just like a pill
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 52
The Anti-Diet Pill 2.1
Anti-Diet Pill is a tool you can add to your Web site that your dieting visitors will appreciate. more>>
Anti-Diet Pill project is a tool you can add to your Web site that your dieting visitors will appreciate.
The Anti-Diet Pill displays a randomly generated, daily-oriented, practical health tip to your visitors whenever they visit.
The program is easy to install and visually appealing. The program is XML based, so adding more tips is easy.
Main features:
- The Anti-Diet Pill is easy to install, just unzip, upload and youre done!
- XML-based database of tips for easy expansion
- Visually attractive and appealing
- The Anti-Diet Pill is easy to adapt to the look and feel of your health-related web site
<<lessThe Anti-Diet Pill displays a randomly generated, daily-oriented, practical health tip to your visitors whenever they visit.
The program is easy to install and visually appealing. The program is XML based, so adding more tips is easy.
Main features:
- The Anti-Diet Pill is easy to install, just unzip, upload and youre done!
- XML-based database of tips for easy expansion
- Visually attractive and appealing
- The Anti-Diet Pill is easy to adapt to the look and feel of your health-related web site
Download (0.031MB)
Added: 2006-05-05 License: GPL (GNU General Public License) Price:
1268 downloads
Just Journal 1.0 Alpha 2
Just Journal is a blogging application. more>>
Just Journal is a blogging application. You can use it to create one or more blogs on a Web site.
Just Journal allows registered users to comment on other blogs, list friends, consume and provide RSS feeds, and post public, friends only, or private journal entries. Just Journal has been tested using MySQL 5.x and Tomcat 5.5.
Enhancements:
- This release features weblogs.com pinging (preliminary), avatars, RSS feeds, and various other features.
- The code is not production ready, but might be useful to others working on Java based blog software.
- This version makes use of MySQL 5 stored procedures.
<<lessJust Journal allows registered users to comment on other blogs, list friends, consume and provide RSS feeds, and post public, friends only, or private journal entries. Just Journal has been tested using MySQL 5.x and Tomcat 5.5.
Enhancements:
- This release features weblogs.com pinging (preliminary), avatars, RSS feeds, and various other features.
- The code is not production ready, but might be useful to others working on Java based blog software.
- This version makes use of MySQL 5 stored procedures.
Download (0.23MB)
Added: 2006-08-11 License: GPL (GNU General Public License) Price:
1170 downloads
KDM Vista like Theme
KDM Vista like Theme is a very nice KDM theme that looks like Vistas one. more>>
KDM Vista like Theme is a very nice KDM theme that looks like Vistas one.
I didnt see any Vista like KDM login theme... I wanted one so I tried.
Enhancements:
- There are now two themes. One for widescreen which is the same as the previous one and one for 4/3 screen. This new one has been successfully tested on a 1600 x 1200 screen. If you have other resolution, please try and report if it works.
<<lessI didnt see any Vista like KDM login theme... I wanted one so I tried.
Enhancements:
- There are now two themes. One for widescreen which is the same as the previous one and one for 4/3 screen. This new one has been successfully tested on a 1600 x 1200 screen. If you have other resolution, please try and report if it works.
Download (1.1MB)
Added: 2007-04-12 License: GPL (GNU General Public License) Price:
979 downloads
The Life of a Geek 2.0
The Life of a Geek is very silly console game in which you (a geek) must keep a computer running until you graduate college. more>>
The Life of a Geek is very silly console game in which you (a geek) must keep a computer running until you graduate college.
Surf around on the Internet, battling hackers to gain money and better security for your box. Drink lots of caffeine to keep yourself awake, since if you go to sleep, you risk an attack on your computer.
The Life of a Geek is a simple console game.
Save up money to take a month-long college course and improve your education, but remember that paying attention to schoolwork also leaves your computer open to attack.
Find a quick job for a month at places like fast-food restaurants and grocery stores, but remember again that time away from your computer leaves it open to attack. Viruses may also appear on your computer, weakening your computers health points regularly until cleaned.
Enhancements:
- Improved randomness, a fix for a bug where more energy drinks could be bought than the available money allowed, and support for compiling using Visual C++.
<<lessSurf around on the Internet, battling hackers to gain money and better security for your box. Drink lots of caffeine to keep yourself awake, since if you go to sleep, you risk an attack on your computer.
The Life of a Geek is a simple console game.
Save up money to take a month-long college course and improve your education, but remember that paying attention to schoolwork also leaves your computer open to attack.
Find a quick job for a month at places like fast-food restaurants and grocery stores, but remember again that time away from your computer leaves it open to attack. Viruses may also appear on your computer, weakening your computers health points regularly until cleaned.
Enhancements:
- Improved randomness, a fix for a bug where more energy drinks could be bought than the available money allowed, and support for compiling using Visual C++.
Download (0.055MB)
Added: 2007-03-30 License: GPL (GNU General Public License) Price:
939 downloads
Just Another Port Scanner 0.1
Just Another Port Scanner (JAPS) is an easy to use, bare-bones TCP port scanner. more>>
Just Another Port Scanner (JAPS) is an easy to use, bare-bones TCP port scanner. JAPS requires the GTK+ library to run. I created JAPS because I felt it would be a fun project and I wanted to learn GTK+ programming basics.
To compile an install JAPS just type make.
Todo
Add subnet scanning
Add progress bar
Display service name next to port number in results box
If you have any suggestions please contact me. 1
<<lessTo compile an install JAPS just type make.
Todo
Add subnet scanning
Add progress bar
Display service name next to port number in results box
If you have any suggestions please contact me. 1
Download (0.029MB)
Added: 2006-07-04 License: GPL (GNU General Public License) Price:
1210 downloads
Battle Just Started 0.1.2
Battle Just Started is a 3D arcade tank battle. more>>
Battle Just Started project is a 3D arcade tank battle.
Rendering is done using OpenGL, and direct rendering is recommended. The game is focused on multiplayer over LAN.
An AI is also present, but is not very strong.
World simulation is done via ODE, and sound is done using OpenAL and SDL_mixer.
The game has currently 3 maps, 5 tanks, and 4 weapons.
<<lessRendering is done using OpenGL, and direct rendering is recommended. The game is focused on multiplayer over LAN.
An AI is also present, but is not very strong.
World simulation is done via ODE, and sound is done using OpenAL and SDL_mixer.
The game has currently 3 maps, 5 tanks, and 4 weapons.
Download (28.3MB)
Added: 2007-01-22 License: GPL (GNU General Public License) Price:
1005 downloads
Send To Thunderbird like sendToTb 1.1
Send To Thunderbird like sendToTb you can quick send images to Thunderbird or just resize it trought Service Menu. more>>
Send To Thunderbird like sendToTb you can quickly send images to Thunderbird or just resize it through Service Menu.
Just select images (.jpg only), right click -> Actions -> Send to Thunderbird.
<<lessJust select images (.jpg only), right click -> Actions -> Send to Thunderbird.
Download (0.12MB)
Added: 2006-10-17 License: GPL (GNU General Public License) Price:
1112 downloads
Script for a dual-homed firewall 0.86
Script for a dual-homed firewall script is intended to setup a masquerading firewall based on the IPTABLES (Net)filter-machanism more>>
Script for a dual-homed firewall script is intended to setup a masquerading firewall based on the IPTABLES (Net)filter-machanism of Linux 2.3.15+
Syslogging matches fireparse for graphical output (see http://www.fireparse.com)
Normally this script will work out-of-the-box, but you should adapt it to your own needs (At least you should set the correct default interfaces --> see Default-Interfaces section)
Syntax to invoke script: firewall (start|stop|restart|status) EXTIF INTIF
Example: "firewall start ppp0 eth0"
Enhancements:
- Added a few comments
<<lessSyslogging matches fireparse for graphical output (see http://www.fireparse.com)
Normally this script will work out-of-the-box, but you should adapt it to your own needs (At least you should set the correct default interfaces --> see Default-Interfaces section)
Syntax to invoke script: firewall (start|stop|restart|status) EXTIF INTIF
Example: "firewall start ppp0 eth0"
Enhancements:
- Added a few comments
Download (MB)
Added: 2007-02-13 License: GPL (GNU General Public License) Price:
984 downloads
Fusion X Metal 1.4-a
Fusion X Metal is a KDE theme inspired by fusionxaqua appearance theme and reflection kbfxs theme. more>>
Fusion X Metal is a KDE theme inspired by fusionxaqua appearance theme and reflection kbfxs theme. Im using xgl compiz quinstorm with compiz-themer and he works perfectly.(http://gentoo-wiki.com/HOWTO_XGL). I have modified the buttons in the vista style decoration (you find them inside the file).
I hope you will like it. (xaa mouse theme:silverx coursors)
Untar the archive somewhere and run "sh ./install.sh" as user on the command line.
<<lessI hope you will like it. (xaa mouse theme:silverx coursors)
Untar the archive somewhere and run "sh ./install.sh" as user on the command line.
Download (0.18MB)
Added: 2007-04-16 License: GPL (GNU General Public License) Price:
553 downloads
Linux on a Stick 0.3
Linux on a stick is an attempt to make a Live-CD/USB-Flash server Linux distro. more>>
Linux on a Stick is an attempt to make a Live-CD/USB-Flash server Linux distro. At its heart is a very small and simple Linux distro that boots off CD/Flash and runs from RAM (Ie no spinning hard drives of death).
This approach allows us to strip the OS to its very basic components, which minimizes the amount of resources required. This distro is targeted towards Server administrator who are familiar with Linux, its only configuration method is the command line.
Enhancements:
- Linux kernel 2.4.33 was replaced with 2.6.18.8.
- A USB booting problem that would prevent it from booting on some BIOSs (Namely AMI) was resolved.
- The ARDIS iSCSI target was replaced with the Enterprise iSCSI target (v0.4.14).
- The Open iSCSI initiator (v2.0.754) package with kernel modules is included.
- The distribution now boots on more than just Intel CPUs.
- Userland tools (v3.6.19) and kernel FS support were included for ReiserFS and XFS.
- The PHP CLI is included in php-5.2.0 in root.gz initrd.
<<lessThis approach allows us to strip the OS to its very basic components, which minimizes the amount of resources required. This distro is targeted towards Server administrator who are familiar with Linux, its only configuration method is the command line.
Enhancements:
- Linux kernel 2.4.33 was replaced with 2.6.18.8.
- A USB booting problem that would prevent it from booting on some BIOSs (Namely AMI) was resolved.
- The ARDIS iSCSI target was replaced with the Enterprise iSCSI target (v0.4.14).
- The Open iSCSI initiator (v2.0.754) package with kernel modules is included.
- The distribution now boots on more than just Intel CPUs.
- Userland tools (v3.6.19) and kernel FS support were included for ReiserFS and XFS.
- The PHP CLI is included in php-5.2.0 in root.gz initrd.
Download (61.4MB)
Added: 2007-04-12 License: GPL (GNU General Public License) Price:
557 downloads
Script for a multi-homed firewall 1.2b2
Script for a multi-homed firewall is an example IPTables 1.2.1 script for a dual-homed firewall. more>>
Script for a multi-homed firewall is an example IPTables 1.2.1 script for a dual-homed firewall.
This script has not yet been tested thoroughly on a dual-homed firewall. If you find any problems, please drop me an email.
Current versions and documentation are available at http://www.sentry.net/~obsid/IPTables/rc.scripts.dir/current/
## User-defined Chains ##
Chain KEEP_STATE
The KEEP_STATE chain holds a few rules for generic stateful packet filtering.
This chain is called from many of the INPUT/OUTPUT chains to DROP "INVALID"
and perhaps "UNCLEAN" packets and allow other packets from "RELATED" or
"ESTABLISHED" connections.
CHECK_FLAGS
The CHECK_FLAGS chain contains a few rules to filter based on TCP flags.
These rules do indeed filter mainly bogus/malicious traffic(scans, etc). It
would be a good idea to keep an eye on what these rules send to the logs.
Null scans are also logged and dropped, in the mangle table.
DENY_PORTS
The DENY_PORTS chains contains a few rules to DROP and/or LOG packets based
on the source and/or destination port number of the packet.
Packets destined to/from the following ports are dropped by default in the script. These are just some examples of some commonly used ports that certain daemons/trojans/DDoS agents may utilize.
## TCP ##
137:139 SMB
2049 NFS
6000:6063 X
20034 Netbus 2 Pro
12345:12346 Netbus
27374 SubSeven
27665,27444,31335 Trinoo
10498,12754 Mstream
## UDP ##
2049 NFS
31337 BO2k
27444,31335 Trinoo
10498 mstream
These are just examples to stare at. They guarantee no real protection against the associated trojans.
For more common port numbers check out:
http://www.sans.org/newlook/resources/IDFAQ/oddports.htm
ALLOW_PORTS
The ALLOW_PORTS chain simply ACCEPTs packets based on port number. If you have
a default FORWARD policy of DROP, then you would need to utilize a chain like
this if you are DNATing/routing connections behind the firewall or perhaps
running services on(!!!) the firewall.
ALLOW_ICMP
The ALLOW_ICMP chains simply allows packets based on ICMP type. Currently
the firewall allows the flow of the following ICMP types:
Echo Reply (pong)
Destination Unreachable
Echo Request (ping)
TTL Exceeded (traceroute)
SRC_EGRESS && DST_EGRESS
The SRC_EGRESS and DST_EGRESS chains filter packets that have a source or
destination IP address matching an array of private or reserved subnets.
TOS_OUTPUT
The TOS_OUTPUT chain exists in the mangle table and mangles the TOS(Type
of Service) field in the IP header of locally generated, outgoing packets.
TOS_PREROUTING
The TOS_PREROUTING chain exists in the mangle table and mangles the TOS(Type
of Service) field in the IP header of packets being routed through the firewall.
The following user-defined chains are pretty obvious. The firewall script is designed to have a user-defined INPUT and OUTPUT chain for every available interface. From these user-defined chains are called the user-defined chains
mentioned above, which I call "Special Chains". The chains below are then called by the built-in INPUT/OUTPUT/FORWARD chains. This isnt really the rule, of course, alot of the user-defined chains mentioned above are called directly from the built-in INPUT/OUTPUT/FORWARD chains. This is done to assure proper flow of the packets through the filters.
EXTERNAL_INPUT
INTERNAL_INPUT
DMZ_INPUT
LO_INPUT
EXTERNAL_OUTPUT
INTERNAL_OUTPUT
DMZ_OUTPUT
LO_OUTPUT
<<lessThis script has not yet been tested thoroughly on a dual-homed firewall. If you find any problems, please drop me an email.
Current versions and documentation are available at http://www.sentry.net/~obsid/IPTables/rc.scripts.dir/current/
## User-defined Chains ##
Chain KEEP_STATE
The KEEP_STATE chain holds a few rules for generic stateful packet filtering.
This chain is called from many of the INPUT/OUTPUT chains to DROP "INVALID"
and perhaps "UNCLEAN" packets and allow other packets from "RELATED" or
"ESTABLISHED" connections.
CHECK_FLAGS
The CHECK_FLAGS chain contains a few rules to filter based on TCP flags.
These rules do indeed filter mainly bogus/malicious traffic(scans, etc). It
would be a good idea to keep an eye on what these rules send to the logs.
Null scans are also logged and dropped, in the mangle table.
DENY_PORTS
The DENY_PORTS chains contains a few rules to DROP and/or LOG packets based
on the source and/or destination port number of the packet.
Packets destined to/from the following ports are dropped by default in the script. These are just some examples of some commonly used ports that certain daemons/trojans/DDoS agents may utilize.
## TCP ##
137:139 SMB
2049 NFS
6000:6063 X
20034 Netbus 2 Pro
12345:12346 Netbus
27374 SubSeven
27665,27444,31335 Trinoo
10498,12754 Mstream
## UDP ##
2049 NFS
31337 BO2k
27444,31335 Trinoo
10498 mstream
These are just examples to stare at. They guarantee no real protection against the associated trojans.
For more common port numbers check out:
http://www.sans.org/newlook/resources/IDFAQ/oddports.htm
ALLOW_PORTS
The ALLOW_PORTS chain simply ACCEPTs packets based on port number. If you have
a default FORWARD policy of DROP, then you would need to utilize a chain like
this if you are DNATing/routing connections behind the firewall or perhaps
running services on(!!!) the firewall.
ALLOW_ICMP
The ALLOW_ICMP chains simply allows packets based on ICMP type. Currently
the firewall allows the flow of the following ICMP types:
Echo Reply (pong)
Destination Unreachable
Echo Request (ping)
TTL Exceeded (traceroute)
SRC_EGRESS && DST_EGRESS
The SRC_EGRESS and DST_EGRESS chains filter packets that have a source or
destination IP address matching an array of private or reserved subnets.
TOS_OUTPUT
The TOS_OUTPUT chain exists in the mangle table and mangles the TOS(Type
of Service) field in the IP header of locally generated, outgoing packets.
TOS_PREROUTING
The TOS_PREROUTING chain exists in the mangle table and mangles the TOS(Type
of Service) field in the IP header of packets being routed through the firewall.
The following user-defined chains are pretty obvious. The firewall script is designed to have a user-defined INPUT and OUTPUT chain for every available interface. From these user-defined chains are called the user-defined chains
mentioned above, which I call "Special Chains". The chains below are then called by the built-in INPUT/OUTPUT/FORWARD chains. This isnt really the rule, of course, alot of the user-defined chains mentioned above are called directly from the built-in INPUT/OUTPUT/FORWARD chains. This is done to assure proper flow of the packets through the filters.
EXTERNAL_INPUT
INTERNAL_INPUT
DMZ_INPUT
LO_INPUT
EXTERNAL_OUTPUT
INTERNAL_OUTPUT
DMZ_OUTPUT
LO_OUTPUT
Download (MB)
Added: 2007-02-13 License: GPL (GNU General Public License) Price:
992 downloads
Wiki on a Stick 0.9.3
Wiki on a Stick is a personal wiki that lives in a single self-modifying HTML file that contains the software, interface... more>>
Wiki on a Stick is a personal wiki that lives in a single self-modifying HTML file that contains the software, interface, and database.
Its useful for taking notes, for use as a calendar, and for documenting software, etc. Wiki on a Stick currently only works in Firefox
<<lessIts useful for taking notes, for use as a calendar, and for documenting software, etc. Wiki on a Stick currently only works in Firefox
Download (0.042MB)
Added: 2007-07-11 License: GPL (GNU General Public License) Price:
839 downloads
Sidebar in a Can 1.0.1
Sidebar in a Can is a tool for webmasters to take a large amount of static content and turn it into a dynamic content. more>>
Sidebar in a Can is a simple and powerful tool for webmasters to take a large amount of static content (intimidating to new users) and turn it into a quite manageable amount of dynamic content. The result showcases your sites material.
Sidebar in a Can is built on Snippets technology.
Sidebar in a Can is designed to be run as a straightforward web application, with much administrative activity performed on-web. Rather than trying to explain how to use it, I simply encourage you to explore.
Security
The present release of Sidebar in a Can has not been closely scrutinized for security, and should be treated as such by security-conscious administrators. If you examine the code and discover a vulnerability that could compromise the server, please contact the author at jshayward@pobox.com. The script is intended to have light security and not to compromise a server, but it is not intended to store credit card numbers or other sensitive information.
The default installation sets < the private sidebar data directory > and contents to mode 777. Administrators are encouraged to set directory and contents to mode 700, owned by the effective user ID that Snippets will be running under.
<<lessSidebar in a Can is built on Snippets technology.
Sidebar in a Can is designed to be run as a straightforward web application, with much administrative activity performed on-web. Rather than trying to explain how to use it, I simply encourage you to explore.
Security
The present release of Sidebar in a Can has not been closely scrutinized for security, and should be treated as such by security-conscious administrators. If you examine the code and discover a vulnerability that could compromise the server, please contact the author at jshayward@pobox.com. The script is intended to have light security and not to compromise a server, but it is not intended to store credit card numbers or other sensitive information.
The default installation sets < the private sidebar data directory > and contents to mode 777. Administrators are encouraged to set directory and contents to mode 700, owned by the effective user ID that Snippets will be running under.
Download (0.056MB)
Added: 2007-02-23 License: GPL (GNU General Public License) Price:
973 downloads
Keep a cool head! 0.5.2
Keep a cool head! is a simple strategy board game for 2, 3, or 4 players. more>> <<less
Download (0.48MB)
Added: 2006-03-10 License: Freeware Price:
1324 downloads
Run a web server inside LAN
Run a web server inside LAN is a simple script to run a WWW server inside a Local Area Network. more>>
Run a web server inside LAN is a simple script to run a WWW server inside a Local Area Network. Run a web server inside LAN script assume all iptables features are compiled statically in the kernel, or all modules are loaded.
Otherwise you may encounter some surprises trying to utilize the more featureful and creative commandlines that Ive come up with.
Sample:
#external and internal interfaces
EXT=eth0
INT=eth1
# clear everything, and create my cascading chains
iptables -F
iptables -N e0
iptables -N tcpin
iptables -N udpin
# e0 is the name of our chain for eth0
iptables -I INPUT -i $EXT -j e0
# OUTPUT Chain
iptables -A OUTPUT -o $EXT -j DROP -p icmp --icmp-type ! echo-request
# remote gnutella queries were really pissing me off one day
# iptables -A OUTPUT -o $EXT -j DROP -p tcp ! --syn --dport 6346
# iptables -A OUTPUT -o $EXT -j DROP -p tcp ! --syn --sport 6346
# $EXT Chain
# a single rule to accept SYN Packets for multiple ports (up to 15)
iptables -A tcpin -j ACCEPT -p tcp --syn -m multiport --destination-ports 873,993,995,143,80,113,21,22,23,25,53
# stateful connection tracking is wonderful stuff
# ESTABLISHED tcp connections are let through
# If we send a SYN out, the ACK is seen as RELATED
# then further communication is accepted by the ESTABLISHED rule
iptables -A e0 -j ACCEPT -m state --state ESTABLISHED
iptables -A e0 -j ACCEPT -m state --state RELATED
# certain ports I simply DROP
iptables -A tcpin -j DROP -p tcp --syn -m multiport --destination-ports 6346,139
# UDP rules...
iptables -A udpin -j DROP -p udp -m multiport --destination-ports 137,27960
# I run a DNS server, so we must accept UDP packets on port 53
iptables -A udpin -j ACCEPT -p udp -m state --state NEW --destination-port 53
# lets log NEW udp packets on ports 1024:65535, then let them through
iptables -A udpin -j LOG -p udp -m state --state NEW --destination-port 1024:65535 --log-level debug --log-prefix UDPNEW --log-ip-options
iptables -A udpin -j ACCEPT -p udp -m state --state NEW --destination-port 1024:65535
# lets log NEW tcp packets on ports 1024:65535, then let them through
iptables -A tcpin -j LOG -p tcp --syn --destination-port 1024:65535 --log-level debug --log-prefix TCPNEW --log-tcp-options --log-ip-options
iptables -A tcpin -j ACCEPT -p tcp --syn --destination-port 1024:65535
# lets log INVALID or NEW tcp packets on priveleged ports, then DROP
# (remember I have certain ACCEPT rules higher up the chain)
iptables -A tcpin -j LOG -p tcp -m state --state INVALID,NEW --destination-port 1:1023 --log-level warn --log-prefix TCPPRIV --log-tcp-options --log-ip-options
iptables -A tcpin -j DROP -p tcp -m state --state INVALID,NEW --destination-port 1:1023
iptables -A e0 -p tcp -j tcpin
iptables -A e0 -p udp -j udpin
iptables -A e0 -j LOG --log-level debug --log-prefix NETFILTER --log-ip-options -m state --state INVALID,NEW
iptables -A e0 -j DROP
# NAT Rules
# I run a web server inside...
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to-destination 192.168.1.4:80
<<lessOtherwise you may encounter some surprises trying to utilize the more featureful and creative commandlines that Ive come up with.
Sample:
#external and internal interfaces
EXT=eth0
INT=eth1
# clear everything, and create my cascading chains
iptables -F
iptables -N e0
iptables -N tcpin
iptables -N udpin
# e0 is the name of our chain for eth0
iptables -I INPUT -i $EXT -j e0
# OUTPUT Chain
iptables -A OUTPUT -o $EXT -j DROP -p icmp --icmp-type ! echo-request
# remote gnutella queries were really pissing me off one day
# iptables -A OUTPUT -o $EXT -j DROP -p tcp ! --syn --dport 6346
# iptables -A OUTPUT -o $EXT -j DROP -p tcp ! --syn --sport 6346
# $EXT Chain
# a single rule to accept SYN Packets for multiple ports (up to 15)
iptables -A tcpin -j ACCEPT -p tcp --syn -m multiport --destination-ports 873,993,995,143,80,113,21,22,23,25,53
# stateful connection tracking is wonderful stuff
# ESTABLISHED tcp connections are let through
# If we send a SYN out, the ACK is seen as RELATED
# then further communication is accepted by the ESTABLISHED rule
iptables -A e0 -j ACCEPT -m state --state ESTABLISHED
iptables -A e0 -j ACCEPT -m state --state RELATED
# certain ports I simply DROP
iptables -A tcpin -j DROP -p tcp --syn -m multiport --destination-ports 6346,139
# UDP rules...
iptables -A udpin -j DROP -p udp -m multiport --destination-ports 137,27960
# I run a DNS server, so we must accept UDP packets on port 53
iptables -A udpin -j ACCEPT -p udp -m state --state NEW --destination-port 53
# lets log NEW udp packets on ports 1024:65535, then let them through
iptables -A udpin -j LOG -p udp -m state --state NEW --destination-port 1024:65535 --log-level debug --log-prefix UDPNEW --log-ip-options
iptables -A udpin -j ACCEPT -p udp -m state --state NEW --destination-port 1024:65535
# lets log NEW tcp packets on ports 1024:65535, then let them through
iptables -A tcpin -j LOG -p tcp --syn --destination-port 1024:65535 --log-level debug --log-prefix TCPNEW --log-tcp-options --log-ip-options
iptables -A tcpin -j ACCEPT -p tcp --syn --destination-port 1024:65535
# lets log INVALID or NEW tcp packets on priveleged ports, then DROP
# (remember I have certain ACCEPT rules higher up the chain)
iptables -A tcpin -j LOG -p tcp -m state --state INVALID,NEW --destination-port 1:1023 --log-level warn --log-prefix TCPPRIV --log-tcp-options --log-ip-options
iptables -A tcpin -j DROP -p tcp -m state --state INVALID,NEW --destination-port 1:1023
iptables -A e0 -p tcp -j tcpin
iptables -A e0 -p udp -j udpin
iptables -A e0 -j LOG --log-level debug --log-prefix NETFILTER --log-ip-options -m state --state INVALID,NEW
iptables -A e0 -j DROP
# NAT Rules
# I run a web server inside...
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to-destination 192.168.1.4:80
Download (MB)
Added: 2007-02-14 License: GPL (GNU General Public License) Price:
985 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above just like a pill search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
