filtering water
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 1405
Packet filtering setup script
Packet filtering setup script by Anthony C. Zboralski. more>>
Packet filtering setup script by Anthony C. Zboralski. Adapted by Didi Damian for iptables version 1.0.0
Sample:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# Set up variables
EXT_IF="eth0"
INT_IF="eth1"
EXT_IP=24.x.x.x/32
INT_IP=192.168.0.1/32
EXT_NET=24.x.x.0/24
INT_NET=192.168.0.0/24
MASQ_NETS="192.168.0.0/24"
LOCAL_ADDRS="127.0.0.0/8 192.168.0.1/32 24.x.x.x/32"
MAIL_RELAY=24.x.x.x/32
SMB_ACCESS="192.168.0.2/32"
SMB_BCAST="192.168.0.255/32"
# Turn on IP forwarding
echo Turning on IP forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
# Load the ip_tables module
echo Loading ip_tables module.
/sbin/modprobe ip_tables || exit 1
# I let the kernel dynamically load the other modules
echo Flush standard tables.
iptables --flush INPUT
iptables --flush OUTPUT
iptables --flush FORWARD
echo Deny everything until firewall setup is completed.
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP
CHAINS=`iptables -n -L |perl -n -e /Chains+(S+)/ && !($1 =~ /^(INPUT|FORWARD|OUTPUT)$/) && print "$1 "`
echo Remove remaining chains:
echo $CHAINS
for chain in $CHAINS; do
iptables --flush $chain
done
# 2nd step cause of dependencies
for chain in $CHAINS; do
iptables --delete-chain $chain
done
for net in $MASQ_NETS; do
# I delete all the rules so you can rerun the scripts without bloating
# your nat entries.
iptables -D POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE 2>/dev/null
iptables -A POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE || exit 1
done
iptables --policy FORWARD ACCEPT
# Create a target for logging and dropping packets
iptables --new LDROP 2>/dev/null
iptables -A LDROP --proto tcp -j LOG --log-level info
--log-prefix "TCP Drop "
iptables -A LDROP --proto udp -j LOG --log-level info
--log-prefix "UDP Drop "
iptables -A LDROP --proto icmp -j LOG --log-level info
--log-prefix "ICMP Drop "
iptables -A LDROP --proto gre -j LOG --log-level info
--log-prefix "GRE Drop "
iptables -A LDROP -f -j LOG --log-level emerg
--log-prefix "FRAG Drop "
iptables -A LDROP -j DROP
# Create a table for watching some accepting rules
iptables --new WATCH 2>/dev/null
iptables -A WATCH -m limit -j LOG --log-level warn --log-prefix "ACCEPT "
iptables -A WATCH -j ACCEPT
echo Special target for local addresses:
iptables --new LOCAL 2>/dev/null
echo $LOCAL_ADDRS
for ip in $LOCAL_ADDRS; do
iptables -A INPUT --dst $ip -j LOCAL
# iptables -A INPUT --src $ip -i ! lo -j LDROP # lame spoof protect
done
echo Authorize mail from mail relay.
iptables -A LOCAL --proto tcp --syn --src $MAIL_RELAY --dst $EXT_IP --dport 25 -j ACCEPT
echo Authorizing samba access to:
echo $SMB_ACCESS
iptables --new SMB 2>/dev/null
for ip in $SMB_ACCESS; do
iptables -A SMB -s $ip -j ACCEPT
done
iptables -A LOCAL --proto udp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 445 -j SMB
iptables -A INPUT -i ! $EXT_IF --dst $SMB_BCAST -j ACCEPT #lame samba broadcast
echo Drop and log every other incoming tcp connection attempts.
iptables -A LOCAL -i ! lo --proto tcp --syn --j LDROP
echo Authorize dns access for local nets.
for net in $MASQ_NETS 127.0.0.0/8; do
iptables -A INPUT --proto udp --src $net --dport 53 -j ACCEPT
done
echo Enforcing up ICMP policies, use iptables -L ICMP to check.
# If you deny all ICMP messages you head for trouble since it would
# break lots of tcp/ip algorythm (acz)
iptables --new ICMP 2>/dev/null
iptables -A INPUT --proto icmp -j ICMP
iptables -A ICMP -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A ICMP -p icmp --icmp-type destination-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type protocol-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type port-unreachable -j ACCEPT
iptables -A ICMP -p icmp --icmp-type fragmentation-needed -j LDROP
iptables -A ICMP -p icmp --icmp-type source-route-failed -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type network-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type communication-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-precedence-violation -j LDROP
iptables -A ICMP -p icmp --icmp-type precedence-cutoff -j LDROP
iptables -A ICMP -p icmp --icmp-type source-quench -j LDROP
iptables -A ICMP -p icmp --icmp-type redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type echo-request -j WATCH
iptables -A ICMP -p icmp --icmp-type router-advertisement -j LDROP
iptables -A ICMP -p icmp --icmp-type router-solicitation -j LDROP
iptables -A ICMP -p icmp --icmp-type time-exceeded -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-transit -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-reassembly -j WATCH
iptables -A ICMP -p icmp --icmp-type parameter-problem -j WATCH
iptables -A ICMP -p icmp --icmp-type ip-header-bad -j WATCH
iptables -A ICMP -p icmp --icmp-type required-option-missing -j WATCH
iptables -A ICMP -p icmp --icmp-type timestamp-request -j LDROP
iptables -A ICMP -p icmp --icmp-type timestamp-reply -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-request -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-reply -j LDROP
iptables -A ICMP -p icmp -j LDROP
echo Authorize tcp traffic.
iptables -A INPUT --proto tcp -j ACCEPT
echo Authorize packet output.
iptables --policy OUTPUT ACCEPT
#echo reject ident if you drop em you gotta wait for timeout
#iptables -I LOCAL --proto tcp --syn --dst $EXT_IP --dport 113 -j REJECT
echo Drop and log all udp below 1024.
iptables -A INPUT -i ! lo --proto udp --dport :1023 -j LDROP
echo Drop rpc dynamic udp port:
RPC_UDP=`rpcinfo -p localhost|perl -n -e /.*udps+(d+)s+/ && print $1,"n"|sort -u`
echo $RPC_UDP
for port in $RPC_UDP; do
iptables -A LOCAL -i ! lo --proto udp --dport $port -j LDROP
done
echo Authorize udp above 1024.
iptables -A INPUT --proto udp --dport 1024: -j ACCEPT
<<lessSample:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# Set up variables
EXT_IF="eth0"
INT_IF="eth1"
EXT_IP=24.x.x.x/32
INT_IP=192.168.0.1/32
EXT_NET=24.x.x.0/24
INT_NET=192.168.0.0/24
MASQ_NETS="192.168.0.0/24"
LOCAL_ADDRS="127.0.0.0/8 192.168.0.1/32 24.x.x.x/32"
MAIL_RELAY=24.x.x.x/32
SMB_ACCESS="192.168.0.2/32"
SMB_BCAST="192.168.0.255/32"
# Turn on IP forwarding
echo Turning on IP forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
# Load the ip_tables module
echo Loading ip_tables module.
/sbin/modprobe ip_tables || exit 1
# I let the kernel dynamically load the other modules
echo Flush standard tables.
iptables --flush INPUT
iptables --flush OUTPUT
iptables --flush FORWARD
echo Deny everything until firewall setup is completed.
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP
CHAINS=`iptables -n -L |perl -n -e /Chains+(S+)/ && !($1 =~ /^(INPUT|FORWARD|OUTPUT)$/) && print "$1 "`
echo Remove remaining chains:
echo $CHAINS
for chain in $CHAINS; do
iptables --flush $chain
done
# 2nd step cause of dependencies
for chain in $CHAINS; do
iptables --delete-chain $chain
done
for net in $MASQ_NETS; do
# I delete all the rules so you can rerun the scripts without bloating
# your nat entries.
iptables -D POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE 2>/dev/null
iptables -A POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE || exit 1
done
iptables --policy FORWARD ACCEPT
# Create a target for logging and dropping packets
iptables --new LDROP 2>/dev/null
iptables -A LDROP --proto tcp -j LOG --log-level info
--log-prefix "TCP Drop "
iptables -A LDROP --proto udp -j LOG --log-level info
--log-prefix "UDP Drop "
iptables -A LDROP --proto icmp -j LOG --log-level info
--log-prefix "ICMP Drop "
iptables -A LDROP --proto gre -j LOG --log-level info
--log-prefix "GRE Drop "
iptables -A LDROP -f -j LOG --log-level emerg
--log-prefix "FRAG Drop "
iptables -A LDROP -j DROP
# Create a table for watching some accepting rules
iptables --new WATCH 2>/dev/null
iptables -A WATCH -m limit -j LOG --log-level warn --log-prefix "ACCEPT "
iptables -A WATCH -j ACCEPT
echo Special target for local addresses:
iptables --new LOCAL 2>/dev/null
echo $LOCAL_ADDRS
for ip in $LOCAL_ADDRS; do
iptables -A INPUT --dst $ip -j LOCAL
# iptables -A INPUT --src $ip -i ! lo -j LDROP # lame spoof protect
done
echo Authorize mail from mail relay.
iptables -A LOCAL --proto tcp --syn --src $MAIL_RELAY --dst $EXT_IP --dport 25 -j ACCEPT
echo Authorizing samba access to:
echo $SMB_ACCESS
iptables --new SMB 2>/dev/null
for ip in $SMB_ACCESS; do
iptables -A SMB -s $ip -j ACCEPT
done
iptables -A LOCAL --proto udp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 445 -j SMB
iptables -A INPUT -i ! $EXT_IF --dst $SMB_BCAST -j ACCEPT #lame samba broadcast
echo Drop and log every other incoming tcp connection attempts.
iptables -A LOCAL -i ! lo --proto tcp --syn --j LDROP
echo Authorize dns access for local nets.
for net in $MASQ_NETS 127.0.0.0/8; do
iptables -A INPUT --proto udp --src $net --dport 53 -j ACCEPT
done
echo Enforcing up ICMP policies, use iptables -L ICMP to check.
# If you deny all ICMP messages you head for trouble since it would
# break lots of tcp/ip algorythm (acz)
iptables --new ICMP 2>/dev/null
iptables -A INPUT --proto icmp -j ICMP
iptables -A ICMP -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A ICMP -p icmp --icmp-type destination-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type protocol-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type port-unreachable -j ACCEPT
iptables -A ICMP -p icmp --icmp-type fragmentation-needed -j LDROP
iptables -A ICMP -p icmp --icmp-type source-route-failed -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type network-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type communication-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-precedence-violation -j LDROP
iptables -A ICMP -p icmp --icmp-type precedence-cutoff -j LDROP
iptables -A ICMP -p icmp --icmp-type source-quench -j LDROP
iptables -A ICMP -p icmp --icmp-type redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type echo-request -j WATCH
iptables -A ICMP -p icmp --icmp-type router-advertisement -j LDROP
iptables -A ICMP -p icmp --icmp-type router-solicitation -j LDROP
iptables -A ICMP -p icmp --icmp-type time-exceeded -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-transit -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-reassembly -j WATCH
iptables -A ICMP -p icmp --icmp-type parameter-problem -j WATCH
iptables -A ICMP -p icmp --icmp-type ip-header-bad -j WATCH
iptables -A ICMP -p icmp --icmp-type required-option-missing -j WATCH
iptables -A ICMP -p icmp --icmp-type timestamp-request -j LDROP
iptables -A ICMP -p icmp --icmp-type timestamp-reply -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-request -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-reply -j LDROP
iptables -A ICMP -p icmp -j LDROP
echo Authorize tcp traffic.
iptables -A INPUT --proto tcp -j ACCEPT
echo Authorize packet output.
iptables --policy OUTPUT ACCEPT
#echo reject ident if you drop em you gotta wait for timeout
#iptables -I LOCAL --proto tcp --syn --dst $EXT_IP --dport 113 -j REJECT
echo Drop and log all udp below 1024.
iptables -A INPUT -i ! lo --proto udp --dport :1023 -j LDROP
echo Drop rpc dynamic udp port:
RPC_UDP=`rpcinfo -p localhost|perl -n -e /.*udps+(d+)s+/ && print $1,"n"|sort -u`
echo $RPC_UDP
for port in $RPC_UDP; do
iptables -A LOCAL -i ! lo --proto udp --dport $port -j LDROP
done
echo Authorize udp above 1024.
iptables -A INPUT --proto udp --dport 1024: -j ACCEPT
Download (MB)
Added: 2007-02-14 License: GPL (GNU General Public License) Price:
984 downloads
Dirty Water 0.1.0
Dirty Water project is a custom MUD server. more>>
Dirty Water project is a custom MUD server.
Dirty Water is an original MUD server/engine written in OCaml.
It is designed to be much more advanced and realistic and to encourage role playing more than Diku-style MUDs.
We are using a higher level language which we feel will yield a code-base that is significantly easier to modify, maintain and understand.
We felt that OCaml would make a good choice for this language, though we have since decided Scheme would be a better choice.
All of our code is licensed under the GNU GPL.
Enhancements:
- can pick up items
- can view inventory
- you can specify 1st, 2nd, etc when refering to items
- cant pick up buildings or yourself
- dont see yourself in room descriptions
<<lessDirty Water is an original MUD server/engine written in OCaml.
It is designed to be much more advanced and realistic and to encourage role playing more than Diku-style MUDs.
We are using a higher level language which we feel will yield a code-base that is significantly easier to modify, maintain and understand.
We felt that OCaml would make a good choice for this language, though we have since decided Scheme would be a better choice.
All of our code is licensed under the GNU GPL.
Enhancements:
- can pick up items
- can view inventory
- you can specify 1st, 2nd, etc when refering to items
- cant pick up buildings or yourself
- dont see yourself in room descriptions
Download (0.085MB)
Added: 2006-12-19 License: GPL (GNU General Public License) Price:
1041 downloads
ip-filter-cgi 0.1
ip-filter-cgi is a set of perl script to modify rules of IP Filter (IP Filter is a TCP/IP packet filter cf: http://coombs.anu.ed more>>
ip-filter-cgi is a set of perl script to modify rules of IP Filter (IP Filter is a TCP/IP packet filter cf: http://coombs.anu.edu.au/~avalon/ip-filter.html). If you make any improvement, correction send it back to. The scripts is not complete and is provided for testing purpose.
adulau@metatix.com .
Main features:
- Perl 5.0 (+CGI.pm)
- a HTTP server (Apache)
<<lessadulau@metatix.com .
Main features:
- Perl 5.0 (+CGI.pm)
- a HTTP server (Apache)
Download (0.047MB)
Added: 2006-06-22 License: GPL (GNU General Public License) Price:
1221 downloads
SEO Filter Lite 1.0.0
SEO Filter is a Search Engine Optimization Software for forums. It catches the content from a forum or cms software and makes it more seo friendly by converting dynamic links into static and removing more>> SEO Filter is a Search Engine Optimization Software for forums.
It catches the content from a forum or cms software and makes it more seo friendly by converting dynamic links into static and removing session ids from links and much more.
<<less
Download (90KB)
Added: 2009-04-11 License: Freeware Price: Free
195 downloads
Sax Filter 1.4
Sax Filter is a modular set of filters that can be used to process XML documents via Javas SAX support. more>>
Sax Filter is a modular set of filters that can be used to process XML documents via Javas SAX support.
Currently, the filters only process content (the ContentHandler interface).
<<lessCurrently, the filters only process content (the ContentHandler interface).
Download (0.048MB)
Added: 2006-12-24 License: GPL (GNU General Public License) Price:
1035 downloads
FIR Filter Plugin 1.0.0
The FIR filter Plugin is an effect plugin for XMMS which enables to filter audio data using long FIR filters. more>>
FIR filter Plugin is an effect plugin for XMMS which enables to filter audio data using long FIR (finite impulse response) filters. Typical applications is loudspeaker or room equalization which typically requires filters with more than 300 taps (filter weights).
The FIR filter plugin uses the fftw3 library to perform the filtering using the overlap-and-add method. If fftw3 is not available the plugin will perform the filtering (convolution) in the time-domain which is much less efficient for long filters.
<<lessThe FIR filter plugin uses the fftw3 library to perform the filtering using the overlap-and-add method. If fftw3 is not available the plugin will perform the filtering (convolution) in the time-domain which is much less efficient for long filters.
Download (0.20MB)
Added: 2006-04-05 License: GPL (GNU General Public License) Price:
1299 downloads
RubyFilter 0.12
RubyFilter provides a Ruby email filtering program and library. more>>
RubyFilter provides a Ruby email filtering program and library.
RubyFilter is a Ruby email filtering program that can serve as a replacement for email delivery programs such as procmail.
It is also a Ruby module which provides classes that make it easy to write programs that filter and deliver email.
<<lessRubyFilter is a Ruby email filtering program that can serve as a replacement for email delivery programs such as procmail.
It is also a Ruby module which provides classes that make it easy to write programs that filter and deliver email.
Download (0.059MB)
Added: 2007-04-17 License: BSD License Price:
921 downloads
Filter::decrypt 1.33
Filter::decrypt Perl module contains a template for a decrypt source filter. more>>
Filter::decrypt Perl module contains a template for a decrypt source filter.
SYNOPSIS
use Filter::decrypt ;
This is a sample decrypting source filter.
Although this is a fully functional source filter and it does implement a very simple decrypt algorithm, it is not intended to be used as it is supplied. Consider it to be a template which you can combine with a proper decryption algorithm to develop your own decryption filter.
WARNING
It is important to note that a decryption filter can never provide complete security against attack. At some point the parser within Perl needs to be able to scan the original decrypted source. That means that at some stage fragments of the source will exist in a memory buffer.
Also, with the introduction of the Perl Compiler backend modules, and the B::Deparse module in particular, using a Source Filter to hide source code is becoming an increasingly futile exercise.
The best you can hope to achieve by decrypting your Perl source using a source filter is to make it unavailable to the casual user.
Given that proviso, there are a number of things you can do to make life more difficult for the prospective cracker.
Strip the Perl binary to remove all symbols.
Build the decrypt extension using static linking. If the extension is provided as a dynamic module, there is nothing to stop someone from linking it at run time with a modified Perl binary.
Do not build Perl with -DDEBUGGING. If you do then your source can be retrieved with the -Dp command line option.
The sample filter contains logic to detect the DEBUGGING option.
Do not build Perl with C debugging support enabled.
Do not implement the decryption filter as a sub-process (like the cpp source filter). It is possible to peek into the pipe that connects to the sub-process.
Check that the Perl Compiler isnt being used.
There is code in the BOOT: section of decrypt.xs that shows how to detect the presence of the Compiler. Make sure you include it in your module.
Assuming you havent taken any steps to spot when the compiler is in use and you have an encrypted Perl script called "myscript.pl", you can get access the source code inside it using the perl Compiler backend, like this
perl -MO=Deparse myscript.pl
Note that even if you have included the BOOT: test, it is still possible to use the Deparse module to get the source code for individual subroutines.
Do not use the decrypt filter as-is. The algorithm used in this filter has been purposefully left simple.
If you feel that the source filtering mechanism is not secure enough you could try using the unexec/undump method. See the Perl FAQ for further details.
<<lessSYNOPSIS
use Filter::decrypt ;
This is a sample decrypting source filter.
Although this is a fully functional source filter and it does implement a very simple decrypt algorithm, it is not intended to be used as it is supplied. Consider it to be a template which you can combine with a proper decryption algorithm to develop your own decryption filter.
WARNING
It is important to note that a decryption filter can never provide complete security against attack. At some point the parser within Perl needs to be able to scan the original decrypted source. That means that at some stage fragments of the source will exist in a memory buffer.
Also, with the introduction of the Perl Compiler backend modules, and the B::Deparse module in particular, using a Source Filter to hide source code is becoming an increasingly futile exercise.
The best you can hope to achieve by decrypting your Perl source using a source filter is to make it unavailable to the casual user.
Given that proviso, there are a number of things you can do to make life more difficult for the prospective cracker.
Strip the Perl binary to remove all symbols.
Build the decrypt extension using static linking. If the extension is provided as a dynamic module, there is nothing to stop someone from linking it at run time with a modified Perl binary.
Do not build Perl with -DDEBUGGING. If you do then your source can be retrieved with the -Dp command line option.
The sample filter contains logic to detect the DEBUGGING option.
Do not build Perl with C debugging support enabled.
Do not implement the decryption filter as a sub-process (like the cpp source filter). It is possible to peek into the pipe that connects to the sub-process.
Check that the Perl Compiler isnt being used.
There is code in the BOOT: section of decrypt.xs that shows how to detect the presence of the Compiler. Make sure you include it in your module.
Assuming you havent taken any steps to spot when the compiler is in use and you have an encrypted Perl script called "myscript.pl", you can get access the source code inside it using the perl Compiler backend, like this
perl -MO=Deparse myscript.pl
Note that even if you have included the BOOT: test, it is still possible to use the Deparse module to get the source code for individual subroutines.
Do not use the decrypt filter as-is. The algorithm used in this filter has been purposefully left simple.
If you feel that the source filtering mechanism is not secure enough you could try using the unexec/undump method. See the Perl FAQ for further details.
Download (0.040MB)
Added: 2007-06-01 License: Perl Artistic License Price:
531 downloads
squid-filter 0.9
squid-filter project was designed to build filtering capabilities comparable to those of Muffin into Squid. more>>
squid-filter project was designed to build filtering capabilities comparable to those of Muffin into Squid. It consists of
a patch to Squid, containing a module loader and filtering hooks, and a set of filter modules.
Currently available filters:
- Redirection of URIs.
- Rejection of certain (configurable) MIME content types.
- Suppression of cookies.
- Removal of Javascript and ActiveX.
- Breaking of GIF animation loops.
- Detection of 1x1 images.
Main features:
- Modular, easily extensible by writing new filters.
- Flexible configuration. Filters are independent from each other.
- Each filter can take a list of URIs which should not be filtered (allow list). URIs are specified as full regular expressions.
- Client can choose to bypass filters case-by-case.
- Filtering keeps Content-Length where possible.
Purpose
A filtering proxy allows users to remove unwanted stuff from Web pages as they browse them. What "unwanted stuff" is obviously depends on the individual user, but things which are commonly regarded as annoyances include
banner ads, user behaviour tracking via cookies,
animated pictures, JavaScript, VBScript, ActiveX (dangerous as well as annoying).
Some of those things can be avoided by filtering URIs, which Squid can already do via an external redirect program. Others require a content filter.
Usually, a filtering proxy runs standalone and does nothing but filtering. Users have to configure this proxy in their browsers, and if they use a caching proxy too, chain them after the filter. In situations where the user runs Squid anyway (mostly because of caching for different browsers or a small LAN), it is convenient to build this capability into Squid.
<<lessa patch to Squid, containing a module loader and filtering hooks, and a set of filter modules.
Currently available filters:
- Redirection of URIs.
- Rejection of certain (configurable) MIME content types.
- Suppression of cookies.
- Removal of Javascript and ActiveX.
- Breaking of GIF animation loops.
- Detection of 1x1 images.
Main features:
- Modular, easily extensible by writing new filters.
- Flexible configuration. Filters are independent from each other.
- Each filter can take a list of URIs which should not be filtered (allow list). URIs are specified as full regular expressions.
- Client can choose to bypass filters case-by-case.
- Filtering keeps Content-Length where possible.
Purpose
A filtering proxy allows users to remove unwanted stuff from Web pages as they browse them. What "unwanted stuff" is obviously depends on the individual user, but things which are commonly regarded as annoyances include
banner ads, user behaviour tracking via cookies,
animated pictures, JavaScript, VBScript, ActiveX (dangerous as well as annoying).
Some of those things can be avoided by filtering URIs, which Squid can already do via an external redirect program. Others require a content filter.
Usually, a filtering proxy runs standalone and does nothing but filtering. Users have to configure this proxy in their browsers, and if they use a caching proxy too, chain them after the filter. In situations where the user runs Squid anyway (mostly because of caching for different browsers or a small LAN), it is convenient to build this capability into Squid.
Download (0.046MB)
Added: 2007-01-25 License: Public Domain Price:
1008 downloads
Filter::cpp 1.33
Filter::cpp is a cpp source filter. more>>
Filter::cpp is a cpp source filter.
SYNOPSIS
use Filter::cpp ;
This source filter pipes the current source file through the C pre-processor (cpp) if it is available.
As with all source filters its scope is limited to the current source file only. Every file you want to be processed by the filter must have a
use Filter::cpp ;
near the top.
Here is an example script which uses the filter:
use Filter::cpp ;
#define FRED 1
$a = 2 + FRED ;
print "a = $an" ;
#ifdef FRED
print "Hello FREDn" ;
#else
print "Where is FREDn" ;
#endif
And here is what it will output:
a = 3
Hello FRED
This example below, provided by Michael G Schwern, shows a clever way to get Perl to use a C pre-processor macro when the Filter::cpp module is available, or to use a Perl sub when it is not.
# use Filter::cpp if we can.
BEGIN { eval use Filter::cpp }
sub PRINT {
my($string) = shift;
#define PRINT($string)
(print $string."n")
}
PRINT("Mu");
Look at Michaels Tie::VecArray module for a practical use.
<<lessSYNOPSIS
use Filter::cpp ;
This source filter pipes the current source file through the C pre-processor (cpp) if it is available.
As with all source filters its scope is limited to the current source file only. Every file you want to be processed by the filter must have a
use Filter::cpp ;
near the top.
Here is an example script which uses the filter:
use Filter::cpp ;
#define FRED 1
$a = 2 + FRED ;
print "a = $an" ;
#ifdef FRED
print "Hello FREDn" ;
#else
print "Where is FREDn" ;
#endif
And here is what it will output:
a = 3
Hello FRED
This example below, provided by Michael G Schwern, shows a clever way to get Perl to use a C pre-processor macro when the Filter::cpp module is available, or to use a Perl sub when it is not.
# use Filter::cpp if we can.
BEGIN { eval use Filter::cpp }
sub PRINT {
my($string) = shift;
#define PRINT($string)
(print $string."n")
}
PRINT("Mu");
Look at Michaels Tie::VecArray module for a practical use.
Download (0.040MB)
Added: 2007-05-29 License: Perl Artistic License Price:
882 downloads
Hook::Filter 0.02
Hook::Filter is a runtime filtering layer on top of subroutine calls. more>>
Hook::Filter is a runtime filtering layer on top of subroutine calls.
SYNOPSIS
Imagine you have a big program using a logging library that exports 3 functions called mydebug, myinfo and mywarn. Those functions generate far too much log, so you want to skip calling them except in some specific circumstances.
In your main program, write:
use Hook::Filter hook => ["mydebug","myinfo","mywarn"];
In all modules making use of the logging library, write:
use Hook::Filter;
Then create a file called ./hook_filter.rules. This file contains boolean expressions that specify when calls to the filtered subroutines should be allowed:
# allow calls to mydebug only inside package My::Filthy:Attempt
is_sub(mydebug) && from_pkg(My::Filthy::Attempt)
# allow all calls to myinfo except from inside packages under the namespace My::Test::
is_sub(myinfo) && !from_pkg(/^My::Test/)
# allow calls to mywarn from function do_stuff in package main
# whose third argument is a message that does not match the string invalid login name
is_sub(mywarn) && from_sub(do_stuff) && from_pkg(main) && !has_arg(3,/invalid login name/)
# all other calls to myinfo, mydebug or mywarn will be skipped
SYNOPSIS, Log::Dispatch
Your program uses Log::Dispatch. You want to enable Hook::Filter on top of the methods log and log_to from Log::Dispatch everywhere at once. And you want to use the filter rules located in /etc/myconf/filter_rules.conf. Easy: in main, write:
use Hook::Filter rules => /etc/myconf/filter_rules.conf, hook => [Log::Dispatch::log,Log::Dispatch::log_to];
<<lessSYNOPSIS
Imagine you have a big program using a logging library that exports 3 functions called mydebug, myinfo and mywarn. Those functions generate far too much log, so you want to skip calling them except in some specific circumstances.
In your main program, write:
use Hook::Filter hook => ["mydebug","myinfo","mywarn"];
In all modules making use of the logging library, write:
use Hook::Filter;
Then create a file called ./hook_filter.rules. This file contains boolean expressions that specify when calls to the filtered subroutines should be allowed:
# allow calls to mydebug only inside package My::Filthy:Attempt
is_sub(mydebug) && from_pkg(My::Filthy::Attempt)
# allow all calls to myinfo except from inside packages under the namespace My::Test::
is_sub(myinfo) && !from_pkg(/^My::Test/)
# allow calls to mywarn from function do_stuff in package main
# whose third argument is a message that does not match the string invalid login name
is_sub(mywarn) && from_sub(do_stuff) && from_pkg(main) && !has_arg(3,/invalid login name/)
# all other calls to myinfo, mydebug or mywarn will be skipped
SYNOPSIS, Log::Dispatch
Your program uses Log::Dispatch. You want to enable Hook::Filter on top of the methods log and log_to from Log::Dispatch everywhere at once. And you want to use the filter rules located in /etc/myconf/filter_rules.conf. Easy: in main, write:
use Hook::Filter rules => /etc/myconf/filter_rules.conf, hook => [Log::Dispatch::log,Log::Dispatch::log_to];
Download (0.015MB)
Added: 2006-10-20 License: Perl Artistic License Price:
1099 downloads
IOLib-Filters 4.0
IOLib-Filters is a filter package for IOLib. more>>
IOLib-Filters is a filter package for IOLib. IOLib-Filters is mainly an example of how to write filters for IOLib.
IOLib is a portable universal data IO library. Implementations exist in C, C++ and Objective C and for many different platforms (including Linux, Win32, MacOS X and .NET).
IOLib provides a unified interface for accessing different types of data streams. It currently supports file IO, BSD sockets, memory buffers and SOCKS4/5 connections and can be extended with drivers easily.
It has support for different binary formats (Intel, Motorola, PDP) and it supports filters. You can write your own filters (e.g. for encryption or compression) and use them with IOLib.
<<lessIOLib is a portable universal data IO library. Implementations exist in C, C++ and Objective C and for many different platforms (including Linux, Win32, MacOS X and .NET).
IOLib provides a unified interface for accessing different types of data streams. It currently supports file IO, BSD sockets, memory buffers and SOCKS4/5 connections and can be extended with drivers easily.
It has support for different binary formats (Intel, Motorola, PDP) and it supports filters. You can write your own filters (e.g. for encryption or compression) and use them with IOLib.
Download (0.052MB)
Added: 2006-09-01 License: LGPL (GNU Lesser General Public License) Price:
1150 downloads
Compact Filter 0.3
Compact Filter is a network packet filter for Linux. more>>
Compact Filter is a network packet filter for Linux. It features an easy-to-use compact filter representation and high performance.
The main features are: easy to use interface, compact filter representation (memory efficient), and very high performance.
A difference between CF and other firewalls, such as Netfilter, is its representation of the ruleset. In CF the user writes a filter which is then compiled and optimized in user-space. The optimized filter is then loaded into the kernel (using netlink). Consequently the in kernel packet filtering code only needs funtionality for setting up a filter and filtering packets, while the more complex code of optimizing the filter remains in user-space.
Because of the continuous increase of the bandwidth and the security threats, firewalls have to evolve towards more efficient filtering schemes. The truth is that the existing scheme does not scale so well with the combined growth of bandwidth and rulesets.
Our aim is to try another approach to perform packet filtering where we minimize the complexity of the filtering process. This result in, both, a reduction of the required CPU power to filter packets and a simpler (and smaller) kernel code. Of course, we are pushing all the smart and complex part out to the user-space, but, developing in user-space is much simpler and safer.
Enhancements:
- changed -d option to delete all filters
- added -D option to delete a specific filter
- changed default policy to permit rather than deny
- added -l option on flex to support --yylineno on older versions of flex
- new and improved install guide
<<lessThe main features are: easy to use interface, compact filter representation (memory efficient), and very high performance.
A difference between CF and other firewalls, such as Netfilter, is its representation of the ruleset. In CF the user writes a filter which is then compiled and optimized in user-space. The optimized filter is then loaded into the kernel (using netlink). Consequently the in kernel packet filtering code only needs funtionality for setting up a filter and filtering packets, while the more complex code of optimizing the filter remains in user-space.
Because of the continuous increase of the bandwidth and the security threats, firewalls have to evolve towards more efficient filtering schemes. The truth is that the existing scheme does not scale so well with the combined growth of bandwidth and rulesets.
Our aim is to try another approach to perform packet filtering where we minimize the complexity of the filtering process. This result in, both, a reduction of the required CPU power to filter packets and a simpler (and smaller) kernel code. Of course, we are pushing all the smart and complex part out to the user-space, but, developing in user-space is much simpler and safer.
Enhancements:
- changed -d option to delete all filters
- added -D option to delete a specific filter
- changed default policy to permit rather than deny
- added -l option on flex to support --yylineno on older versions of flex
- new and improved install guide
Download (0.092MB)
Added: 2006-06-30 License: GPL (GNU General Public License) Price:
1211 downloads
Bloom::Filter 0.03
Bloom::Filter is a sample Perl Bloom filter implementation. more>>
Bloom::Filter is a sample Perl Bloom filter implementation.
A Bloom filter is a probabilistic algorithm for doing existence tests in less memory than a full list of keys would require. The tradeoff to using Bloom filters is a certain configurable risk of false positives. This module implements a simple Bloom filter with configurable capacity and false positive rate. Bloom filters were first described in a 1970 paper by Burton Bloom, see http://portal.acm.org/citation.cfm?id=362692&dl=ACM&coll=portal.
SYNOPSIS
use Bloom::Filter
my $bf = Bloom::Filter->new( capacity => 10, error_rate => .001 );
$bf->add( @keys );
while ( ) {
chomp;
print "Found $_n" if $bf->check( $_ );
}
<<lessA Bloom filter is a probabilistic algorithm for doing existence tests in less memory than a full list of keys would require. The tradeoff to using Bloom filters is a certain configurable risk of false positives. This module implements a simple Bloom filter with configurable capacity and false positive rate. Bloom filters were first described in a 1970 paper by Burton Bloom, see http://portal.acm.org/citation.cfm?id=362692&dl=ACM&coll=portal.
SYNOPSIS
use Bloom::Filter
my $bf = Bloom::Filter->new( capacity => 10, error_rate => .001 );
$bf->add( @keys );
while ( ) {
chomp;
print "Found $_n" if $bf->check( $_ );
}
Download (0.004MB)
Added: 2006-10-10 License: Perl Artistic License Price:
1117 downloads
Adblock Plus Filter Uploader 1.0.2
Adblock Plus Filter Uploader is a Firefox extension that uploads the filters from your Adblock Plus installation to a FTP server more>>
Adblock Plus Filter Uploader is a Firefox extension that uploads the filters from your Adblock Plus installation to a FTP server.
This extension requires Adblock Plus! https://addons.mozilla.org/mozilla/1865/ This just uploads the filters you have in Adblock Plus to a FTP server!
This will only be useful for people who actively modify their filters and either want to share them with others or synchronize the filters between different computers.
<<lessThis extension requires Adblock Plus! https://addons.mozilla.org/mozilla/1865/ This just uploads the filters you have in Adblock Plus to a FTP server!
This will only be useful for people who actively modify their filters and either want to share them with others or synchronize the filters between different computers.
Download (0.048MB)
Added: 2007-06-27 License: MPL (Mozilla Public License) Price:
870 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above filtering water search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
