liverpool echo
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 186
Shell over ICMP 0.5
Shell over ICMP project allows a user to connect to a remote shell daemon, by using ICMP protocol instead of classical TCP. more>>
Shell over ICMP consists of two free and open source applications: one server and one client. Shell over ICMP project allows a user to connect to a remote shell daemon, by using ICMP protocol instead of classical TCP.
Entirely written in Python, soicmp is a working proof-of-concept to demonstrate that data can be transmitted across a network by hiding it in traffic that normally does not contain payloads.
How does it work?
The soicmp server is a daemon that must be started on the remote server. When the server receives a request from the client it looks into the packets payload. The payload must respect certain protocol rules. In detail the client must specify:
command
communication mode (echo|echo/reply)
authentication (y|n)
This is an example of a correct payload string sent by client to server:
$CMD ls -a $MODE echo/reply $PWD root2005 $END
If the payload matches with the server protocol specification then it will pipe the command to "/bin/sh" or "cmd.exe" and execute it. The server then reads the result from the pipe and sends it back to the client that will print it to stdout.
Moreover every client will send ICMP packets having id equal to the clients current process ID and will accept only ICMP replies having the same id value. This prevents output to be printed by other client instances running on the same workstation (this argument is also treated in the FAQs section).
Main features:
- Platform independent.
- Possibility to run soicmp daemon on multiple ethernet interfaces simultaneously handling multiple client connections.
- Possibility to specify the buffer size of outgoing packets.
- Client side source IP address spoofing.
- Remote client case-sensitive (plain texted) authentication.
- Possibility to select two communication types:
- One based on encapsulating command output in unique "one way" ICMP_ECHOREPLY (type 0) packets sent by server to client (see fig. 1).
- Another one that guarantees the correct packets delivering by using the request/response nature of ECHO and ECHOREPLY ICMP packet types (see fig.2)
- No listening sockets are listed by netstat or similar programs.
<<lessEntirely written in Python, soicmp is a working proof-of-concept to demonstrate that data can be transmitted across a network by hiding it in traffic that normally does not contain payloads.
How does it work?
The soicmp server is a daemon that must be started on the remote server. When the server receives a request from the client it looks into the packets payload. The payload must respect certain protocol rules. In detail the client must specify:
command
communication mode (echo|echo/reply)
authentication (y|n)
This is an example of a correct payload string sent by client to server:
$CMD ls -a $MODE echo/reply $PWD root2005 $END
If the payload matches with the server protocol specification then it will pipe the command to "/bin/sh" or "cmd.exe" and execute it. The server then reads the result from the pipe and sends it back to the client that will print it to stdout.
Moreover every client will send ICMP packets having id equal to the clients current process ID and will accept only ICMP replies having the same id value. This prevents output to be printed by other client instances running on the same workstation (this argument is also treated in the FAQs section).
Main features:
- Platform independent.
- Possibility to run soicmp daemon on multiple ethernet interfaces simultaneously handling multiple client connections.
- Possibility to specify the buffer size of outgoing packets.
- Client side source IP address spoofing.
- Remote client case-sensitive (plain texted) authentication.
- Possibility to select two communication types:
- One based on encapsulating command output in unique "one way" ICMP_ECHOREPLY (type 0) packets sent by server to client (see fig. 1).
- Another one that guarantees the correct packets delivering by using the request/response nature of ECHO and ECHOREPLY ICMP packet types (see fig.2)
- No listening sockets are listed by netstat or similar programs.
Download (0.58MB)
Added: 2006-11-07 License: GPL (GNU General Public License) Price:
1081 downloads
ATA over Ethernet Tools 16
The ATA over Ethernet Tools are intended for use in conjunction with an ATA over Ethernet (AoE) driver for a Linux 2.6 kernel. more>>
ATA over Ethernet Tools are intended for use in conjunction with an ATA over Ethernet (AoE) driver for a Linux 2.6 kernel.
They perform simple tasks like listing available devices, triggering device discovery, and restricting the network interfaces on which AoE is performed.
Whats New in This Release:
This release includes a workaround for a bug in the dash shell where dash does not support POSIX math expressions like ...
n=1
echo $((n+1))
<<lessThey perform simple tasks like listing available devices, triggering device discovery, and restricting the network interfaces on which AoE is performed.
Whats New in This Release:
This release includes a workaround for a bug in the dash shell where dash does not support POSIX math expressions like ...
n=1
echo $((n+1))
Download (0.019MB)
Added: 2007-06-02 License: GPL (GNU General Public License) Price:
878 downloads
Shelisp 2
Shelisp is a very short program that provides mechanisms for composing and running Unix shell. more>>
Shelisp is a very short program that provides mechanisms for composing and running Unix shell (particularly bash) commands and constructs from Common Lisp.
To run shelisp, say at the command prompt:
lisp -load shelisp.lisp
This should start CMU Common Lisp and provide the prompt, *. A more convenient form could be to start emacs, and issue the command M-x cmulisp that will start an `inferior lisp mode with cmu; then, say:
(load "shelisp.lisp")
The bang (!) escape to shell
Now you can say (the * is already put there by cmulisp):
- !ls
And it will execute the shell ls command (by running a bash instance and passing the command to it.
Of course, you are actually in Lisp. You can try this:
- (defun factorial (x) (if (zerop x) 1 (* x (factorial (1- x)))))
FACTORIAL
- (factorial 33)
8683317618811886495518194401280000000
So, if you enter ``! the rest of the line (until the first end of line that is not escaped with a ``) is interpreted as a bash command and the result is printed on the standard output.
Now try:
- !echo ?(+ 2 3) zuzu
5zuzu
The `? is the lisp escape. It is followed by an s-expression which is read, executed and printed (with princ) and the printed result replaces the `? and the expression in the shell command. It can be any Lisp expression.
- !echo ?(+ 2/3 2/11) "<<less
To run shelisp, say at the command prompt:
lisp -load shelisp.lisp
This should start CMU Common Lisp and provide the prompt, *. A more convenient form could be to start emacs, and issue the command M-x cmulisp that will start an `inferior lisp mode with cmu; then, say:
(load "shelisp.lisp")
The bang (!) escape to shell
Now you can say (the * is already put there by cmulisp):
- !ls
And it will execute the shell ls command (by running a bash instance and passing the command to it.
Of course, you are actually in Lisp. You can try this:
- (defun factorial (x) (if (zerop x) 1 (* x (factorial (1- x)))))
FACTORIAL
- (factorial 33)
8683317618811886495518194401280000000
So, if you enter ``! the rest of the line (until the first end of line that is not escaped with a ``) is interpreted as a bash command and the result is printed on the standard output.
Now try:
- !echo ?(+ 2 3) zuzu
5zuzu
The `? is the lisp escape. It is followed by an s-expression which is read, executed and printed (with princ) and the printed result replaces the `? and the expression in the shell command. It can be any Lisp expression.
- !echo ?(+ 2/3 2/11) "<<less
Download (0.005MB)
Added: 2006-08-20 License: GPL (GNU General Public License) Price:
1163 downloads
libbonobo 2.19.4
libbonobo is the non-GUI part of the bonobo component infrastructure. more>>
libbonobo is the non-GUI part of the bonobo component infrastructure, it is most useful for creating aggregate interfaces & doing IPC easily.
libbonobo also contains a rather badly designed & implemented per-system activation system. This needs re-writing & simplifying to be per-display.
Take a look at samples/echo/.
What is Bonobo
Bonobo is a set of language and system independant CORBA interfaces for creating reusable components, controls and creating compound documents.
The Bonobo distribution includes a Gtk+ based implementation of the Bonobo interfaces, enabling developers to create reusable components and applications that can be used to form more complex documents.
If you want to look into a Java implementation of Bonobo, look in the GNOME CVS for the `monkeybeans module (Erdi Gergo is the author), you can browse it at: http://cvs.gnome.org/bonsai
<<lesslibbonobo also contains a rather badly designed & implemented per-system activation system. This needs re-writing & simplifying to be per-display.
Take a look at samples/echo/.
What is Bonobo
Bonobo is a set of language and system independant CORBA interfaces for creating reusable components, controls and creating compound documents.
The Bonobo distribution includes a Gtk+ based implementation of the Bonobo interfaces, enabling developers to create reusable components and applications that can be used to form more complex documents.
If you want to look into a Java implementation of Bonobo, look in the GNOME CVS for the `monkeybeans module (Erdi Gergo is the author), you can browse it at: http://cvs.gnome.org/bonsai
Download (1.7MB)
Added: 2007-06-19 License: LGPL (GNU Lesser General Public License) Price:
858 downloads
Other version of libbonobo
Take a look at samples/echo/. What is Bonobo Bonobo is a set of language and system independantLicense:GPL (GNU General Public License)
kfilewatcher 0.1
kfilewatcher project watches for file changes and allows you to react on them. more>>
kfilewatcher project watches for file changes and allows you to react on them.
Example:
kfilewatcher /tmp/test 2>&1 | while read a; do echo "File has changed - doing something"; done
This command does something every time kfilewatcher detects a change. At the moment, the only action is to output "File has changed - doing something", but you can write anything there, e.g.
- backup stuff as soon as it changes
- publish files on your homepage everytime they change
- keep directories in sync
<<lessExample:
kfilewatcher /tmp/test 2>&1 | while read a; do echo "File has changed - doing something"; done
This command does something every time kfilewatcher detects a change. At the moment, the only action is to output "File has changed - doing something", but you can write anything there, e.g.
- backup stuff as soon as it changes
- publish files on your homepage everytime they change
- keep directories in sync
Download (1.7MB)
Added: 2006-12-28 License: GPL (GNU General Public License) Price:
1030 downloads
ICMP-Chat 0.6
ICMP-Chat is a simple console-based chat that uses ICMP packets for communication. more>>
ICMP-Chat is a simple console-based chat that uses ICMP packets for communication. All the data is encrypted with Rijndael-256 algorithm.
Installation:
Type: make && make install
For solaris type: make solaris && make install
Usage:
Usage: icmpchat [OPTIONS] < host > < nick >
< host > = Host to chat with
< nick > = Your nickname
OPTIONS:
-t < type > = specify icmp type (default ECHO_REPLY)
Example: icmpchat 192.168.1.2 foo
ICMP codes:
[0] Echo Reply
[5] Redirect
[8] Echo Request
[9] Router advertisement
[10] Router solicitation
[13] Timestamp request
[14] Timestamp reply
[15] Information request
[16] Information reply
[17] Adressmask request
[18] Adressmask reply
Enhancements:
- Rewrote from scratch
- Implemented optimized rijndael algorithm
- Implemented sha256 for password hashing
- Implemented ncurses frontend (again)
- Fixed getuid problem so that setting suid flag works now (thanks John)
<<lessInstallation:
Type: make && make install
For solaris type: make solaris && make install
Usage:
Usage: icmpchat [OPTIONS] < host > < nick >
< host > = Host to chat with
< nick > = Your nickname
OPTIONS:
-t < type > = specify icmp type (default ECHO_REPLY)
Example: icmpchat 192.168.1.2 foo
ICMP codes:
[0] Echo Reply
[5] Redirect
[8] Echo Request
[9] Router advertisement
[10] Router solicitation
[13] Timestamp request
[14] Timestamp reply
[15] Information request
[16] Information reply
[17] Adressmask request
[18] Adressmask reply
Enhancements:
- Rewrote from scratch
- Implemented optimized rijndael algorithm
- Implemented sha256 for password hashing
- Implemented ncurses frontend (again)
- Fixed getuid problem so that setting suid flag works now (thanks John)
Download (0.037MB)
Added: 2006-06-16 License: GPL (GNU General Public License) Price:
1229 downloads
Caiviar 0.3.5
Caiviar is an Interactive Voice Response (IVR) System based on CAPI. more>>
Caiviar is an Interactive Voice Response (IVR) System based on CAPI.
It runs on Linux and Windows systems, and supports Text-To-Speech (most notably Realspeak and Festival), multithreading, Barge In, 3 Party Conference, G3 Fax etc.
It has a very simple interface, allowing fast creation of Telephony applications, like e.g. Voiceboxes, Authentication systems, automatic Callcenters etc.
Languages supported include Java, C++, Perl and Python. The source code for Caiviar is freely available.
Enhancements:
- several bugfixes.
- delay (echo) of the connect() function has been greatly reduced.
<<lessIt runs on Linux and Windows systems, and supports Text-To-Speech (most notably Realspeak and Festival), multithreading, Barge In, 3 Party Conference, G3 Fax etc.
It has a very simple interface, allowing fast creation of Telephony applications, like e.g. Voiceboxes, Authentication systems, automatic Callcenters etc.
Languages supported include Java, C++, Perl and Python. The source code for Caiviar is freely available.
Enhancements:
- several bugfixes.
- delay (echo) of the connect() function has been greatly reduced.
Download (0.26MB)
Added: 2005-09-21 License: GPL (GNU General Public License) Price:
1493 downloads
MultiPing 0.2
MultiPing provides a multi-protocol, multi-host, graphical ping utility. more>>
MultiPing provides a multi-protocol, multi-host, graphical ping utility.
MultiPing is a multi-protocol, multi-host, graphical ping utility, used to ensure a set of hosts are up and running and providing the expected services.
Currently, the supported protocols are ICMP Echo, HTTP, SMTP, and POP. This goes beyond simply using ICMP Echo to determine the status of a server to actually testing the protocols the server is expected to be providing.
MultiPing is provided as a runnable .jar file. You should be able to simply double-click the multiping.jar file to launch MultiPing. You can then right-click in the main window to access the context menu which will allow you to add, edit, and delete hosts from the list.
Each host can have one or more of the supported protocols enabled. For each enabled protocol zero or more arguments can be provided which are used to status the specified protocol.
A file will be created in the same directory as multiping.jar named multiping.dat. This stores the list of hosts, along with the protocols enabled for each host and the arguments to each enabled protocol.
<<lessMultiPing is a multi-protocol, multi-host, graphical ping utility, used to ensure a set of hosts are up and running and providing the expected services.
Currently, the supported protocols are ICMP Echo, HTTP, SMTP, and POP. This goes beyond simply using ICMP Echo to determine the status of a server to actually testing the protocols the server is expected to be providing.
MultiPing is provided as a runnable .jar file. You should be able to simply double-click the multiping.jar file to launch MultiPing. You can then right-click in the main window to access the context menu which will allow you to add, edit, and delete hosts from the list.
Each host can have one or more of the supported protocols enabled. For each enabled protocol zero or more arguments can be provided which are used to status the specified protocol.
A file will be created in the same directory as multiping.jar named multiping.dat. This stores the list of hosts, along with the protocols enabled for each host and the arguments to each enabled protocol.
Download (0.045MB)
Added: 2007-03-16 License: GPL (GNU General Public License) Price:
994 downloads
Kwiki::Emoticon 0.03
Kwiki::Emoticon is a Perl module with emoticon phrase for Kwiki. more>>
Kwiki::Emoticon is a Perl module with emoticon phrase for Kwiki.
SYNOPSIS
> echo Kwiki::Emoticon >> plugins
# optionally, you can change the Emoticon class (MSN by default)
> $EDITOR config.yaml
emoticon_driver: Yahoo
Now you can use emoticon like in your Kwiki text.
<<lessSYNOPSIS
> echo Kwiki::Emoticon >> plugins
# optionally, you can change the Emoticon class (MSN by default)
> $EDITOR config.yaml
emoticon_driver: Yahoo
Now you can use emoticon like in your Kwiki text.
Download (0.009MB)
Added: 2006-12-15 License: Perl Artistic License Price:
1043 downloads
IPv6 FireWall script
IPv6 FireWall script is a firewall based on ip6tables. more>>
IPv6 FireWall script is a firewall based on ip6tables.
firewall6.sh 122 lines
#!/bin/bash
# Basic IPv6 FireWall script by Dennis Kruyt (dennis@klingon.nl)
#
# Sun Jan 5 18:26:28 2003 - DK
#debug
#set -x
cd /opt/scripts/firewall
source ./config6
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
# change to script directory
cd ${SCRIPTSDIR}
SCRIPT=${SCRIPTSDIR}/firewall6.sh
case "$1" in
flush)
echo -e "Starting Firewall:"
${IPTABLE6} -F >> /dev/null 2>&1
${IPTABLE6} -X >> /dev/null 2>&1
echo -e "Setting defaults op ACCEPT!"
echo -e "ALERT: no firewall rules active"
#
${IPTABLE6} -P INPUT ACCEPT
${IPTABLE6} -P OUTPUT ACCEPT
${IPTABLE6} -P FORWARD ACCEPT
;;
start|reload)
echo -n "Starting Firewall: "
# paging!
#
# create a backup
TIME=`date +%s`
tar -czf /opt/backups/firewall/firewall.${TIME}.tar.gz /opt/scripts/firewall
# sending mail
mail email@address.com -s "Firewall - (re)started" < $0
# wait
sleep 1
# kerneloptions
echo -n "Loading Kernel options.."
./kernel_options6.sh
echo -n "Flushing and deleting all chains.."
${IPTABLE6} -F >> /dev/null 2>&1
${IPTABLE6} -X >> /dev/null 2>&1
# default policy
echo -n "Setting default policy DROP.."
${IPTABLE6} -P INPUT DROP
${IPTABLE6} -P OUTPUT DROP
${IPTABLE6} -P FORWARD DROP
# ?????????????
#${IPTABLE} -F -t mangle
#${IPTABLE} -t mangle -X
echo -e "Loading chains.."
# create chain blacklist
${IPTABLE6} --new blacklist
#And drop the evil ones
for i in $BLACKLIST6;do
${IPTABLE6} -A blacklist --src $i -j DROP
done
#icmp chain
${IPTABLE6} --new icmprules
${IPTABLE6} -A icmprules -p icmpv6 -j ACCEPT
# create out chain
${IPTABLE6} --new out
#localhost to localhost
${IPTABLE6} -A out --src $LOCALHOST6 --dst $LOCALHOST6 -j ACCEPT
# for now accept all outgoing IPv6 traffic
${IPTABLE6} -A out --src $SIXXS --dst $ANY6 -j ACCEPT
# create in chain
${IPTABLE6} --new in
#localhost to localhost
${IPTABLE6} -A in --src $LOCALHOST6 --dst $LOCALHOST6 -j ACCEPT
# for now accept all incomming IPv6 traffic
${IPTABLE6} -A in --dst $SIXXS --src $ANY6 -j ACCEPT
#All that are in trusted may ssh
for i in $THRUSTED6;do
${IPTABLE6} -A in -p tcp --dst $SIXXS --dport 22 --src $i -j ACCEPT
done
# jump to all ipv6 chains
${IPTABLE6} -A INPUT -j blacklist
${IPTABLE6} -A OUTPUT -j blacklist
${IPTABLE6} -A FORWARD -j blacklist
${IPTABLE6} -A INPUT -j icmprules
${IPTABLE6} -A OUTPUT -j icmprules
${IPTABLE6} -A INPUT -j in
${IPTABLE6} -A OUTPUT -j out
;;
show)
echo -e "Rules in the firewall: ${CHAIN} n"
${IPTABLE6} -L -n
;;
*)
echo -e "Usage: ${SCRIPT} {flush|start|reload|show} n"
exit 1
;;
esac
exit 0
config6 12 lines
export IPTABLE6=/sbin/ip6tables
export SCRIPTSDIR=/opt/scripts/firewall
export EXT="eth0" # device
export SIXXS="3ffe:8114:1000::50f/127" # extern
export ANY6="::/0"
export LOCALHOST6="::1/128"
export THRUSTED6=""
export BLACKLIST6="3ffe:8114:2fff:1391::1"
kernel_options6.sh 7 lines
#!/bin/bash
# forwarding on
#echo "1" > /proc/sys/net/ipv6 blablabla
# Set some other IPv6 proc settings
#echo "1" > /proc/sys/net/ipv6 blablabla
<<lessfirewall6.sh 122 lines
#!/bin/bash
# Basic IPv6 FireWall script by Dennis Kruyt (dennis@klingon.nl)
#
# Sun Jan 5 18:26:28 2003 - DK
#debug
#set -x
cd /opt/scripts/firewall
source ./config6
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11
# change to script directory
cd ${SCRIPTSDIR}
SCRIPT=${SCRIPTSDIR}/firewall6.sh
case "$1" in
flush)
echo -e "Starting Firewall:"
${IPTABLE6} -F >> /dev/null 2>&1
${IPTABLE6} -X >> /dev/null 2>&1
echo -e "Setting defaults op ACCEPT!"
echo -e "ALERT: no firewall rules active"
#
${IPTABLE6} -P INPUT ACCEPT
${IPTABLE6} -P OUTPUT ACCEPT
${IPTABLE6} -P FORWARD ACCEPT
;;
start|reload)
echo -n "Starting Firewall: "
# paging!
#
# create a backup
TIME=`date +%s`
tar -czf /opt/backups/firewall/firewall.${TIME}.tar.gz /opt/scripts/firewall
# sending mail
mail email@address.com -s "Firewall - (re)started" < $0
# wait
sleep 1
# kerneloptions
echo -n "Loading Kernel options.."
./kernel_options6.sh
echo -n "Flushing and deleting all chains.."
${IPTABLE6} -F >> /dev/null 2>&1
${IPTABLE6} -X >> /dev/null 2>&1
# default policy
echo -n "Setting default policy DROP.."
${IPTABLE6} -P INPUT DROP
${IPTABLE6} -P OUTPUT DROP
${IPTABLE6} -P FORWARD DROP
# ?????????????
#${IPTABLE} -F -t mangle
#${IPTABLE} -t mangle -X
echo -e "Loading chains.."
# create chain blacklist
${IPTABLE6} --new blacklist
#And drop the evil ones
for i in $BLACKLIST6;do
${IPTABLE6} -A blacklist --src $i -j DROP
done
#icmp chain
${IPTABLE6} --new icmprules
${IPTABLE6} -A icmprules -p icmpv6 -j ACCEPT
# create out chain
${IPTABLE6} --new out
#localhost to localhost
${IPTABLE6} -A out --src $LOCALHOST6 --dst $LOCALHOST6 -j ACCEPT
# for now accept all outgoing IPv6 traffic
${IPTABLE6} -A out --src $SIXXS --dst $ANY6 -j ACCEPT
# create in chain
${IPTABLE6} --new in
#localhost to localhost
${IPTABLE6} -A in --src $LOCALHOST6 --dst $LOCALHOST6 -j ACCEPT
# for now accept all incomming IPv6 traffic
${IPTABLE6} -A in --dst $SIXXS --src $ANY6 -j ACCEPT
#All that are in trusted may ssh
for i in $THRUSTED6;do
${IPTABLE6} -A in -p tcp --dst $SIXXS --dport 22 --src $i -j ACCEPT
done
# jump to all ipv6 chains
${IPTABLE6} -A INPUT -j blacklist
${IPTABLE6} -A OUTPUT -j blacklist
${IPTABLE6} -A FORWARD -j blacklist
${IPTABLE6} -A INPUT -j icmprules
${IPTABLE6} -A OUTPUT -j icmprules
${IPTABLE6} -A INPUT -j in
${IPTABLE6} -A OUTPUT -j out
;;
show)
echo -e "Rules in the firewall: ${CHAIN} n"
${IPTABLE6} -L -n
;;
*)
echo -e "Usage: ${SCRIPT} {flush|start|reload|show} n"
exit 1
;;
esac
exit 0
config6 12 lines
export IPTABLE6=/sbin/ip6tables
export SCRIPTSDIR=/opt/scripts/firewall
export EXT="eth0" # device
export SIXXS="3ffe:8114:1000::50f/127" # extern
export ANY6="::/0"
export LOCALHOST6="::1/128"
export THRUSTED6=""
export BLACKLIST6="3ffe:8114:2fff:1391::1"
kernel_options6.sh 7 lines
#!/bin/bash
# forwarding on
#echo "1" > /proc/sys/net/ipv6 blablabla
# Set some other IPv6 proc settings
#echo "1" > /proc/sys/net/ipv6 blablabla
Download (0.002MB)
Added: 2007-02-13 License: GPL (GNU General Public License) Price:
994 downloads
Echoserver 1.3
See what browsers and programs are sending to an HTTP Server. Simple server just dumps whatever it receives on the console. Echoserver is misnamed because it does not actually echo what it receives back to the browser. more>>
Echoserver - See what browsers and programs are sending to an HTTP Server.
Simple server just dumps whatever it receives on the console.
Echoserver is misnamed because it does not actually echo what it receives
back to the browser.
Enhancements:
Version 1.3
change pad directory structure
System Requirements:<<less
Download (520Kb)
Added: 2006-03-06 License: Free Price: Free
13 downloads
Packet filtering setup script
Packet filtering setup script by Anthony C. Zboralski. more>>
Packet filtering setup script by Anthony C. Zboralski. Adapted by Didi Damian for iptables version 1.0.0
Sample:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# Set up variables
EXT_IF="eth0"
INT_IF="eth1"
EXT_IP=24.x.x.x/32
INT_IP=192.168.0.1/32
EXT_NET=24.x.x.0/24
INT_NET=192.168.0.0/24
MASQ_NETS="192.168.0.0/24"
LOCAL_ADDRS="127.0.0.0/8 192.168.0.1/32 24.x.x.x/32"
MAIL_RELAY=24.x.x.x/32
SMB_ACCESS="192.168.0.2/32"
SMB_BCAST="192.168.0.255/32"
# Turn on IP forwarding
echo Turning on IP forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
# Load the ip_tables module
echo Loading ip_tables module.
/sbin/modprobe ip_tables || exit 1
# I let the kernel dynamically load the other modules
echo Flush standard tables.
iptables --flush INPUT
iptables --flush OUTPUT
iptables --flush FORWARD
echo Deny everything until firewall setup is completed.
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP
CHAINS=`iptables -n -L |perl -n -e /Chains+(S+)/ && !($1 =~ /^(INPUT|FORWARD|OUTPUT)$/) && print "$1 "`
echo Remove remaining chains:
echo $CHAINS
for chain in $CHAINS; do
iptables --flush $chain
done
# 2nd step cause of dependencies
for chain in $CHAINS; do
iptables --delete-chain $chain
done
for net in $MASQ_NETS; do
# I delete all the rules so you can rerun the scripts without bloating
# your nat entries.
iptables -D POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE 2>/dev/null
iptables -A POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE || exit 1
done
iptables --policy FORWARD ACCEPT
# Create a target for logging and dropping packets
iptables --new LDROP 2>/dev/null
iptables -A LDROP --proto tcp -j LOG --log-level info
--log-prefix "TCP Drop "
iptables -A LDROP --proto udp -j LOG --log-level info
--log-prefix "UDP Drop "
iptables -A LDROP --proto icmp -j LOG --log-level info
--log-prefix "ICMP Drop "
iptables -A LDROP --proto gre -j LOG --log-level info
--log-prefix "GRE Drop "
iptables -A LDROP -f -j LOG --log-level emerg
--log-prefix "FRAG Drop "
iptables -A LDROP -j DROP
# Create a table for watching some accepting rules
iptables --new WATCH 2>/dev/null
iptables -A WATCH -m limit -j LOG --log-level warn --log-prefix "ACCEPT "
iptables -A WATCH -j ACCEPT
echo Special target for local addresses:
iptables --new LOCAL 2>/dev/null
echo $LOCAL_ADDRS
for ip in $LOCAL_ADDRS; do
iptables -A INPUT --dst $ip -j LOCAL
# iptables -A INPUT --src $ip -i ! lo -j LDROP # lame spoof protect
done
echo Authorize mail from mail relay.
iptables -A LOCAL --proto tcp --syn --src $MAIL_RELAY --dst $EXT_IP --dport 25 -j ACCEPT
echo Authorizing samba access to:
echo $SMB_ACCESS
iptables --new SMB 2>/dev/null
for ip in $SMB_ACCESS; do
iptables -A SMB -s $ip -j ACCEPT
done
iptables -A LOCAL --proto udp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 445 -j SMB
iptables -A INPUT -i ! $EXT_IF --dst $SMB_BCAST -j ACCEPT #lame samba broadcast
echo Drop and log every other incoming tcp connection attempts.
iptables -A LOCAL -i ! lo --proto tcp --syn --j LDROP
echo Authorize dns access for local nets.
for net in $MASQ_NETS 127.0.0.0/8; do
iptables -A INPUT --proto udp --src $net --dport 53 -j ACCEPT
done
echo Enforcing up ICMP policies, use iptables -L ICMP to check.
# If you deny all ICMP messages you head for trouble since it would
# break lots of tcp/ip algorythm (acz)
iptables --new ICMP 2>/dev/null
iptables -A INPUT --proto icmp -j ICMP
iptables -A ICMP -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A ICMP -p icmp --icmp-type destination-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type protocol-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type port-unreachable -j ACCEPT
iptables -A ICMP -p icmp --icmp-type fragmentation-needed -j LDROP
iptables -A ICMP -p icmp --icmp-type source-route-failed -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type network-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type communication-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-precedence-violation -j LDROP
iptables -A ICMP -p icmp --icmp-type precedence-cutoff -j LDROP
iptables -A ICMP -p icmp --icmp-type source-quench -j LDROP
iptables -A ICMP -p icmp --icmp-type redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type echo-request -j WATCH
iptables -A ICMP -p icmp --icmp-type router-advertisement -j LDROP
iptables -A ICMP -p icmp --icmp-type router-solicitation -j LDROP
iptables -A ICMP -p icmp --icmp-type time-exceeded -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-transit -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-reassembly -j WATCH
iptables -A ICMP -p icmp --icmp-type parameter-problem -j WATCH
iptables -A ICMP -p icmp --icmp-type ip-header-bad -j WATCH
iptables -A ICMP -p icmp --icmp-type required-option-missing -j WATCH
iptables -A ICMP -p icmp --icmp-type timestamp-request -j LDROP
iptables -A ICMP -p icmp --icmp-type timestamp-reply -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-request -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-reply -j LDROP
iptables -A ICMP -p icmp -j LDROP
echo Authorize tcp traffic.
iptables -A INPUT --proto tcp -j ACCEPT
echo Authorize packet output.
iptables --policy OUTPUT ACCEPT
#echo reject ident if you drop em you gotta wait for timeout
#iptables -I LOCAL --proto tcp --syn --dst $EXT_IP --dport 113 -j REJECT
echo Drop and log all udp below 1024.
iptables -A INPUT -i ! lo --proto udp --dport :1023 -j LDROP
echo Drop rpc dynamic udp port:
RPC_UDP=`rpcinfo -p localhost|perl -n -e /.*udps+(d+)s+/ && print $1,"n"|sort -u`
echo $RPC_UDP
for port in $RPC_UDP; do
iptables -A LOCAL -i ! lo --proto udp --dport $port -j LDROP
done
echo Authorize udp above 1024.
iptables -A INPUT --proto udp --dport 1024: -j ACCEPT
<<lessSample:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# Set up variables
EXT_IF="eth0"
INT_IF="eth1"
EXT_IP=24.x.x.x/32
INT_IP=192.168.0.1/32
EXT_NET=24.x.x.0/24
INT_NET=192.168.0.0/24
MASQ_NETS="192.168.0.0/24"
LOCAL_ADDRS="127.0.0.0/8 192.168.0.1/32 24.x.x.x/32"
MAIL_RELAY=24.x.x.x/32
SMB_ACCESS="192.168.0.2/32"
SMB_BCAST="192.168.0.255/32"
# Turn on IP forwarding
echo Turning on IP forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
# Load the ip_tables module
echo Loading ip_tables module.
/sbin/modprobe ip_tables || exit 1
# I let the kernel dynamically load the other modules
echo Flush standard tables.
iptables --flush INPUT
iptables --flush OUTPUT
iptables --flush FORWARD
echo Deny everything until firewall setup is completed.
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP
CHAINS=`iptables -n -L |perl -n -e /Chains+(S+)/ && !($1 =~ /^(INPUT|FORWARD|OUTPUT)$/) && print "$1 "`
echo Remove remaining chains:
echo $CHAINS
for chain in $CHAINS; do
iptables --flush $chain
done
# 2nd step cause of dependencies
for chain in $CHAINS; do
iptables --delete-chain $chain
done
for net in $MASQ_NETS; do
# I delete all the rules so you can rerun the scripts without bloating
# your nat entries.
iptables -D POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE 2>/dev/null
iptables -A POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE || exit 1
done
iptables --policy FORWARD ACCEPT
# Create a target for logging and dropping packets
iptables --new LDROP 2>/dev/null
iptables -A LDROP --proto tcp -j LOG --log-level info
--log-prefix "TCP Drop "
iptables -A LDROP --proto udp -j LOG --log-level info
--log-prefix "UDP Drop "
iptables -A LDROP --proto icmp -j LOG --log-level info
--log-prefix "ICMP Drop "
iptables -A LDROP --proto gre -j LOG --log-level info
--log-prefix "GRE Drop "
iptables -A LDROP -f -j LOG --log-level emerg
--log-prefix "FRAG Drop "
iptables -A LDROP -j DROP
# Create a table for watching some accepting rules
iptables --new WATCH 2>/dev/null
iptables -A WATCH -m limit -j LOG --log-level warn --log-prefix "ACCEPT "
iptables -A WATCH -j ACCEPT
echo Special target for local addresses:
iptables --new LOCAL 2>/dev/null
echo $LOCAL_ADDRS
for ip in $LOCAL_ADDRS; do
iptables -A INPUT --dst $ip -j LOCAL
# iptables -A INPUT --src $ip -i ! lo -j LDROP # lame spoof protect
done
echo Authorize mail from mail relay.
iptables -A LOCAL --proto tcp --syn --src $MAIL_RELAY --dst $EXT_IP --dport 25 -j ACCEPT
echo Authorizing samba access to:
echo $SMB_ACCESS
iptables --new SMB 2>/dev/null
for ip in $SMB_ACCESS; do
iptables -A SMB -s $ip -j ACCEPT
done
iptables -A LOCAL --proto udp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 445 -j SMB
iptables -A INPUT -i ! $EXT_IF --dst $SMB_BCAST -j ACCEPT #lame samba broadcast
echo Drop and log every other incoming tcp connection attempts.
iptables -A LOCAL -i ! lo --proto tcp --syn --j LDROP
echo Authorize dns access for local nets.
for net in $MASQ_NETS 127.0.0.0/8; do
iptables -A INPUT --proto udp --src $net --dport 53 -j ACCEPT
done
echo Enforcing up ICMP policies, use iptables -L ICMP to check.
# If you deny all ICMP messages you head for trouble since it would
# break lots of tcp/ip algorythm (acz)
iptables --new ICMP 2>/dev/null
iptables -A INPUT --proto icmp -j ICMP
iptables -A ICMP -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A ICMP -p icmp --icmp-type destination-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type protocol-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type port-unreachable -j ACCEPT
iptables -A ICMP -p icmp --icmp-type fragmentation-needed -j LDROP
iptables -A ICMP -p icmp --icmp-type source-route-failed -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type network-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type communication-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-precedence-violation -j LDROP
iptables -A ICMP -p icmp --icmp-type precedence-cutoff -j LDROP
iptables -A ICMP -p icmp --icmp-type source-quench -j LDROP
iptables -A ICMP -p icmp --icmp-type redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type echo-request -j WATCH
iptables -A ICMP -p icmp --icmp-type router-advertisement -j LDROP
iptables -A ICMP -p icmp --icmp-type router-solicitation -j LDROP
iptables -A ICMP -p icmp --icmp-type time-exceeded -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-transit -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-reassembly -j WATCH
iptables -A ICMP -p icmp --icmp-type parameter-problem -j WATCH
iptables -A ICMP -p icmp --icmp-type ip-header-bad -j WATCH
iptables -A ICMP -p icmp --icmp-type required-option-missing -j WATCH
iptables -A ICMP -p icmp --icmp-type timestamp-request -j LDROP
iptables -A ICMP -p icmp --icmp-type timestamp-reply -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-request -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-reply -j LDROP
iptables -A ICMP -p icmp -j LDROP
echo Authorize tcp traffic.
iptables -A INPUT --proto tcp -j ACCEPT
echo Authorize packet output.
iptables --policy OUTPUT ACCEPT
#echo reject ident if you drop em you gotta wait for timeout
#iptables -I LOCAL --proto tcp --syn --dst $EXT_IP --dport 113 -j REJECT
echo Drop and log all udp below 1024.
iptables -A INPUT -i ! lo --proto udp --dport :1023 -j LDROP
echo Drop rpc dynamic udp port:
RPC_UDP=`rpcinfo -p localhost|perl -n -e /.*udps+(d+)s+/ && print $1,"n"|sort -u`
echo $RPC_UDP
for port in $RPC_UDP; do
iptables -A LOCAL -i ! lo --proto udp --dport $port -j LDROP
done
echo Authorize udp above 1024.
iptables -A INPUT --proto udp --dport 1024: -j ACCEPT
Download (MB)
Added: 2007-02-14 License: GPL (GNU General Public License) Price:
984 downloads
Kwiki::GoogleLink 0.01
Kwiki::GoogleLink is a Perl module with easy links to Google searches. more>>
Kwiki::GoogleLink is a Perl module with easy links to Google searches.
SYNOPSIS
$ cpan Kwiki::GoogleLink
$ cd /path/to/kwiki
$ echo "Kwiki::GoogleLink" >> plugins
$ kwiki -update
This was written as a demonstration of a plugin to add a new WAFL phrase to the Kwiki formatting rules.
This plugin makes it quick and easy to add a Google search link to a Kwiki page, for example:
Search Google for: {google:Kwiki}
will be rendered as
Search Google for: < a href="http://www.google.com/search?q=Kwiki">Kwiki< /a >
This example can be used as the basis for custom shortcuts at your own site.
<<lessSYNOPSIS
$ cpan Kwiki::GoogleLink
$ cd /path/to/kwiki
$ echo "Kwiki::GoogleLink" >> plugins
$ kwiki -update
This was written as a demonstration of a plugin to add a new WAFL phrase to the Kwiki formatting rules.
This plugin makes it quick and easy to add a Google search link to a Kwiki page, for example:
Search Google for: {google:Kwiki}
will be rendered as
Search Google for: < a href="http://www.google.com/search?q=Kwiki">Kwiki< /a >
This example can be used as the basis for custom shortcuts at your own site.
Download (0.008MB)
Added: 2006-11-24 License: Perl Artistic License Price:
1064 downloads
video2wii 0.01a
video2wii is another service menu for KDE, this time to convert a video for nintendo wii. more>>
video2wii is another service menu for KDE, this time to convert a video for nintendo wii.
It depends of the ffmpeg.
It looks like this:
[Desktop Action 2video4wii]
Exec=cd "%d";konsole --noclose -e ffmpeg -i %u -vcodec mjpeg -acodec pcm_u8 "`echo %u | perl -pe s/.[^.]+$//`.avi"
Icon=video
Name=Convert to video for Wii
Name[es]=Convertir en video para Wii
[Desktop Entry]
Actions=2video4wii
Icon=video
Name=2wii
Name[es]=2wii
ServiceTypes=video/*
<<lessIt depends of the ffmpeg.
It looks like this:
[Desktop Action 2video4wii]
Exec=cd "%d";konsole --noclose -e ffmpeg -i %u -vcodec mjpeg -acodec pcm_u8 "`echo %u | perl -pe s/.[^.]+$//`.avi"
Icon=video
Name=Convert to video for Wii
Name[es]=Convertir en video para Wii
[Desktop Entry]
Actions=2video4wii
Icon=video
Name=2wii
Name[es]=2wii
ServiceTypes=video/*
Download (MB)
Added: 2007-01-26 License: GPL (GNU General Public License) Price:
1003 downloads
Simple PHP Calendar 1.11
Simple PHP Calendar is a a simple, extensible PHP calendar class. more>>
Simple PHP Calendar is a a simple, extensible PHP calendar class. The project focuses exclusively on generating an HTML representation for a given month. It is meant to be easily extended for use in other applications, such as input widgets for forms, or full event calendaring applications. Its output is completely customizable via CSS.
A simple example
After downloading the class and including it in your PHP script, youre ready to start using it. The constructor requires two paramets, a year and month. The following code produces a very plain looking calendar.
1 require_once( class.Calendar.php );
2 $cal = new Calendar (2004, 3 );
3 echo "".$cal->getFullMonthName()."";
4 echo $cal->display();
Customizing the display
You can use two methods to change how the calendar is displayed. Use setTableWidth to define how wide to make the table, in pixels or as a percentage of the screen. Use setDayNameFormat to change how weekdays are displayed in the header row using strftime formats.
1 require_once(class.Calendar.php);
2 $calendar = new Calendar (2004, 4);
3 $calendar->setTableWidth(50%);
4 $calendar->setDayNameFormat(%A);
5 echo "".$calendar->getBriefMonthName().";
6 echo $calendar->display();
Final Example
You can use CSS selectors to control the formatting of all aspects of the calendar, including adding borders and how empty boxes display. Lets wrap our talbe in a div named calendar and use the following styles.
/* overall table */
#calendar table {
border:1px solid #fff;
padding: 0;
margin:20px;
}
/* the day headers across the top */
#calendar th {
background: #565;
color: #fff;
margin: 3px;
padding: 2px 5px;
}
/* how days this month will look, make dates appear in top right */
#calendar td {
background: #eee;
color: #000;
padding: 2px;
margin:0;
height:60px;
text-align:right;
vertical-align:top;
border:1px solid #fff;
}
/* these are the days falling outside this month */
#calendar td.notInMonth {
background: #999;
}
Enhancements:
- The documentation has been polished.
- An example has been added for extending the class to customize how a calendar grid will display.
<<lessA simple example
After downloading the class and including it in your PHP script, youre ready to start using it. The constructor requires two paramets, a year and month. The following code produces a very plain looking calendar.
1 require_once( class.Calendar.php );
2 $cal = new Calendar (2004, 3 );
3 echo "".$cal->getFullMonthName()."";
4 echo $cal->display();
Customizing the display
You can use two methods to change how the calendar is displayed. Use setTableWidth to define how wide to make the table, in pixels or as a percentage of the screen. Use setDayNameFormat to change how weekdays are displayed in the header row using strftime formats.
1 require_once(class.Calendar.php);
2 $calendar = new Calendar (2004, 4);
3 $calendar->setTableWidth(50%);
4 $calendar->setDayNameFormat(%A);
5 echo "".$calendar->getBriefMonthName().";
6 echo $calendar->display();
Final Example
You can use CSS selectors to control the formatting of all aspects of the calendar, including adding borders and how empty boxes display. Lets wrap our talbe in a div named calendar and use the following styles.
/* overall table */
#calendar table {
border:1px solid #fff;
padding: 0;
margin:20px;
}
/* the day headers across the top */
#calendar th {
background: #565;
color: #fff;
margin: 3px;
padding: 2px 5px;
}
/* how days this month will look, make dates appear in top right */
#calendar td {
background: #eee;
color: #000;
padding: 2px;
margin:0;
height:60px;
text-align:right;
vertical-align:top;
border:1px solid #fff;
}
/* these are the days falling outside this month */
#calendar td.notInMonth {
background: #999;
}
Enhancements:
- The documentation has been polished.
- An example has been added for extending the class to customize how a calendar grid will display.
Download (0.002MB)
Added: 2007-01-24 License: GPL (GNU General Public License) Price:
1013 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above liverpool echo search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
