echo trimmers
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 186
Echoserver 1.3
See what browsers and programs are sending to an HTTP Server. Simple server just dumps whatever it receives on the console. Echoserver is misnamed because it does not actually echo what it receives back to the browser. more>>
Echoserver - See what browsers and programs are sending to an HTTP Server.
Simple server just dumps whatever it receives on the console.
Echoserver is misnamed because it does not actually echo what it receives
back to the browser.
Enhancements:
Version 1.3
change pad directory structure
System Requirements:<<less
Download (520Kb)
Added: 2006-03-06 License: Free Price: Free
13 downloads
Echo2 Web Framework 2.1.0 Beta 5
Echo2 is the next-generation of the Echo Web Framework. more>>
Echo2 Web Framework is the next-generation of the Echo Web Framework, a platform for developing web-based applications that approach the capabilities of rich clients.
The 2.0 version holds true to the core concepts of Echo while providing dramatic performance, capability, and user-experience enhancements made possible by its new Ajax-based rendering engine.
Echo2 removes the developer from having to think in terms of "page-based" applications and enables him/her to develop applications using the conventional object-oriented and event-driven paradigm for user interface development.
Knowledge of HTML, HTTP, and JavaScript is not required. Applications may be hosted using any Java servlet container.
Enhancements:
- This release added support for setting render IDs on Components such that Echo2 applications may be tested with browser-based unit-testing environments such as Selenium.
<<lessThe 2.0 version holds true to the core concepts of Echo while providing dramatic performance, capability, and user-experience enhancements made possible by its new Ajax-based rendering engine.
Echo2 removes the developer from having to think in terms of "page-based" applications and enables him/her to develop applications using the conventional object-oriented and event-driven paradigm for user interface development.
Knowledge of HTML, HTTP, and JavaScript is not required. Applications may be hosted using any Java servlet container.
Enhancements:
- This release added support for setting render IDs on Components such that Echo2 applications may be tested with browser-based unit-testing environments such as Selenium.
Download (4.1MB)
Added: 2006-08-09 License: LGPL (GNU Lesser General Public License) Price:
673 downloads
Mediastreamer 2.1.0
Mediastreamer is library written in C that allows you to create and run audio and video streams. more>>
Mediastreamer is library written in C that allows you to create and run audio and video streams. It is designed for any kind of voice over IP applications.
It features RTP connectivity, audio codecs (Speex, iLBC, G711, GSM), video codecs (MPEG4, H263, Theora), I/O from soundcards, wav files, webcams, echo-cancelation, conferencing, and various other utilities.
Mediastreamer has a modular design that makes it extensible through plugins. This is the media-streaming component of linphone, a GPL SIP video phone.
<<lessIt features RTP connectivity, audio codecs (Speex, iLBC, G711, GSM), video codecs (MPEG4, H263, Theora), I/O from soundcards, wav files, webcams, echo-cancelation, conferencing, and various other utilities.
Mediastreamer has a modular design that makes it extensible through plugins. This is the media-streaming component of linphone, a GPL SIP video phone.
Download (0.45MB)
Added: 2007-01-26 License: GPL (GNU General Public License) Price:
1015 downloads
Echo Web Application Framework 1.1.4
Echo Web Application Framework is an object-oriented, event-driven Web application framework. more>>
Echo is a framework for developing object-oriented, event-driven Web applications.
Echo removes the developer from having to think in terms of "page-based" applications and enables him/her to develop applications using the conventional object-oriented and event-driven paradigm for user interface development.
Knowledge of HTML, HTTP, and JavaScript is not required. Echo is open-source software distributed under the terms of the Mozilla Public License or the GNU LGPL License.
Enhancements:
- Version 1.1.4 adds support for specifying the order of tab-based navigation of components. The release also fixes bugs reported in previous versions, including the issues discovered with setting component focus.
<<lessEcho removes the developer from having to think in terms of "page-based" applications and enables him/her to develop applications using the conventional object-oriented and event-driven paradigm for user interface development.
Knowledge of HTML, HTTP, and JavaScript is not required. Echo is open-source software distributed under the terms of the Mozilla Public License or the GNU LGPL License.
Enhancements:
- Version 1.1.4 adds support for specifying the order of tab-based navigation of components. The release also fixes bugs reported in previous versions, including the issues discovered with setting component focus.
Download (0.80MB)
Added: 2005-05-05 License: LGPL (GNU Lesser General Public License) Price:
1635 downloads
kfilewatcher 0.1
kfilewatcher project watches for file changes and allows you to react on them. more>>
kfilewatcher project watches for file changes and allows you to react on them.
Example:
kfilewatcher /tmp/test 2>&1 | while read a; do echo "File has changed - doing something"; done
This command does something every time kfilewatcher detects a change. At the moment, the only action is to output "File has changed - doing something", but you can write anything there, e.g.
- backup stuff as soon as it changes
- publish files on your homepage everytime they change
- keep directories in sync
<<lessExample:
kfilewatcher /tmp/test 2>&1 | while read a; do echo "File has changed - doing something"; done
This command does something every time kfilewatcher detects a change. At the moment, the only action is to output "File has changed - doing something", but you can write anything there, e.g.
- backup stuff as soon as it changes
- publish files on your homepage everytime they change
- keep directories in sync
Download (1.7MB)
Added: 2006-12-28 License: GPL (GNU General Public License) Price:
1030 downloads
Webforce Cart 1.6
Webforce Cart (wfCart) is a free PHP shopping cart class you can use a component of a PHP based online store. more>>
Webforce Cart (wfCart) is a free PHP shopping cart class you can use a component of a PHP based online store. Its designed as a component for PHP developers who would rather write their own store rather than a complete solution.
Instructions and examples for the free PHP Shopping Cart
To use the cart in an existing script:
Rename wfcart.php.txt to wfcart.php and upload to your server.
Then include the file:
include("wfcart.php");
Start the session, and assign the cart to it. NOTE: You must include the file wfcart.php before you start the session, its just the way PHP works.
session_start();
$cart =& $_SESSION[cart];
if(!is_object($cart)) $cart = new wfCart();
Then you can use the functions like $cart->get_contents();, these functions are documented below.
Adding an Item - $cart->add_item( code , quantity , price , info )
If you have a widget with code AB313 and a price of $40.11, you can add it to the cart with :
$cart->add_item(AB313,1,40.11,Widget AB313 Standard);
If the item AB313 is alreay in the cart, then the quantity of it will be increased by the quantity supplied to the function, in this case 1. The itemid must be unique, and can be letters and/or numbers.
Deleting an Item - $cart->del_item( itemid );
E.g. to delete the item ID 123
$cart->del_item(123);
Changing the quantity of an item -
$cart->edit_item( itemid, new_quantity );
For example :
$cart->edit_item(HA2,3);
If you set the quanitity to zero, the item is deleted.
Getting the number of items in a cart
echo $cart->itemcount;
Getting the total value of the cart.
echo $cart->total;
Emptying the cart
$cart->empty_cart();
Getting the cart contents
$items = $cart->get_contents();
$items is an array, so the following code displays the items.
foreach($items as $item) {
echo "Code/ID :".$item[id]."
";
echo "Quantity:".$item[qty]."
";
echo "Price :".$item[price]."
";
echo "Info :".$item[info]."
";
echo "Subtotal".$item[subtotal]."
";
}
Note, subtotal is quantity X price for that item, not a running total..
Extending Webforce Cart
There are 2 functions you can create that will enable more flexability.
One is wf_get_price( itemid, qty ). If you need to do pricing based on Quantity ( e.g. bulk discounts ) then you can create a function called wf_get_price to do what you need itto do. If you do not pass a price to add_item, then the wf_ get_price function will be called. If you use this functionality, AND your price is quantity dependant, then you must uncomment the line in the edit_item function.
The other is wf_get_info, again, if you do not pass info to add_item then get_info will be called. TIP: you do not have to pass a string to add_item(), you could use an array of infomation instead. e.g. add_item( AS2112,5,19.95,array(size=>large,color=>red)); then when you use get_contents, you echo $item[info][color] etc.
Enhancements:
- The empty cart function was fixed.
<<lessInstructions and examples for the free PHP Shopping Cart
To use the cart in an existing script:
Rename wfcart.php.txt to wfcart.php and upload to your server.
Then include the file:
include("wfcart.php");
Start the session, and assign the cart to it. NOTE: You must include the file wfcart.php before you start the session, its just the way PHP works.
session_start();
$cart =& $_SESSION[cart];
if(!is_object($cart)) $cart = new wfCart();
Then you can use the functions like $cart->get_contents();, these functions are documented below.
Adding an Item - $cart->add_item( code , quantity , price , info )
If you have a widget with code AB313 and a price of $40.11, you can add it to the cart with :
$cart->add_item(AB313,1,40.11,Widget AB313 Standard);
If the item AB313 is alreay in the cart, then the quantity of it will be increased by the quantity supplied to the function, in this case 1. The itemid must be unique, and can be letters and/or numbers.
Deleting an Item - $cart->del_item( itemid );
E.g. to delete the item ID 123
$cart->del_item(123);
Changing the quantity of an item -
$cart->edit_item( itemid, new_quantity );
For example :
$cart->edit_item(HA2,3);
If you set the quanitity to zero, the item is deleted.
Getting the number of items in a cart
echo $cart->itemcount;
Getting the total value of the cart.
echo $cart->total;
Emptying the cart
$cart->empty_cart();
Getting the cart contents
$items = $cart->get_contents();
$items is an array, so the following code displays the items.
foreach($items as $item) {
echo "Code/ID :".$item[id]."
";
echo "Quantity:".$item[qty]."
";
echo "Price :".$item[price]."
";
echo "Info :".$item[info]."
";
echo "Subtotal".$item[subtotal]."
";
}
Note, subtotal is quantity X price for that item, not a running total..
Extending Webforce Cart
There are 2 functions you can create that will enable more flexability.
One is wf_get_price( itemid, qty ). If you need to do pricing based on Quantity ( e.g. bulk discounts ) then you can create a function called wf_get_price to do what you need itto do. If you do not pass a price to add_item, then the wf_ get_price function will be called. If you use this functionality, AND your price is quantity dependant, then you must uncomment the line in the edit_item function.
The other is wf_get_info, again, if you do not pass info to add_item then get_info will be called. TIP: you do not have to pass a string to add_item(), you could use an array of infomation instead. e.g. add_item( AS2112,5,19.95,array(size=>large,color=>red)); then when you use get_contents, you echo $item[info][color] etc.
Enhancements:
- The empty cart function was fixed.
Download (0.003MB)
Added: 2007-04-06 License: LGPL (GNU Lesser General Public License) Price:
933 downloads
Whatmask 1.2
Whatmask provides a subnet info utility. more>>
Whatmask provides a subnet info utility.
Whatmask is a small C program that helps with network settings. Notations supported are CIDR (e.g. /24), Netmask (e.g. 255.255.255.0), and Wilcard Bits (e.g. 0.0.0.255).
These notations are all identical. CIDR notation commonly has a "/" in front of the number (representing the number of bits). Whatmask can accept these notations with or without a slash.
It can take any IP in the subnet along with the netmask in any format, and it will echo back the netmask in three formats, the network address, the broadcast address, the number of useable IPs, and the range of IPs in the subnet.
Binaries for Linux, Win32, and MacOS 9/X are available.
Enhancements:
- Added support for hex netmasks
- Minor bugfixes / cleanup
<<lessWhatmask is a small C program that helps with network settings. Notations supported are CIDR (e.g. /24), Netmask (e.g. 255.255.255.0), and Wilcard Bits (e.g. 0.0.0.255).
These notations are all identical. CIDR notation commonly has a "/" in front of the number (representing the number of bits). Whatmask can accept these notations with or without a slash.
It can take any IP in the subnet along with the netmask in any format, and it will echo back the netmask in three formats, the network address, the broadcast address, the number of useable IPs, and the range of IPs in the subnet.
Binaries for Linux, Win32, and MacOS 9/X are available.
Enhancements:
- Added support for hex netmasks
- Minor bugfixes / cleanup
Download (0.16MB)
Added: 2007-03-21 License: GPL (GNU General Public License) Price:
956 downloads
Command Line WRAPper 0.3.0
Command Line WRAPper is a tool to build and run commands from input lines. more>>
Command Line WRAPper is a tool that provides an easy way to build and run commands from input lines, avoiding the use of shell script. It is similar to xargs.
clwrap can make great things with the locate command, and is low resource intensive. It can also do some not-quite-fun works like multiple configure/make/make install after a fresh system installation. In practice, you have to generate a list of files/directories you want to manage, clwrap takes it in standard input and apply the command you want to apply for each files (lines) in input.
But you can do much more, in fact, its up to you to find how to use it ;).
examples:
- copying several files into one specific directory:
locate myfiles | clwrap -e cp {} mydir/
- renaming several files:
ls -1 ultra*
| clwrap -e "echo -n mv -v {}" -e "echo {} | sed s/ultra/ /"
| clwrap -e {}
- running a specific line in the shell history:
history | grep "482" | head -n 1 | sed s/ *[0-9]* *// | clwrap -v -e {}
- try all tv norms and frequency tables possible combinations with scantv:
cat norm
| clwrap -e "cat freq | clwrap -e echo scantv -n {} -f {}"
| clwrap -e {} > file 2>&1
- reformat source code, after a backup of course:
ls -1 | clwrap -e "cp {} {}.orig && flip -u {} && cat {}
| sed s/^[ t]*$//;/^$/d
| indent -kr -bad -bap -bbb -sob -i8 -l100 {} -o {}.tmp
&& mv {} tmp && mv {}.tmp {}"
<<lessclwrap can make great things with the locate command, and is low resource intensive. It can also do some not-quite-fun works like multiple configure/make/make install after a fresh system installation. In practice, you have to generate a list of files/directories you want to manage, clwrap takes it in standard input and apply the command you want to apply for each files (lines) in input.
But you can do much more, in fact, its up to you to find how to use it ;).
examples:
- copying several files into one specific directory:
locate myfiles | clwrap -e cp {} mydir/
- renaming several files:
ls -1 ultra*
| clwrap -e "echo -n mv -v {}" -e "echo {} | sed s/ultra/ /"
| clwrap -e {}
- running a specific line in the shell history:
history | grep "482" | head -n 1 | sed s/ *[0-9]* *// | clwrap -v -e {}
- try all tv norms and frequency tables possible combinations with scantv:
cat norm
| clwrap -e "cat freq | clwrap -e echo scantv -n {} -f {}"
| clwrap -e {} > file 2>&1
- reformat source code, after a backup of course:
ls -1 | clwrap -e "cp {} {}.orig && flip -u {} && cat {}
| sed s/^[ t]*$//;/^$/d
| indent -kr -bad -bap -bbb -sob -i8 -l100 {} -o {}.tmp
&& mv {} tmp && mv {}.tmp {}"
Download (0.042MB)
Added: 2005-04-04 License: GPL (GNU General Public License) Price:
1664 downloads
IPC::Run::Simple 1.3
IPC::Run::Simple is a simple system() wrapper. more>>
IPC::Run::Simple is a simple system() wrapper.
SYNOPSIS
# Run a command and check whether it failed
use IPC::Run::Simple;
run("echo Hello, O Cruel World")
or die "Command failed";
# Describe the failure
use IPC::Run::Simple qw($ERR);
run("echo Hello, O Cruel World")
or die "Command failed: $ERR";
# Use the :all tag instead of explicitly requesting $ERR
use IPC::Run::Simple qw(:all);
run("echo Hello, O Cruel World")
or die "Command failed: $ERR";
# Die with error message if command does not return 0
use IPC::Run::Simple qw(:Fatal);
run("echo Hello, O Cruel World");
# Allow other exit values without dying
use IPC::Run::Simple qw(:Fatal);
run(command => [ "echo", "Hello, O Cruel World!" ],
allowed => [ 1, 2, 5 ]);
This module is intended to be a very simple, straightforward wrapper around the system() call to make it behave more like other builtins.
run() will return a true value if the command was executed and return a successful status code, and false otherwise. The reason for the failure will be stored in the $IPC::Run::Simple::ERR variable (which is just $ERR if you import either $ERR or :all). The description of the reason was pulled almost directly from the system() documentation.
Optionally, you can import the :Fatal tag, which will cause run() to die() with an appropriate message if the command fails for any reason.
If you wish to allow nonzero exit values but still want to trap unexpected errors, you may use an expanded call syntax. Call run() with a set of key=>value pairs. The two implemented keys are command (an array reference containing the command to run) and allowed (an array reference of exit values that are allowed without causing run() to return false or throw an exception.)
<<lessSYNOPSIS
# Run a command and check whether it failed
use IPC::Run::Simple;
run("echo Hello, O Cruel World")
or die "Command failed";
# Describe the failure
use IPC::Run::Simple qw($ERR);
run("echo Hello, O Cruel World")
or die "Command failed: $ERR";
# Use the :all tag instead of explicitly requesting $ERR
use IPC::Run::Simple qw(:all);
run("echo Hello, O Cruel World")
or die "Command failed: $ERR";
# Die with error message if command does not return 0
use IPC::Run::Simple qw(:Fatal);
run("echo Hello, O Cruel World");
# Allow other exit values without dying
use IPC::Run::Simple qw(:Fatal);
run(command => [ "echo", "Hello, O Cruel World!" ],
allowed => [ 1, 2, 5 ]);
This module is intended to be a very simple, straightforward wrapper around the system() call to make it behave more like other builtins.
run() will return a true value if the command was executed and return a successful status code, and false otherwise. The reason for the failure will be stored in the $IPC::Run::Simple::ERR variable (which is just $ERR if you import either $ERR or :all). The description of the reason was pulled almost directly from the system() documentation.
Optionally, you can import the :Fatal tag, which will cause run() to die() with an appropriate message if the command fails for any reason.
If you wish to allow nonzero exit values but still want to trap unexpected errors, you may use an expanded call syntax. Call run() with a set of key=>value pairs. The two implemented keys are command (an array reference containing the command to run) and allowed (an array reference of exit values that are allowed without causing run() to return false or throw an exception.)
Download (0.005MB)
Added: 2007-08-15 License: Perl Artistic License Price:
802 downloads
HTML::Seamstress 4.26
HTML::Seamstress is a HTML::Tree subclass for HTML templating via tree rewriting. more>>
HTML::Seamstress is a HTML::Tree subclass for HTML templating via tree rewriting.
SYNOPSIS
HTML::Seamstress provides "fourth generation" dynamic HTML generation (templating).
In the beginning we had...
First generation dynamic HTML production
First generation dynamic HTML production used server-side includes:
< p >Todays date is < !--#echo var="DATE_LOCAL" -- > < /p >
Second generation dynamic HTML production
The next phase of HTML generation saw embedded HTML snippets in Perl code. For example:
sub header {
my $title = shift;
print $title< /title >
< /head >
EOHEADER
}
<<lessSYNOPSIS
HTML::Seamstress provides "fourth generation" dynamic HTML generation (templating).
In the beginning we had...
First generation dynamic HTML production
First generation dynamic HTML production used server-side includes:
< p >Todays date is < !--#echo var="DATE_LOCAL" -- > < /p >
Second generation dynamic HTML production
The next phase of HTML generation saw embedded HTML snippets in Perl code. For example:
sub header {
my $title = shift;
print $title< /title >
< /head >
EOHEADER
}
Download (0.048MB)
Added: 2006-09-14 License: Perl Artistic License Price:
1135 downloads
Packet filtering setup script
Packet filtering setup script by Anthony C. Zboralski. more>>
Packet filtering setup script by Anthony C. Zboralski. Adapted by Didi Damian for iptables version 1.0.0
Sample:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# Set up variables
EXT_IF="eth0"
INT_IF="eth1"
EXT_IP=24.x.x.x/32
INT_IP=192.168.0.1/32
EXT_NET=24.x.x.0/24
INT_NET=192.168.0.0/24
MASQ_NETS="192.168.0.0/24"
LOCAL_ADDRS="127.0.0.0/8 192.168.0.1/32 24.x.x.x/32"
MAIL_RELAY=24.x.x.x/32
SMB_ACCESS="192.168.0.2/32"
SMB_BCAST="192.168.0.255/32"
# Turn on IP forwarding
echo Turning on IP forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
# Load the ip_tables module
echo Loading ip_tables module.
/sbin/modprobe ip_tables || exit 1
# I let the kernel dynamically load the other modules
echo Flush standard tables.
iptables --flush INPUT
iptables --flush OUTPUT
iptables --flush FORWARD
echo Deny everything until firewall setup is completed.
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP
CHAINS=`iptables -n -L |perl -n -e /Chains+(S+)/ && !($1 =~ /^(INPUT|FORWARD|OUTPUT)$/) && print "$1 "`
echo Remove remaining chains:
echo $CHAINS
for chain in $CHAINS; do
iptables --flush $chain
done
# 2nd step cause of dependencies
for chain in $CHAINS; do
iptables --delete-chain $chain
done
for net in $MASQ_NETS; do
# I delete all the rules so you can rerun the scripts without bloating
# your nat entries.
iptables -D POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE 2>/dev/null
iptables -A POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE || exit 1
done
iptables --policy FORWARD ACCEPT
# Create a target for logging and dropping packets
iptables --new LDROP 2>/dev/null
iptables -A LDROP --proto tcp -j LOG --log-level info
--log-prefix "TCP Drop "
iptables -A LDROP --proto udp -j LOG --log-level info
--log-prefix "UDP Drop "
iptables -A LDROP --proto icmp -j LOG --log-level info
--log-prefix "ICMP Drop "
iptables -A LDROP --proto gre -j LOG --log-level info
--log-prefix "GRE Drop "
iptables -A LDROP -f -j LOG --log-level emerg
--log-prefix "FRAG Drop "
iptables -A LDROP -j DROP
# Create a table for watching some accepting rules
iptables --new WATCH 2>/dev/null
iptables -A WATCH -m limit -j LOG --log-level warn --log-prefix "ACCEPT "
iptables -A WATCH -j ACCEPT
echo Special target for local addresses:
iptables --new LOCAL 2>/dev/null
echo $LOCAL_ADDRS
for ip in $LOCAL_ADDRS; do
iptables -A INPUT --dst $ip -j LOCAL
# iptables -A INPUT --src $ip -i ! lo -j LDROP # lame spoof protect
done
echo Authorize mail from mail relay.
iptables -A LOCAL --proto tcp --syn --src $MAIL_RELAY --dst $EXT_IP --dport 25 -j ACCEPT
echo Authorizing samba access to:
echo $SMB_ACCESS
iptables --new SMB 2>/dev/null
for ip in $SMB_ACCESS; do
iptables -A SMB -s $ip -j ACCEPT
done
iptables -A LOCAL --proto udp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 445 -j SMB
iptables -A INPUT -i ! $EXT_IF --dst $SMB_BCAST -j ACCEPT #lame samba broadcast
echo Drop and log every other incoming tcp connection attempts.
iptables -A LOCAL -i ! lo --proto tcp --syn --j LDROP
echo Authorize dns access for local nets.
for net in $MASQ_NETS 127.0.0.0/8; do
iptables -A INPUT --proto udp --src $net --dport 53 -j ACCEPT
done
echo Enforcing up ICMP policies, use iptables -L ICMP to check.
# If you deny all ICMP messages you head for trouble since it would
# break lots of tcp/ip algorythm (acz)
iptables --new ICMP 2>/dev/null
iptables -A INPUT --proto icmp -j ICMP
iptables -A ICMP -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A ICMP -p icmp --icmp-type destination-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type protocol-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type port-unreachable -j ACCEPT
iptables -A ICMP -p icmp --icmp-type fragmentation-needed -j LDROP
iptables -A ICMP -p icmp --icmp-type source-route-failed -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type network-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type communication-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-precedence-violation -j LDROP
iptables -A ICMP -p icmp --icmp-type precedence-cutoff -j LDROP
iptables -A ICMP -p icmp --icmp-type source-quench -j LDROP
iptables -A ICMP -p icmp --icmp-type redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type echo-request -j WATCH
iptables -A ICMP -p icmp --icmp-type router-advertisement -j LDROP
iptables -A ICMP -p icmp --icmp-type router-solicitation -j LDROP
iptables -A ICMP -p icmp --icmp-type time-exceeded -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-transit -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-reassembly -j WATCH
iptables -A ICMP -p icmp --icmp-type parameter-problem -j WATCH
iptables -A ICMP -p icmp --icmp-type ip-header-bad -j WATCH
iptables -A ICMP -p icmp --icmp-type required-option-missing -j WATCH
iptables -A ICMP -p icmp --icmp-type timestamp-request -j LDROP
iptables -A ICMP -p icmp --icmp-type timestamp-reply -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-request -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-reply -j LDROP
iptables -A ICMP -p icmp -j LDROP
echo Authorize tcp traffic.
iptables -A INPUT --proto tcp -j ACCEPT
echo Authorize packet output.
iptables --policy OUTPUT ACCEPT
#echo reject ident if you drop em you gotta wait for timeout
#iptables -I LOCAL --proto tcp --syn --dst $EXT_IP --dport 113 -j REJECT
echo Drop and log all udp below 1024.
iptables -A INPUT -i ! lo --proto udp --dport :1023 -j LDROP
echo Drop rpc dynamic udp port:
RPC_UDP=`rpcinfo -p localhost|perl -n -e /.*udps+(d+)s+/ && print $1,"n"|sort -u`
echo $RPC_UDP
for port in $RPC_UDP; do
iptables -A LOCAL -i ! lo --proto udp --dport $port -j LDROP
done
echo Authorize udp above 1024.
iptables -A INPUT --proto udp --dport 1024: -j ACCEPT
<<lessSample:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# Set up variables
EXT_IF="eth0"
INT_IF="eth1"
EXT_IP=24.x.x.x/32
INT_IP=192.168.0.1/32
EXT_NET=24.x.x.0/24
INT_NET=192.168.0.0/24
MASQ_NETS="192.168.0.0/24"
LOCAL_ADDRS="127.0.0.0/8 192.168.0.1/32 24.x.x.x/32"
MAIL_RELAY=24.x.x.x/32
SMB_ACCESS="192.168.0.2/32"
SMB_BCAST="192.168.0.255/32"
# Turn on IP forwarding
echo Turning on IP forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
# Load the ip_tables module
echo Loading ip_tables module.
/sbin/modprobe ip_tables || exit 1
# I let the kernel dynamically load the other modules
echo Flush standard tables.
iptables --flush INPUT
iptables --flush OUTPUT
iptables --flush FORWARD
echo Deny everything until firewall setup is completed.
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP
CHAINS=`iptables -n -L |perl -n -e /Chains+(S+)/ && !($1 =~ /^(INPUT|FORWARD|OUTPUT)$/) && print "$1 "`
echo Remove remaining chains:
echo $CHAINS
for chain in $CHAINS; do
iptables --flush $chain
done
# 2nd step cause of dependencies
for chain in $CHAINS; do
iptables --delete-chain $chain
done
for net in $MASQ_NETS; do
# I delete all the rules so you can rerun the scripts without bloating
# your nat entries.
iptables -D POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE 2>/dev/null
iptables -A POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE || exit 1
done
iptables --policy FORWARD ACCEPT
# Create a target for logging and dropping packets
iptables --new LDROP 2>/dev/null
iptables -A LDROP --proto tcp -j LOG --log-level info
--log-prefix "TCP Drop "
iptables -A LDROP --proto udp -j LOG --log-level info
--log-prefix "UDP Drop "
iptables -A LDROP --proto icmp -j LOG --log-level info
--log-prefix "ICMP Drop "
iptables -A LDROP --proto gre -j LOG --log-level info
--log-prefix "GRE Drop "
iptables -A LDROP -f -j LOG --log-level emerg
--log-prefix "FRAG Drop "
iptables -A LDROP -j DROP
# Create a table for watching some accepting rules
iptables --new WATCH 2>/dev/null
iptables -A WATCH -m limit -j LOG --log-level warn --log-prefix "ACCEPT "
iptables -A WATCH -j ACCEPT
echo Special target for local addresses:
iptables --new LOCAL 2>/dev/null
echo $LOCAL_ADDRS
for ip in $LOCAL_ADDRS; do
iptables -A INPUT --dst $ip -j LOCAL
# iptables -A INPUT --src $ip -i ! lo -j LDROP # lame spoof protect
done
echo Authorize mail from mail relay.
iptables -A LOCAL --proto tcp --syn --src $MAIL_RELAY --dst $EXT_IP --dport 25 -j ACCEPT
echo Authorizing samba access to:
echo $SMB_ACCESS
iptables --new SMB 2>/dev/null
for ip in $SMB_ACCESS; do
iptables -A SMB -s $ip -j ACCEPT
done
iptables -A LOCAL --proto udp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 445 -j SMB
iptables -A INPUT -i ! $EXT_IF --dst $SMB_BCAST -j ACCEPT #lame samba broadcast
echo Drop and log every other incoming tcp connection attempts.
iptables -A LOCAL -i ! lo --proto tcp --syn --j LDROP
echo Authorize dns access for local nets.
for net in $MASQ_NETS 127.0.0.0/8; do
iptables -A INPUT --proto udp --src $net --dport 53 -j ACCEPT
done
echo Enforcing up ICMP policies, use iptables -L ICMP to check.
# If you deny all ICMP messages you head for trouble since it would
# break lots of tcp/ip algorythm (acz)
iptables --new ICMP 2>/dev/null
iptables -A INPUT --proto icmp -j ICMP
iptables -A ICMP -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A ICMP -p icmp --icmp-type destination-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type protocol-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type port-unreachable -j ACCEPT
iptables -A ICMP -p icmp --icmp-type fragmentation-needed -j LDROP
iptables -A ICMP -p icmp --icmp-type source-route-failed -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type network-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type communication-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-precedence-violation -j LDROP
iptables -A ICMP -p icmp --icmp-type precedence-cutoff -j LDROP
iptables -A ICMP -p icmp --icmp-type source-quench -j LDROP
iptables -A ICMP -p icmp --icmp-type redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type echo-request -j WATCH
iptables -A ICMP -p icmp --icmp-type router-advertisement -j LDROP
iptables -A ICMP -p icmp --icmp-type router-solicitation -j LDROP
iptables -A ICMP -p icmp --icmp-type time-exceeded -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-transit -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-reassembly -j WATCH
iptables -A ICMP -p icmp --icmp-type parameter-problem -j WATCH
iptables -A ICMP -p icmp --icmp-type ip-header-bad -j WATCH
iptables -A ICMP -p icmp --icmp-type required-option-missing -j WATCH
iptables -A ICMP -p icmp --icmp-type timestamp-request -j LDROP
iptables -A ICMP -p icmp --icmp-type timestamp-reply -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-request -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-reply -j LDROP
iptables -A ICMP -p icmp -j LDROP
echo Authorize tcp traffic.
iptables -A INPUT --proto tcp -j ACCEPT
echo Authorize packet output.
iptables --policy OUTPUT ACCEPT
#echo reject ident if you drop em you gotta wait for timeout
#iptables -I LOCAL --proto tcp --syn --dst $EXT_IP --dport 113 -j REJECT
echo Drop and log all udp below 1024.
iptables -A INPUT -i ! lo --proto udp --dport :1023 -j LDROP
echo Drop rpc dynamic udp port:
RPC_UDP=`rpcinfo -p localhost|perl -n -e /.*udps+(d+)s+/ && print $1,"n"|sort -u`
echo $RPC_UDP
for port in $RPC_UDP; do
iptables -A LOCAL -i ! lo --proto udp --dport $port -j LDROP
done
echo Authorize udp above 1024.
iptables -A INPUT --proto udp --dport 1024: -j ACCEPT
Download (MB)
Added: 2007-02-14 License: GPL (GNU General Public License) Price:
984 downloads
tcptraceroute 1.5 Beta6
tcptraceroute is a traceroute implementation using TCP packets. more>>
tcptraceroute project is a traceroute implementation using TCP packets.
The more traditional traceroute(8) sends out either UDP or ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets are taking to reach the destination.
The problem is that with the widespread use of firewalls on the modern Internet, many of the packets that traceroute(8) sends out end up being filtered, making it impossible to completely trace the path to the destination.
However, in many cases, these firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections on. By sending out TCP SYN packets instead of UDP or ICMP ECHO packets, tcptraceroute is able to bypass the most common firewall filters.
<<lessThe more traditional traceroute(8) sends out either UDP or ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets are taking to reach the destination.
The problem is that with the widespread use of firewalls on the modern Internet, many of the packets that traceroute(8) sends out end up being filtered, making it impossible to completely trace the path to the destination.
However, in many cases, these firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections on. By sending out TCP SYN packets instead of UDP or ICMP ECHO packets, tcptraceroute is able to bypass the most common firewall filters.
Download (0.14MB)
Added: 2006-03-10 License: GPL (GNU General Public License) Price:
1345 downloads
phpRiya 0.9 Beta
phpRiya is an excellent web based face recognition service. more>>
Riya is an excellent web based face recognition service. phpRiya is a PHP4 class written by GROU.PS team; phpRiya is designed to act as a wrapper for Riya s API. Methods process the response XML and return a friendly array of data to make development simple and intuitive.
Main features:
- LGPL license; you can use it for your commercial projects too!
- Covers 95% of Riya API
- Built-in DB/FS Caching
- Fully extensible via the "call" method
EXAMPLE
< ?php
require_once("phpRiya.php");
$r = new phpRiya("< api key >"); // http://riya.com/applyAPI
// optional - authentication
// required only in Authentication Required functions
// see Riya API
//
// $r->auth("< username >","< password >");
// make a search in public photos
// look for ones tagged with 2006
$photos = $r->photos_search_searchPublic(null,null,null,null,null,null,"2006");
foreach ($photos as $photo) {
echo "< img src="{$photo[thumbnail]}" border="1" />
";
}
?>
<<lessMain features:
- LGPL license; you can use it for your commercial projects too!
- Covers 95% of Riya API
- Built-in DB/FS Caching
- Fully extensible via the "call" method
EXAMPLE
< ?php
require_once("phpRiya.php");
$r = new phpRiya("< api key >"); // http://riya.com/applyAPI
// optional - authentication
// required only in Authentication Required functions
// see Riya API
//
// $r->auth("< username >","< password >");
// make a search in public photos
// look for ones tagged with 2006
$photos = $r->photos_search_searchPublic(null,null,null,null,null,null,"2006");
foreach ($photos as $photo) {
echo "< img src="{$photo[thumbnail]}" border="1" />
";
}
?>
Download (0.088MB)
Added: 2006-08-01 License: LGPL (GNU Lesser General Public License) Price:
1183 downloads
chan_misdn 0.2.1
chan_misdn is a channel driver for the open source PBX Asterisk for using ISDN BRI/PRI devices that are supported by mISDN. more>>
chan_misdn is a channel driver for the open source PBX Asterisk for using ISDN BRI/PRI devices that are supported by mISDN. chan_misdn is the new ISDN Layer for Linux.
Main features:
- NT and TE mode
- PP and PMP mode
- BRI and PRI (with BNE1 and BN2E1 Cards)
- DTMF Detection in HW+mISDNdsp (much better than asterisks internal!)
- Display Messages to Phones (which support display msg)
- HOLD/RETRIEVE/TRANSFER on ISDN Phones : )
- Screen/ Not Screen User Number
- Basic EchoCancellation
- Volume Control
- Crypting with mISDNdsp (Blowfish)
- Data (HDLC) callthrough
- Data Callin (with app_ptyfork +pppd)
- echo cancellation
- some other
Enhancements:
- Release management was changed.
- This is the first stable version.
<<lessMain features:
- NT and TE mode
- PP and PMP mode
- BRI and PRI (with BNE1 and BN2E1 Cards)
- DTMF Detection in HW+mISDNdsp (much better than asterisks internal!)
- Display Messages to Phones (which support display msg)
- HOLD/RETRIEVE/TRANSFER on ISDN Phones : )
- Screen/ Not Screen User Number
- Basic EchoCancellation
- Volume Control
- Crypting with mISDNdsp (Blowfish)
- Data (HDLC) callthrough
- Data Callin (with app_ptyfork +pppd)
- echo cancellation
- some other
Enhancements:
- Release management was changed.
- This is the first stable version.
Download (0.12MB)
Added: 2005-12-06 License: GPL (GNU General Public License) Price:
1418 downloads
Configuration with no services supported
Configuration with no services supported script is for a single host firewall configuration with no services supported. more>>
Configuration with no services supported script is for a single host firewall configuration with no services supported by the firewall machine itself.
Sample:
# USER CONFIGURABLE SECTION
# The name and location of the ipchains utility.
IPTABLES=iptables
# The path to the ipchains executable.
PATH="/usr/local/sbin"
# Our internal network address space and its supporting network device.
OURNET="10.5.0.0/24"
OURBCAST="10.5.0.255"
OURDEV="eth0"
# The outside address and the network device that supports it.
ANYADDR="0/0"
ANYDEV="ppp0"
# The TCP services we wish to allow to pass - "" empty means all ports
# note: comma separated
TCPIN="ssh,ftp,ftp-data"
TCPOUT="smtp,www,ssh,telnet,ftp,ftp-data,irc,http"
# The UDP services we wish to allow to pass - "" empty means all ports
# note: comma separated
UDPIN="domain"
UDPOUT="domain"
# The ICMP services we wish to allow to pass - "" empty means all types
# ref: /usr/include/netinet/ip_icmp.h for type numbers
# note: comma separated
ICMPIN="0,3,11"
ICMPOUT="8,3,11"
# Logging; uncomment the following line to enable logging of datagrams
# that are blocked by the firewall.
# LOGGING=1
# END USER CONFIGURABLE SECTION
####################################
# Flush the Input table rules
echo -n Flushing forward... && {
$IPTABLES -F FORWARD
} && echo done
# We want to deny incoming access by default.
# echo -n Denying incoming access... && {
# $IPTABLES -P FORWARD drop
# } && echo done
# Drop all datagrams destined for this host received from outside.
echo -n Dropping incoming datagrams... && {
$IPTABLES -A INPUT -i $ANYDEV -j DROP
} && echo done
# SPOOFING
# We should not accept any datagrams with a source address matching ours
# from the outside, so we deny them.
echo -n Preventing spoofing... && {
$IPTABLES -A FORWARD -s $OURNET -i $ANYDEV -j DROP
} && echo done
# SMURF
# Disallow ICMP to our broadcast address to prevent "Smurf" style attack.
echo -n Preventing SMURFs... && {
$IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET -j DROP
} && echo done
# We should accept fragments, in iptables we must do this explicitly.
echo -n Accepting fragments... && {
$IPTABLES -A FORWARD -f -j ACCEPT
} && echo done
# TCP
# We will accept all TCP datagrams belonging to an existing connection
# (i.e. having the ACK bit set) for the TCP ports were allowing through.
# This should catch more than 95 % of all valid TCP packets.
echo -n Accepting valid incoming tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -d $OURNET --dports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
echo -n Accepting valid outgoing tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -s $OURNET --sports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
# TCP - INCOMING CONNECTIONS
# We will accept connection requests from the outside only on the
# allowed TCP ports.
echo -n Accepting incoming tcp connections on allowed ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $ANYDEV -d $OURNET --dports $TCPIN --syn -j ACCEPT
} && echo done
# TCP - OUTGOING CONNECTIONS
# We will accept all outgoing tcp connection requests on the allowed TCP ports.
echo -n Accepting outgoing traffic on allowed tcp ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $OURDEV -d $ANYADDR --dports $TCPOUT --syn -j ACCEPT
} && echo done
# UDP - INCOMING
# allow UDP datagrams in on the allowed ports and back.
echo -n Allowing UDP datagrams in on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -d $OURNET --dports $UDPIN -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -s $OURNET --sports $UDPIN -j ACCEPT
} && echo done
# UDP - OUTGOING
# We will allow UDP datagrams out to the allowed ports and back.
echo -n Allowing UDP datagrams out on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -d $ANYADDR --dports $UDPOUT -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -s $ANYADDR --sports $UDPOUT -j ACCEPT
} && echo done
# ICMP - INCOMING
# We will allow ICMP datagrams in of the allowed types.
# echo -n Allowing ICMP datagrams in of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET --icmp-type $ICMPIN -j ACCEPT
# } && echo done
# ICMP - OUTGOING
# We will allow ICMP datagrams out of the allowed types.
# echo -n Allowing ICMP datagrams out of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $OURDEV -d $ANYADDR --icmp-type $ICMPOUT -j ACCEPT
# } && echo done
# DEFAULT and LOGGING
# All remaining datagrams fall through to the default
# rule and are dropped. They will be logged if youve
# configured the LOGGING variable above.
#
# DoS
# enabling Syn-flood protection
echo -n Enabling Syn-flood protection... && {
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling Furtive port scanner protection
echo -n Enabling Furtive port scanner protection... && {
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling ping of death protection
echo -n Enabling ping of death protection... && {
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
} && echo done
if [ "$LOGGING" ]
then
# Log barred TCP
$IPTABLES -A FORWARD -m tcp -p tcp -j LOG
# Log barred UDP
$IPTABLES -A FORWARD -m udp -p udp -j LOG
# Log barred ICMP
$IPTABLES -A FORWARD -m udp -p icmp -j LOG
fi
#
# end.
<<lessSample:
# USER CONFIGURABLE SECTION
# The name and location of the ipchains utility.
IPTABLES=iptables
# The path to the ipchains executable.
PATH="/usr/local/sbin"
# Our internal network address space and its supporting network device.
OURNET="10.5.0.0/24"
OURBCAST="10.5.0.255"
OURDEV="eth0"
# The outside address and the network device that supports it.
ANYADDR="0/0"
ANYDEV="ppp0"
# The TCP services we wish to allow to pass - "" empty means all ports
# note: comma separated
TCPIN="ssh,ftp,ftp-data"
TCPOUT="smtp,www,ssh,telnet,ftp,ftp-data,irc,http"
# The UDP services we wish to allow to pass - "" empty means all ports
# note: comma separated
UDPIN="domain"
UDPOUT="domain"
# The ICMP services we wish to allow to pass - "" empty means all types
# ref: /usr/include/netinet/ip_icmp.h for type numbers
# note: comma separated
ICMPIN="0,3,11"
ICMPOUT="8,3,11"
# Logging; uncomment the following line to enable logging of datagrams
# that are blocked by the firewall.
# LOGGING=1
# END USER CONFIGURABLE SECTION
####################################
# Flush the Input table rules
echo -n Flushing forward... && {
$IPTABLES -F FORWARD
} && echo done
# We want to deny incoming access by default.
# echo -n Denying incoming access... && {
# $IPTABLES -P FORWARD drop
# } && echo done
# Drop all datagrams destined for this host received from outside.
echo -n Dropping incoming datagrams... && {
$IPTABLES -A INPUT -i $ANYDEV -j DROP
} && echo done
# SPOOFING
# We should not accept any datagrams with a source address matching ours
# from the outside, so we deny them.
echo -n Preventing spoofing... && {
$IPTABLES -A FORWARD -s $OURNET -i $ANYDEV -j DROP
} && echo done
# SMURF
# Disallow ICMP to our broadcast address to prevent "Smurf" style attack.
echo -n Preventing SMURFs... && {
$IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET -j DROP
} && echo done
# We should accept fragments, in iptables we must do this explicitly.
echo -n Accepting fragments... && {
$IPTABLES -A FORWARD -f -j ACCEPT
} && echo done
# TCP
# We will accept all TCP datagrams belonging to an existing connection
# (i.e. having the ACK bit set) for the TCP ports were allowing through.
# This should catch more than 95 % of all valid TCP packets.
echo -n Accepting valid incoming tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -d $OURNET --dports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
echo -n Accepting valid outgoing tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -s $OURNET --sports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
# TCP - INCOMING CONNECTIONS
# We will accept connection requests from the outside only on the
# allowed TCP ports.
echo -n Accepting incoming tcp connections on allowed ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $ANYDEV -d $OURNET --dports $TCPIN --syn -j ACCEPT
} && echo done
# TCP - OUTGOING CONNECTIONS
# We will accept all outgoing tcp connection requests on the allowed TCP ports.
echo -n Accepting outgoing traffic on allowed tcp ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $OURDEV -d $ANYADDR --dports $TCPOUT --syn -j ACCEPT
} && echo done
# UDP - INCOMING
# allow UDP datagrams in on the allowed ports and back.
echo -n Allowing UDP datagrams in on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -d $OURNET --dports $UDPIN -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -s $OURNET --sports $UDPIN -j ACCEPT
} && echo done
# UDP - OUTGOING
# We will allow UDP datagrams out to the allowed ports and back.
echo -n Allowing UDP datagrams out on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -d $ANYADDR --dports $UDPOUT -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -s $ANYADDR --sports $UDPOUT -j ACCEPT
} && echo done
# ICMP - INCOMING
# We will allow ICMP datagrams in of the allowed types.
# echo -n Allowing ICMP datagrams in of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET --icmp-type $ICMPIN -j ACCEPT
# } && echo done
# ICMP - OUTGOING
# We will allow ICMP datagrams out of the allowed types.
# echo -n Allowing ICMP datagrams out of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $OURDEV -d $ANYADDR --icmp-type $ICMPOUT -j ACCEPT
# } && echo done
# DEFAULT and LOGGING
# All remaining datagrams fall through to the default
# rule and are dropped. They will be logged if youve
# configured the LOGGING variable above.
#
# DoS
# enabling Syn-flood protection
echo -n Enabling Syn-flood protection... && {
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling Furtive port scanner protection
echo -n Enabling Furtive port scanner protection... && {
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling ping of death protection
echo -n Enabling ping of death protection... && {
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
} && echo done
if [ "$LOGGING" ]
then
# Log barred TCP
$IPTABLES -A FORWARD -m tcp -p tcp -j LOG
# Log barred UDP
$IPTABLES -A FORWARD -m udp -p udp -j LOG
# Log barred ICMP
$IPTABLES -A FORWARD -m udp -p icmp -j LOG
fi
#
# end.
Download (MB)
Added: 2007-02-14 License: GPL (GNU General Public License) Price:
982 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above echo trimmers search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
