB -s $ip -j ACCEPT
done
iptables -A LOCAL --proto udp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 445 -j SMB
iptables -A INPUT -i ! $EXT_IF --dst $SMB_BCAST -j ACCEPT #lame samba broadcast
echo Drop and log every other incoming tcp connection attempts.
iptables -A LOCAL -i ! lo --proto tcp --syn --j LDROP
echo Authorize dns access for local nets.
for net in $MASQ_NETS 127.0.0.0/8; do
iptables -A INPUT --proto udp --src $net --dport 53 -j ACCEPT
done
echo Enforcing up ICMP policies, use iptables -L ICMP to check.
# If you deny all ICMP messages you head for trouble since it would
# break lots of tcp/ip algorythm (acz)
iptables --new ICMP 2>/dev/null
iptables -A INPUT --proto icmp -j ICMP
iptables -A ICMP -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A ICMP -p icmp --icmp-type destination-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type protocol-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type port-unreachable -j ACCEPT
iptables -A ICMP -p icmp --icmp-type fragmentation-needed -j LDROP
iptables -A ICMP -p icmp --icmp-type source-route-failed -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type network-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type communication-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-precedence-violation -j LDROP
iptables -A ICMP -p icmp --icmp-type precedence-cutoff -j LDROP
iptables -A ICMP -p icmp --icmp-type source-quench -j LDROP
iptables -A ICMP -p icmp --icmp-type redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type echo-request -j WATCH
iptables -A ICMP -p icmp --icmp-type router-advertisement -j LDROP
iptables -A ICMP -p icmp --icmp-type router-solicitation -j LDROP
iptables -A ICMP -p icmp --icmp-type time-exceeded -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-transit -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-reassembly -j WATCH
iptables -A ICMP -p icmp --icmp-type parameter-problem -j WATCH
iptables -A ICMP -p icmp --icmp-type ip-header-bad -j WATCH
iptables -A ICMP -p icmp --icmp-type required-option-missing -j WATCH
iptables -A ICMP -p icmp --icmp-type timestamp-request -j LDROP
iptables -A ICMP -p icmp --icmp-type timestamp-reply -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-request -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-reply -j LDROP
iptables -A ICMP -p icmp -j LDROP
echo Authorize tcp traffic.
iptables -A INPUT --proto tcp -j ACCEPT
echo Authorize packet output.
iptables --policy OUTPUT ACCEPT
#echo reject ident if you drop em you gotta wait for timeout
#iptables -I LOCAL --proto tcp --syn --dst $EXT_IP --dport 113 -j REJECT
echo Drop and log all udp below 1024.
iptables -A INPUT -i ! lo --proto udp --dport :1023 -j LDROP
echo Drop rpc dynamic udp port:
RPC_UDP=`rpcinfo -p localhost|perl -n -e /.*udps+(d+)s+/ && print $1,"n"|sort -u`
echo $RPC_UDP
for port in $RPC_UDP; do
iptables -A LOCAL -i ! lo --proto udp --dport $port -j LDROP
done
echo Authorize udp above 1024.
iptables -A INPUT --proto udp --dport 1024: -j ACCEPT
Download (MB)
Added: 2007-02-14 License: GPL (GNU General Public License) Price:
984 downloads
IPTables::IPv4::DBTarpit::SiteConfig 0.37
IPTables::IPv4::DBTarpit::SiteConfig is a configuration info for DBTarpit. more>>
IPTables::IPv4::DBTarpit::SiteConfig is a configuration info for DBTarpit.
SYNOPSIS
use IPTables::IPv4::DBTarpit::SiteConfig;
$hashref = new IPTables::IPv4::DBTarpit::SiteConfig;
This module returns a hash pointer to the configuration information used to intall DBTarpit. The values shown below are what was configured when DBTarpit was installed for this site.
|, $txt, q| =head1 EXPORT
none
<<lessSYNOPSIS
use IPTables::IPv4::DBTarpit::SiteConfig;
$hashref = new IPTables::IPv4::DBTarpit::SiteConfig;
This module returns a hash pointer to the configuration information used to intall DBTarpit. The values shown below are what was configured when DBTarpit was installed for this site.
|, $txt, q| =head1 EXPORT
none
Download (0.17MB)
Added: 2007-03-13 License: Perl Artistic License Price:
956 downloads
IPv6 FireWall script
IPv6 FireWall script is a firewall based on ip6tables. more>>
IPv6 FireWall script is a firewall based on ip6tables.
firewall6.sh 122 lines
#!/bin/bash
# Basic IPv6 FireWall script by Dennis Kruyt (dennis@klingon.nl)
#
# Sun Jan 5 18:26:28 2003 - DK
#debug
#set -x
cd /opt/scripts/firewall
source ./config6
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
# change to script directory
cd ${SCRIPTSDIR}
SCRIPT=${SCRIPTSDIR}/firewall6.sh
case "$1" in
flush)
echo -e "Starting Firewall:"
${IPTABLE6} -F >> /dev/null 2>&1
${IPTABLE6} -X >> /dev/null 2>&1
echo -e "Setting defaults op ACCEPT!"
echo -e "ALERT: no firewall rules active"
#
${IPTABLE6} -P INPUT ACCEPT
${IPTABLE6} -P OUTPUT ACCEPT
${IPTABLE6} -P FORWARD ACCEPT
;;
start|reload)
echo -n "Starting Firewall: "
# paging!
#
# create a backup
TIME=`date +%s`
tar -czf /opt/backups/firewall/firewall.${TIME}.tar.gz /opt/scripts/firewall
# sending mail
mail email@address.com -s "Firewall - (re)started" < $0
# wait
sleep 1
# kerneloptions
echo -n "Loading Kernel options.."
./kernel_options6.sh
echo -n "Flushing and deleting all chains.."
${IPTABLE6} -F >> /dev/null 2>&1
${IPTABLE6} -X >> /dev/null 2>&1
# default policy
echo -n "Setting default policy DROP.."
${IPTABLE6} -P INPUT DROP
${IPTABLE6} -P OUTPUT DROP
${IPTABLE6} -P FORWARD DROP
# ?????????????
#${IPTABLE} -F -t mangle
#${IPTABLE} -t mangle -X
echo -e "Loading chains.."
# create chain blacklist
${IPTABLE6} --new blacklist
#And drop the evil ones
for i in $BLACKLIST6;do
${IPTABLE6} -A blacklist --src $i -j DROP
done
#icmp chain
${IPTABLE6} --new icmprules
${IPTABLE6} -A icmprules -p icmpv6 -j ACCEPT
# create out chain
${IPTABLE6} --new out
#localhost to localhost
${IPTABLE6} -A out --src $LOCALHOST6 --dst $LOCALHOST6 -j ACCEPT
# for now accept all outgoing IPv6 traffic
${IPTABLE6} -A out --src $SIXXS --dst $ANY6 -j ACCEPT
# create in chain
${IPTABLE6} --new in
#localhost to localhost
${IPTABLE6} -A in --src $LOCALHOST6 --dst $LOCALHOST6 -j ACCEPT
# for now accept all incomming IPv6 traffic
${IPTABLE6} -A in --dst $SIXXS --src $ANY6 -j ACCEPT
#All that are in trusted may ssh
for i in $THRUSTED6;do
${IPTABLE6} -A in -p tcp --dst $SIXXS --dport 22 --src $i -j ACCEPT
done
# jump to all ipv6 chains
${IPTABLE6} -A INPUT -j blacklist
${IPTABLE6} -A OUTPUT -j blacklist
${IPTABLE6} -A FORWARD -j blacklist
${IPTABLE6} -A INPUT -j icmprules
${IPTABLE6} -A OUTPUT -j icmprules
${IPTABLE6} -A INPUT -j in
${IPTABLE6} -A OUTPUT -j out
;;
show)
echo -e "Rules in the firewall: ${CHAIN} n"
${IPTABLE6} -L -n
;;
*)
echo -e "Usage: ${SCRIPT} {flush|start|reload|show} n"
exit 1
;;
esac
exit 0
config6 12 lines
export IPTABLE6=/sbin/ip6tables
export SCRIPTSDIR=/opt/scripts/firewall
export EXT="eth0" # device
export SIXXS="3ffe:8114:1000::50f/127" # extern
export ANY6="::/0"
export LOCALHOST6="::1/128"
export THRUSTED6=""
export BLACKLIST6="3ffe:8114:2fff:1391::1"
kernel_options6.sh 7 lines
#!/bin/bash
# forwarding on
#echo "1" > /proc/sys/net/ipv6 blablabla
# Set some other IPv6 proc settings
#echo "1" > /proc/sys/net/ipv6 blablabla
<<lessfirewall6.sh 122 lines
#!/bin/bash
# Basic IPv6 FireWall script by Dennis Kruyt (dennis@klingon.nl)
#
# Sun Jan 5 18:26:28 2003 - DK
#debug
#set -x
cd /opt/scripts/firewall
source ./config6
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
# change to script directory
cd ${SCRIPTSDIR}
SCRIPT=${SCRIPTSDIR}/firewall6.sh
case "$1" in
flush)
echo -e "Starting Firewall:"
${IPTABLE6} -F >> /dev/null 2>&1
${IPTABLE6} -X >> /dev/null 2>&1
echo -e "Setting defaults op ACCEPT!"
echo -e "ALERT: no firewall rules active"
#
${IPTABLE6} -P INPUT ACCEPT
${IPTABLE6} -P OUTPUT ACCEPT
${IPTABLE6} -P FORWARD ACCEPT
;;
start|reload)
echo -n "Starting Firewall: "
# paging!
#
# create a backup
TIME=`date +%s`
tar -czf /opt/backups/firewall/firewall.${TIME}.tar.gz /opt/scripts/firewall
# sending mail
mail email@address.com -s "Firewall - (re)started" < $0
# wait
sleep 1
# kerneloptions
echo -n "Loading Kernel options.."
./kernel_options6.sh
echo -n "Flushing and deleting all chains.."
${IPTABLE6} -F >> /dev/null 2>&1
${IPTABLE6} -X >> /dev/null 2>&1
# default policy
echo -n "Setting default policy DROP.."
${IPTABLE6} -P INPUT DROP
${IPTABLE6} -P OUTPUT DROP
${IPTABLE6} -P FORWARD DROP
# ?????????????
#${IPTABLE} -F -t mangle
#${IPTABLE} -t mangle -X
echo -e "Loading chains.."
# create chain blacklist
${IPTABLE6} --new blacklist
#And drop the evil ones
for i in $BLACKLIST6;do
${IPTABLE6} -A blacklist --src $i -j DROP
done
#icmp chain
${IPTABLE6} --new icmprules
${IPTABLE6} -A icmprules -p icmpv6 -j ACCEPT
# create out chain
${IPTABLE6} --new out
#localhost to localhost
${IPTABLE6} -A out --src $LOCALHOST6 --dst $LOCALHOST6 -j ACCEPT
# for now accept all outgoing IPv6 traffic
${IPTABLE6} -A out --src $SIXXS --dst $ANY6 -j ACCEPT
# create in chain
${IPTABLE6} --new in
#localhost to localhost
${IPTABLE6} -A in --src $LOCALHOST6 --dst $LOCALHOST6 -j ACCEPT
# for now accept all incomming IPv6 traffic
${IPTABLE6} -A in --dst $SIXXS --src $ANY6 -j ACCEPT
#All that are in trusted may ssh
for i in $THRUSTED6;do
${IPTABLE6} -A in -p tcp --dst $SIXXS --dport 22 --src $i -j ACCEPT
done
# jump to all ipv6 chains
${IPTABLE6} -A INPUT -j blacklist
${IPTABLE6} -A OUTPUT -j blacklist
${IPTABLE6} -A FORWARD -j blacklist
${IPTABLE6} -A INPUT -j icmprules
${IPTABLE6} -A OUTPUT -j icmprules
${IPTABLE6} -A INPUT -j in
${IPTABLE6} -A OUTPUT -j out
;;
show)
echo -e "Rules in the firewall: ${CHAIN} n"
${IPTABLE6} -L -n
;;
*)
echo -e "Usage: ${SCRIPT} {flush|start|reload|show} n"
exit 1
;;
esac
exit 0
config6 12 lines
export IPTABLE6=/sbin/ip6tables
export SCRIPTSDIR=/opt/scripts/firewall
export EXT="eth0" # device
export SIXXS="3ffe:8114:1000::50f/127" # extern
export ANY6="::/0"
export LOCALHOST6="::1/128"
export THRUSTED6=""
export BLACKLIST6="3ffe:8114:2fff:1391::1"
kernel_options6.sh 7 lines
#!/bin/bash
# forwarding on
#echo "1" > /proc/sys/net/ipv6 blablabla
# Set some other IPv6 proc settings
#echo "1" > /proc/sys/net/ipv6 blablabla
Download (0.002MB)
Added: 2007-02-13 License: GPL (GNU General Public License) Price:
994 downloads
IPTables::IPv4::IPQueue 1.25
IPTables::IPv4::IPQueue is a Perl extension for libipq. more>>
IPTables::IPv4::IPQueue is a Perl extension for libipq.
SYNOPSIS
use IPTables::IPv4::IPQueue qw(:constants);
$queue = new IPTables::IPv4::IPQueue();
$msg = $queue->get_message();
$queue->set_verdict($msg->packet_id(), NF_ACCEPT)
$queue->set_mode(IPQ_COPY_PACKET, 2048);
IPTables::IPv4::IPQueue->errstr;
undef $queue;
Perlipq (IPTables::IPv4::IPQueue) is a Perl extension for iptables userspace packet queuing via libipq.
Packets may be selected from the stack via the iptables QUEUE target and passed to userspace. Perlipq allows these packets to be manipulated in Perl and passed back to the stack.
More information on userspace packet queueing may be found in libipq(3).
<<lessSYNOPSIS
use IPTables::IPv4::IPQueue qw(:constants);
$queue = new IPTables::IPv4::IPQueue();
$msg = $queue->get_message();
$queue->set_verdict($msg->packet_id(), NF_ACCEPT)
$queue->set_mode(IPQ_COPY_PACKET, 2048);
IPTables::IPv4::IPQueue->errstr;
undef $queue;
Perlipq (IPTables::IPv4::IPQueue) is a Perl extension for iptables userspace packet queuing via libipq.
Packets may be selected from the stack via the iptables QUEUE target and passed to userspace. Perlipq allows these packets to be manipulated in Perl and passed back to the stack.
More information on userspace packet queueing may be found in libipq(3).
Download (0.014MB)
Added: 2007-04-17 License: Perl Artistic License Price:
925 downloads
Parallel Network Scanner 1.11
Parallel Network Scanner provides a fast network services scanner. more>>
Parallel Network Scanner provides a fast network services scanner.
pnscan is a scanner for TCP network services. It uses multithreading to increase its speed.
pnscan tries to be smart as to how many threads to start - it will dynamically start only as many as is needed to make progress in the scan - up to a maximum either as specified with the "-n" command line option, or 8 minus the maximum number of available file descriptors (pnscan tries to increase
it to the max limit automatically) - or any internal limit on the system (Linux normally only allows 256 threads).
Host ranges can be specified both as a CIDR - network name or IP address / mask bit length and as a range. When using CIDR notation - the first and last address is ignored (normally used for broadcasts)
Some examples:
192.168.0.0/24
192.160.0.1:192.160.0.254
arpanet/8
USAGE - EXAMPLES
# Scan network 192.168.0.0/24 for SSH daemons on port 22
pnscan 192.168.0.0/24 22
pnscan 192.168.0.1:192.168.0.254 ssh
# Scan hosts 192.168.10.34 ... 98 for IDENT servers, max 8 threads
pnscan -n8 -w"VERSION" 192.168.10.34:192.168.10.98 113
# Scan host 127.0.0.1 for WWW servers on all ports
pnscan -w"HEAD / HTTP/1.0rnrn" -r"Server:" 192.168.0.32 1:65525
pnscan -w"HEAD / HTTP/1.0rnrn" -r"Server:" localhost 1:65525
# Send binary data and expect the binary sequence FF 00 FF on port 145.
pnscan -W"05 5A 37" -R"FF 00 FF" 192.168.0.32 145
# Scan for Roxen servers and print the whole Server-line
pnscan -l -w"HEAD / HTTP/1.0rnrn" -r"Roxen" localhost 1:65525
# Scan for pidentd servers and try to locate the version
pnscan -w"VERSION" 192.160.0.0/24 113
# Scan network arpanet/24 for daytime servers and sort them IP-numerically
pnscan arpanet/10 daytime | ipsort
# Read host (&port) lines from stdin and scan the selected hosts for SSH
echo 192.160.10.11 ssh | pnscan -v
echo 192.160.10.12 | pnscan 22
Enhancements:
- pnscan.sgml Added the other options implemented in pnscan.c.
- pnscan.c: Modified the threads startup code to dynamically only start as many threads as is needed.
<<lesspnscan is a scanner for TCP network services. It uses multithreading to increase its speed.
pnscan tries to be smart as to how many threads to start - it will dynamically start only as many as is needed to make progress in the scan - up to a maximum either as specified with the "-n" command line option, or 8 minus the maximum number of available file descriptors (pnscan tries to increase
it to the max limit automatically) - or any internal limit on the system (Linux normally only allows 256 threads).
Host ranges can be specified both as a CIDR - network name or IP address / mask bit length and as a range. When using CIDR notation - the first and last address is ignored (normally used for broadcasts)
Some examples:
192.168.0.0/24
192.160.0.1:192.160.0.254
arpanet/8
USAGE - EXAMPLES
# Scan network 192.168.0.0/24 for SSH daemons on port 22
pnscan 192.168.0.0/24 22
pnscan 192.168.0.1:192.168.0.254 ssh
# Scan hosts 192.168.10.34 ... 98 for IDENT servers, max 8 threads
pnscan -n8 -w"VERSION" 192.168.10.34:192.168.10.98 113
# Scan host 127.0.0.1 for WWW servers on all ports
pnscan -w"HEAD / HTTP/1.0rnrn" -r"Server:" 192.168.0.32 1:65525
pnscan -w"HEAD / HTTP/1.0rnrn" -r"Server:" localhost 1:65525
# Send binary data and expect the binary sequence FF 00 FF on port 145.
pnscan -W"05 5A 37" -R"FF 00 FF" 192.168.0.32 145
# Scan for Roxen servers and print the whole Server-line
pnscan -l -w"HEAD / HTTP/1.0rnrn" -r"Roxen" localhost 1:65525
# Scan for pidentd servers and try to locate the version
pnscan -w"VERSION" 192.160.0.0/24 113
# Scan network arpanet/24 for daytime servers and sort them IP-numerically
pnscan arpanet/10 daytime | ipsort
# Read host (&port) lines from stdin and scan the selected hosts for SSH
echo 192.160.10.11 ssh | pnscan -v
echo 192.160.10.12 | pnscan 22
Enhancements:
- pnscan.sgml Added the other options implemented in pnscan.c.
- pnscan.c: Modified the threads startup code to dynamically only start as many threads as is needed.
Download (0.014MB)
Added: 2007-03-12 License: Freeware Price:
958 downloads
Raw Socket Library 2.1
Raw Socket Library provides a simple to use raw socket library with IPV6 support. more>>
Raw Socket Library provides a simple to use raw socket library with IPV6 support.
Raw Socket Library provides a simple mechanism to send raw socket packet using IPV4 and IPV6 using a simple struct.
It currently supports TCP, ICMP, UDP, and ICMPv6.
Enhancements:
- ARP has been added but not tested. More IP4 options can be changed at code time now.
<<lessRaw Socket Library provides a simple mechanism to send raw socket packet using IPV4 and IPV6 using a simple struct.
It currently supports TCP, ICMP, UDP, and ICMPv6.
Enhancements:
- ARP has been added but not tested. More IP4 options can be changed at code time now.
Download (0.012MB)
Added: 2007-03-22 License: GPL (GNU General Public License) Price:
963 downloads
Net::IPv4Addr 0.10
Net::IPv4Addr is a Perl extension for manipulating IPv4 addresses. more>>
Net::IPv4Addr is a Perl extension for manipulating IPv4 addresses.
SYNOPSIS
use Net::IPv4Addr qw( :all );
my ($ip,$cidr) = ipv4_parse( "127.0.0.1/24" );
my ($ip,$cidr) = ipv4_parse( "192.168.100.10 / 255.255.255.0" );
my ($net,$msk) = ipv4_network( "192.168.100.30" );
my $broadcast = ipv4_broadcast( "192.168.100.30/26" );
if ( ipv4_in_network( "192.168.100.0", $her_ip ) ) {
print "Welcome !";
}
etc.
Net::IPv4Addr provides functions for parsing IPv4 addresses both in traditional address/netmask format and in the new CIDR format. There are also methods for calculating the network and broadcast address and also to see check if a given address is in a specific network.
<<lessSYNOPSIS
use Net::IPv4Addr qw( :all );
my ($ip,$cidr) = ipv4_parse( "127.0.0.1/24" );
my ($ip,$cidr) = ipv4_parse( "192.168.100.10 / 255.255.255.0" );
my ($net,$msk) = ipv4_network( "192.168.100.30" );
my $broadcast = ipv4_broadcast( "192.168.100.30/26" );
if ( ipv4_in_network( "192.168.100.0", $her_ip ) ) {
print "Welcome !";
}
etc.
Net::IPv4Addr provides functions for parsing IPv4 addresses both in traditional address/netmask format and in the new CIDR format. There are also methods for calculating the network and broadcast address and also to see check if a given address is in a specific network.
Download (0.008MB)
Added: 2006-07-27 License: Perl Artistic License Price:
1186 downloads
Kaboot Science 0.1.1
Kaboot Linux Operating system aims to provide an operating system which you can take anywhere. more>>
Kaboot Linux Operating system aims to provide an operating system which you can take anywhere and has all your favourite programs on.
Kaboot operating system is avaliable as a Live CD or Live USB you can take with you anywhere.
A number of different versions are avaliable, two optimised for size or speed, one for functionality, and one science based.
All containing a host of useful programs able to boot virtually any computer (meeting the minimum requirements) from CD and
USB.Kaboot is still in active development and if you find a bug or fix, you can let me know in the forums.
Kaboot Science - contains a number of Scientific programs already setup and ready to go, with the purpose of introducing those unconvinced by the power of open source programs.
Packge List:
net-dialup/rp-pppoe
x11-misc/adesklets
media-gfx/scrot
sys-apps/coldplug
x11-misc/pypanel
sys-apps/slocate
sys-kernel/linux-headers
app-office/gnumeric
sys-devel/gettext
media-gfx/feh
sci-calculators/galculator
x11-themes/commonbox-styles
x11-themes/openbox-themes
app-admin/syslog-ng
sci-chemistry/easychem
app-admin/testdisk
sys-process/vixie-cron
x11-misc/obconf
sys-boot/grub
perl-core/ExtUtils-MakeMaker
x11-misc/bbrb
x11-misc/gdeskcal
net-ftp/gftp
sci-astronomy/predict
sci-astronomy/stellarium
x11-wm/openbox
x11-base/xorg-x11
net-misc/dhcpcd
app-admin/torsmo
media-gfx/gnuplot
sci-mathematics/octave
sys-libs/glibc
sci-libs/gsl
www-client/mozilla-firefox
app-editors/nano
app-arch/gzip
sys-apps/pcmcia-cs
net-im/gaim
net-dialup/mingetty
sys-apps/hotplug
app-editors/cute
sci-chemistry/ghemical
x11-terms/aterm
app-office/abiword
sci-calculators/qalculate-units
<<lessKaboot operating system is avaliable as a Live CD or Live USB you can take with you anywhere.
A number of different versions are avaliable, two optimised for size or speed, one for functionality, and one science based.
All containing a host of useful programs able to boot virtually any computer (meeting the minimum requirements) from CD and
USB.Kaboot is still in active development and if you find a bug or fix, you can let me know in the forums.
Kaboot Science - contains a number of Scientific programs already setup and ready to go, with the purpose of introducing those unconvinced by the power of open source programs.
Packge List:
net-dialup/rp-pppoe
x11-misc/adesklets
media-gfx/scrot
sys-apps/coldplug
x11-misc/pypanel
sys-apps/slocate
sys-kernel/linux-headers
app-office/gnumeric
sys-devel/gettext
media-gfx/feh
sci-calculators/galculator
x11-themes/commonbox-styles
x11-themes/openbox-themes
app-admin/syslog-ng
sci-chemistry/easychem
app-admin/testdisk
sys-process/vixie-cron
x11-misc/obconf
sys-boot/grub
perl-core/ExtUtils-MakeMaker
x11-misc/bbrb
x11-misc/gdeskcal
net-ftp/gftp
sci-astronomy/predict
sci-astronomy/stellarium
x11-wm/openbox
x11-base/xorg-x11
net-misc/dhcpcd
app-admin/torsmo
media-gfx/gnuplot
sci-mathematics/octave
sys-libs/glibc
sci-libs/gsl
www-client/mozilla-firefox
app-editors/nano
app-arch/gzip
sys-apps/pcmcia-cs
net-im/gaim
net-dialup/mingetty
sys-apps/hotplug
app-editors/cute
sci-chemistry/ghemical
x11-terms/aterm
app-office/abiword
sci-calculators/qalculate-units
Download (348.5MB)
Added: 2005-12-21 License: GPL (GNU General Public License) Price:
1406 downloads
NetPacket::ICMP 0.04
NetPacket::ICMP is a Perl module to assemble and disassemble ICMP (Internet Control Message Protocol) packets. more>>
NetPacket::ICMP is a Perl module to assemble and disassemble ICMP (Internet Control Message Protocol) packets.
SYNOPSIS
use NetPacket::ICMP;
$icmp_obj = NetPacket::ICMP->decode($raw_pkt);
$icmp_pkt = NetPacket::ICMP->encode();
$icmp_data = NetPacket::ICMP::strip($raw_pkt);
NetPacket::ICMP provides a set of routines for assembling and disassembling packets using ICMP (Internet Control Message Protocol).
Methods
NetPacket::ICMP->decode([RAW PACKET])
Decode the raw packet data given and return an object containing instance data. This method will quite happily decode garbage input. It is the responsibility of the programmer to ensure valid packet data is passed to this method.
NetPacket::ICMP->encode()
Return an ICMP packet encoded with the instance data specified.
<<lessSYNOPSIS
use NetPacket::ICMP;
$icmp_obj = NetPacket::ICMP->decode($raw_pkt);
$icmp_pkt = NetPacket::ICMP->encode();
$icmp_data = NetPacket::ICMP::strip($raw_pkt);
NetPacket::ICMP provides a set of routines for assembling and disassembling packets using ICMP (Internet Control Message Protocol).
Methods
NetPacket::ICMP->decode([RAW PACKET])
Decode the raw packet data given and return an object containing instance data. This method will quite happily decode garbage input. It is the responsibility of the programmer to ensure valid packet data is passed to this method.
NetPacket::ICMP->encode()
Return an ICMP packet encoded with the instance data specified.
Download (0.011MB)
Added: 2007-02-27 License: Perl Artistic License Price:
970 downloads
IPv4 form 1.0
IPv4 form provides a tool for making RIPE IPv4 request forms. more>>
IPv4 form provides a tool for making RIPE IPv4 request forms.
IPv4 form is a utility for checking the #ADDRESSING PLAN# part of a RIPE IPv4 PA request form. It makes a "totals:" row for this form and produces readable output with spaces between columns. This output can be directly copied to a RIPE form.
<<lessIPv4 form is a utility for checking the #ADDRESSING PLAN# part of a RIPE IPv4 PA request form. It makes a "totals:" row for this form and produces readable output with spaces between columns. This output can be directly copied to a RIPE form.
Download (0.24MB)
Added: 2007-04-25 License: GPL (GNU General Public License) Price:
920 downloads
ICMP-Chat 0.6
ICMP-Chat is a simple console-based chat that uses ICMP packets for communication. more>>
ICMP-Chat is a simple console-based chat that uses ICMP packets for communication. All the data is encrypted with Rijndael-256 algorithm.
Installation:
Type: make && make install
For solaris type: make solaris && make install
Usage:
Usage: icmpchat [OPTIONS] < host > < nick >
< host > = Host to chat with
< nick > = Your nickname
OPTIONS:
-t < type > = specify icmp type (default ECHO_REPLY)
Example: icmpchat 192.168.1.2 foo
ICMP codes:
[0] Echo Reply
[5] Redirect
[8] Echo Request
[9] Router advertisement
[10] Router solicitation
[13] Timestamp request
[14] Timestamp reply
[15] Information request
[16] Information reply
[17] Adressmask request
[18] Adressmask reply
Enhancements:
- Rewrote from scratch
- Implemented optimized rijndael algorithm
- Implemented sha256 for password hashing
- Implemented ncurses frontend (again)
- Fixed getuid problem so that setting suid flag works now (thanks John)
<<lessInstallation:
Type: make && make install
For solaris type: make solaris && make install
Usage:
Usage: icmpchat [OPTIONS] < host > < nick >
< host > = Host to chat with
< nick > = Your nickname
OPTIONS:
-t < type > = specify icmp type (default ECHO_REPLY)
Example: icmpchat 192.168.1.2 foo
ICMP codes:
[0] Echo Reply
[5] Redirect
[8] Echo Request
[9] Router advertisement
[10] Router solicitation
[13] Timestamp request
[14] Timestamp reply
[15] Information request
[16] Information reply
[17] Adressmask request
[18] Adressmask reply
Enhancements:
- Rewrote from scratch
- Implemented optimized rijndael algorithm
- Implemented sha256 for password hashing
- Implemented ncurses frontend (again)
- Fixed getuid problem so that setting suid flag works now (thanks John)
Download (0.037MB)
Added: 2006-06-16 License: GPL (GNU General Public License) Price:
1229 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above echo 1 proc sys net ipv4 icmp echo ignore broadcasts search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
