logging script
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 5136
Logging Services 0.9.7
Logging Services project is intended to provide cross-language logging services for purposes of application debugging. more>>
Logging Services project is intended to provide cross-language logging services for purposes of application debugging and auditing.
We should also mention that thanks to the relentless efforts of many developers, we have a basic level of interoperability between the following projects:
- Log4Cxx (c++)
- Log4j
- Log4Net
- Log4Perl
- Log4PHP
- Log4PLSQL
- JDK1.4s util.logging framework
There is still much work ahead bringing in the various projects to work together within the Logging Services Project. The process is likely to take a little while. In the mean time, we will continue to do what we like best, that is developing open source software.
This is a project of the Apache Software Foundation (ASF). Like all Apache projects, we encourage a collaborative, consensus-based development process. We offer an open and pragmatic software license, and we strive to create software of the highest quality. The ASF is organized into several projects, which like Logging Services project may contain multiple sub-projects.
<<lessWe should also mention that thanks to the relentless efforts of many developers, we have a basic level of interoperability between the following projects:
- Log4Cxx (c++)
- Log4j
- Log4Net
- Log4Perl
- Log4PHP
- Log4PLSQL
- JDK1.4s util.logging framework
There is still much work ahead bringing in the various projects to work together within the Logging Services Project. The process is likely to take a little while. In the mean time, we will continue to do what we like best, that is developing open source software.
This is a project of the Apache Software Foundation (ASF). Like all Apache projects, we encourage a collaborative, consensus-based development process. We offer an open and pragmatic software license, and we strive to create software of the highest quality. The ASF is organized into several projects, which like Logging Services project may contain multiple sub-projects.
Download (MB)
Added: 2007-01-11 License: The Apache License 2.0 Price:
1018 downloads
Comment Script 1.0
Comment Script is a script that allows comments to be left on any existing PHP or HTML page. more>>
Comment Script is a script that allows comments to be left on any existing PHP or HTML page. By default, Comment Script shows name, e-mail, homepage, title, and comment fields, though any can be disabled.
The "comment" field is mandatory and must be filled out before the form can be submitted. In order to prevent the script from being abused by automatic spam bots, you can enable the CAPTCHA feature.
The script then asks your visitors to enter a text they see in the image below the comment form into an input box. It also features an admin area where comments can be edited and deleted and the front-end language set.
Main features:
- Visitors can enter a name, e-mail, homepage, comment title and comment text
- Comment script can be included in existing web pages
- To prevent comment spam you can enable the Captcha feature
- Admin area for editing and deleting comments
- Completely template driven
- Installation routine
How the script works:
Once you have the script installed on your server you can include it in any existing PHP or HTML page. By default the script shows the form fields "name", "E-mail", "Homepage", "Title", and "Comment". You are free to remove some of the fields and only leave the ones you want.
The field "Comment" is mandatory and the form will not submit until that field has been filled out.
In order to prevent the script from being abused by automatic spam bots, you can enable the Captcha feature. The script then asks your visitors to enter a text they see in the image below the comment form into an input box. The comment will only be submitted if the strings match. Visitors have to ensure that their browser support and accept cookies, otherwise the comment cannot be verified.
The script also features an admin area where comments can be edited and deleted. Also there is a section for settings where you can set the front end language as well as the admin account.
<<lessThe "comment" field is mandatory and must be filled out before the form can be submitted. In order to prevent the script from being abused by automatic spam bots, you can enable the CAPTCHA feature.
The script then asks your visitors to enter a text they see in the image below the comment form into an input box. It also features an admin area where comments can be edited and deleted and the front-end language set.
Main features:
- Visitors can enter a name, e-mail, homepage, comment title and comment text
- Comment script can be included in existing web pages
- To prevent comment spam you can enable the Captcha feature
- Admin area for editing and deleting comments
- Completely template driven
- Installation routine
How the script works:
Once you have the script installed on your server you can include it in any existing PHP or HTML page. By default the script shows the form fields "name", "E-mail", "Homepage", "Title", and "Comment". You are free to remove some of the fields and only leave the ones you want.
The field "Comment" is mandatory and the form will not submit until that field has been filled out.
In order to prevent the script from being abused by automatic spam bots, you can enable the Captcha feature. The script then asks your visitors to enter a text they see in the image below the comment form into an input box. The comment will only be submitted if the strings match. Visitors have to ensure that their browser support and accept cookies, otherwise the comment cannot be verified.
The script also features an admin area where comments can be edited and deleted. Also there is a section for settings where you can set the front end language as well as the admin account.
Download (0.31MB)
Added: 2006-08-08 License: Free for non-commercial use Price:
1183 downloads
UTIN Firewall script
UTIN Firewall script project is a script for Linux 2.4.x and iptables. more>>
UTIN Firewall script project is a script for Linux 2.4.x and iptables.
###########
# Configuration options, these will speed you up getting this script to
# work with your own setup.
#
# your LANs IP range and localhost IP. /24 means to only use the first 24
# bits of the 32 bit IP adress. the same as netmask 255.255.255.0
#
# INET_IP is used by me to allow myself to do anything to myself, might
# be a security risc but sometimes I want this. If you dont have a static
# IP, I suggest not using this option at all for now but its still
# enabled per default and will add some really nifty security bugs for all
# those who skips reading the documentation=)
LAN_IP="192.168.0.2"
LAN_BCAST_ADRESS="192.168.0.255"
LAN_IFACE="eth1"
LO_IFACE="lo"
LO_IP="127.0.0.1"
INET_IP="194.236.50.155"
INET_IFACE="eth0"
IPTABLES="/usr/local/sbin/iptables"
#########
# Load all required IPTables modules
#
#
# Needed to initially load modules
#
/sbin/depmod -a
#
# Adds some iptables targets like LOG, REJECT and MASQUARADE.
#
/sbin/modprobe ipt_LOG
#/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE
#
# Support for owner matching
#
#/sbin/modprobe ipt_owner
#
# Support for connection tracking of FTP and IRC.
#
#/sbin/modprobe ip_conntrack_ftp
#/sbin/modprobe ip_conntrack_irc
#
# Enable ip_forward, this is critical since it is turned off as defaul in
# Linux.
#
echo "1" > /proc/sys/net/ipv4/ip_forward
#
# Dynamic IP users:
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
#
# Enable simple IP Forwarding and Network Address Translation
#
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP
#
# Set default policies for the INPUT, FORWARD and OUTPUT chains
#
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
#
# bad_tcp_packets chain
#
# Take care of bad TCP packets that we dont want.
#
$IPTABLES -N bad_tcp_packets
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG
--log-prefix "New not syn:"
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
#
# Do some checks for obviously spoofed IPs
#
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 192.168.0.0/16 -j DROP
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 10.0.0.0/8 -j DROP
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 172.16.0.0/12 -j DROP
$IPTABLES -A bad_tcp_packets -i $LAN_IFACE ! -s 192.168.0.0/16 -j DROP
#
# Bad TCP packets we dont want
#
$IPTABLES -A FORWARD -p tcp -j bad_tcp_packets
#
# Accept the packets we actually want to forward between interfaces.
#
$IPTABLES -A FORWARD -p tcp --dport 21 -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -p tcp --dport 80 -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -p tcp --dport 110 -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG
--log-level DEBUG --log-prefix "IPT FORWARD packet died: "
#
# Create separate chains for ICMP, TCP and UDP to traverse
#
$IPTABLES -N icmp_packets
$IPTABLES -N tcp_packets
$IPTABLES -N udpincoming_packets
#
# The allowed chain for TCP connections
#
$IPTABLES -N allowed
$IPTABLES -A allowed -p TCP --syn -j ACCEPT
$IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED
-j ACCEPT
$IPTABLES -A allowed -p TCP -j DROP
#
# ICMP rules
#
# Changed rules totally
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
#
# TCP rules
#
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 21 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 113 -j allowed
#
# UDP ports
#
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 53 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 123 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 2074 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 4000 -j ACCEPT
#
# INPUT chain
#
# Bad TCP packets we dont want
#
$IPTABLES -A INPUT -p tcp -j bad_tcp_packets
#
# Rules for incoming packets from anywhere
#
$IPTABLES -A INPUT -p ICMP -j icmp_packets
$IPTABLES -A INPUT -p TCP -j tcp_packets
$IPTABLES -A INPUT -p UDP -j udpincoming_packets
#
# Rules for special networks not part of the Internet
#
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -d $INET_IP -m state --state ESTABLISHED,RELATED
-j ACCEPT
$IPTABLES -A INPUT -m limit --limit 3/minute --limit-burst 3
-j LOG --log-level DEBUG --log-prefix "IPT INPUT packet died: "
#
# OUTPUT chain
#
#
# Bad TCP packets we dont want
#
$IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets
$IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT
$IPTABLES -A OUTPUT -m limit --limit 3/minute --limit-burst 3
-j LOG --log-level DEBUG --log-prefix "IPT OUTPUT packet died: "
<<less###########
# Configuration options, these will speed you up getting this script to
# work with your own setup.
#
# your LANs IP range and localhost IP. /24 means to only use the first 24
# bits of the 32 bit IP adress. the same as netmask 255.255.255.0
#
# INET_IP is used by me to allow myself to do anything to myself, might
# be a security risc but sometimes I want this. If you dont have a static
# IP, I suggest not using this option at all for now but its still
# enabled per default and will add some really nifty security bugs for all
# those who skips reading the documentation=)
LAN_IP="192.168.0.2"
LAN_BCAST_ADRESS="192.168.0.255"
LAN_IFACE="eth1"
LO_IFACE="lo"
LO_IP="127.0.0.1"
INET_IP="194.236.50.155"
INET_IFACE="eth0"
IPTABLES="/usr/local/sbin/iptables"
#########
# Load all required IPTables modules
#
#
# Needed to initially load modules
#
/sbin/depmod -a
#
# Adds some iptables targets like LOG, REJECT and MASQUARADE.
#
/sbin/modprobe ipt_LOG
#/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE
#
# Support for owner matching
#
#/sbin/modprobe ipt_owner
#
# Support for connection tracking of FTP and IRC.
#
#/sbin/modprobe ip_conntrack_ftp
#/sbin/modprobe ip_conntrack_irc
#
# Enable ip_forward, this is critical since it is turned off as defaul in
# Linux.
#
echo "1" > /proc/sys/net/ipv4/ip_forward
#
# Dynamic IP users:
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
#
# Enable simple IP Forwarding and Network Address Translation
#
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP
#
# Set default policies for the INPUT, FORWARD and OUTPUT chains
#
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
#
# bad_tcp_packets chain
#
# Take care of bad TCP packets that we dont want.
#
$IPTABLES -N bad_tcp_packets
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG
--log-prefix "New not syn:"
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
#
# Do some checks for obviously spoofed IPs
#
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 192.168.0.0/16 -j DROP
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 10.0.0.0/8 -j DROP
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 172.16.0.0/12 -j DROP
$IPTABLES -A bad_tcp_packets -i $LAN_IFACE ! -s 192.168.0.0/16 -j DROP
#
# Bad TCP packets we dont want
#
$IPTABLES -A FORWARD -p tcp -j bad_tcp_packets
#
# Accept the packets we actually want to forward between interfaces.
#
$IPTABLES -A FORWARD -p tcp --dport 21 -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -p tcp --dport 80 -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -p tcp --dport 110 -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG
--log-level DEBUG --log-prefix "IPT FORWARD packet died: "
#
# Create separate chains for ICMP, TCP and UDP to traverse
#
$IPTABLES -N icmp_packets
$IPTABLES -N tcp_packets
$IPTABLES -N udpincoming_packets
#
# The allowed chain for TCP connections
#
$IPTABLES -N allowed
$IPTABLES -A allowed -p TCP --syn -j ACCEPT
$IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED
-j ACCEPT
$IPTABLES -A allowed -p TCP -j DROP
#
# ICMP rules
#
# Changed rules totally
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
#
# TCP rules
#
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 21 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 113 -j allowed
#
# UDP ports
#
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 53 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 123 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 2074 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 4000 -j ACCEPT
#
# INPUT chain
#
# Bad TCP packets we dont want
#
$IPTABLES -A INPUT -p tcp -j bad_tcp_packets
#
# Rules for incoming packets from anywhere
#
$IPTABLES -A INPUT -p ICMP -j icmp_packets
$IPTABLES -A INPUT -p TCP -j tcp_packets
$IPTABLES -A INPUT -p UDP -j udpincoming_packets
#
# Rules for special networks not part of the Internet
#
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -d $INET_IP -m state --state ESTABLISHED,RELATED
-j ACCEPT
$IPTABLES -A INPUT -m limit --limit 3/minute --limit-burst 3
-j LOG --log-level DEBUG --log-prefix "IPT INPUT packet died: "
#
# OUTPUT chain
#
#
# Bad TCP packets we dont want
#
$IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets
$IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT
$IPTABLES -A OUTPUT -m limit --limit 3/minute --limit-burst 3
-j LOG --log-level DEBUG --log-prefix "IPT OUTPUT packet died: "
Download (MB)
Added: 2007-02-13 License: GPL (GNU General Public License) Price:
985 downloads
Pax Logging 0.9.2
Pax Logging is a consolidation effort that aims to make all existing logging APIs in the Java world available. more>>
Pax Logging is a consolidation effort that aims to make all existing logging APIs in the Java world available for OSGi developments, driven by a Log4J backend.
Each legacy API is loaded as its own bundle. The logging service can be reloaded at run-time.
Main features:
- Log4J driving the backend implementation.
- Log4J API supported.
- Jakarta Commons Logging API supported.
- Pax Logging Service implements the standard OSGi Log Service API.
- JDK Logging API support.
- Avalon Logger API support.
- SLF4J API support.
- Knopflerfish Log service support.
<<lessEach legacy API is loaded as its own bundle. The logging service can be reloaded at run-time.
Main features:
- Log4J driving the backend implementation.
- Log4J API supported.
- Jakarta Commons Logging API supported.
- Pax Logging Service implements the standard OSGi Log Service API.
- JDK Logging API support.
- Avalon Logger API support.
- SLF4J API support.
- Knopflerfish Log service support.
Download (MB)
Added: 2006-08-10 License: GPL (GNU General Public License) Price:
1172 downloads
PIX Logging Architecture 2.00
PIX Logging Architecture is a project allowing for correlation of Cisco PIX Firewall traffic. more>>
PIX Logging Architecture [PLA] is a project allowing for correlation of Cisco PIX Firewall Traffic and IDS Logs.
Centralization of the logs is provided using a MySQL database, supported by a Web-based frontend for Log Viewing, Searching, and Event Management.
PLA is completely coded in the Perl programming language, and uses various Perl modules including Perl::DBI and
Perl::CGI.
Main features:
- Parsing of Cisco PIX Syslog Messages
- Centralized MySQL Database Logging
- Multiple Firewall Support
- Web-based frontend for:
- Cisco PIX Traffic Logs
- Cisco PIX IDS Logs
- Searching Cisco PIX Traffic and IDS Logs
- Cisco PIX Traffic and IDS Statistics
- Event Management (Incident Management)
<<lessCentralization of the logs is provided using a MySQL database, supported by a Web-based frontend for Log Viewing, Searching, and Event Management.
PLA is completely coded in the Perl programming language, and uses various Perl modules including Perl::DBI and
Perl::CGI.
Main features:
- Parsing of Cisco PIX Syslog Messages
- Centralized MySQL Database Logging
- Multiple Firewall Support
- Web-based frontend for:
- Cisco PIX Traffic Logs
- Cisco PIX IDS Logs
- Searching Cisco PIX Traffic and IDS Logs
- Cisco PIX Traffic and IDS Statistics
- Event Management (Incident Management)
Download (0.025MB)
Added: 2007-03-25 License: GPL (GNU General Public License) Price:
950 downloads
Packet filtering setup script
Packet filtering setup script by Anthony C. Zboralski. more>>
Packet filtering setup script by Anthony C. Zboralski. Adapted by Didi Damian for iptables version 1.0.0
Sample:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# Set up variables
EXT_IF="eth0"
INT_IF="eth1"
EXT_IP=24.x.x.x/32
INT_IP=192.168.0.1/32
EXT_NET=24.x.x.0/24
INT_NET=192.168.0.0/24
MASQ_NETS="192.168.0.0/24"
LOCAL_ADDRS="127.0.0.0/8 192.168.0.1/32 24.x.x.x/32"
MAIL_RELAY=24.x.x.x/32
SMB_ACCESS="192.168.0.2/32"
SMB_BCAST="192.168.0.255/32"
# Turn on IP forwarding
echo Turning on IP forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
# Load the ip_tables module
echo Loading ip_tables module.
/sbin/modprobe ip_tables || exit 1
# I let the kernel dynamically load the other modules
echo Flush standard tables.
iptables --flush INPUT
iptables --flush OUTPUT
iptables --flush FORWARD
echo Deny everything until firewall setup is completed.
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP
CHAINS=`iptables -n -L |perl -n -e /Chains+(S+)/ && !($1 =~ /^(INPUT|FORWARD|OUTPUT)$/) && print "$1 "`
echo Remove remaining chains:
echo $CHAINS
for chain in $CHAINS; do
iptables --flush $chain
done
# 2nd step cause of dependencies
for chain in $CHAINS; do
iptables --delete-chain $chain
done
for net in $MASQ_NETS; do
# I delete all the rules so you can rerun the scripts without bloating
# your nat entries.
iptables -D POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE 2>/dev/null
iptables -A POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE || exit 1
done
iptables --policy FORWARD ACCEPT
# Create a target for logging and dropping packets
iptables --new LDROP 2>/dev/null
iptables -A LDROP --proto tcp -j LOG --log-level info
--log-prefix "TCP Drop "
iptables -A LDROP --proto udp -j LOG --log-level info
--log-prefix "UDP Drop "
iptables -A LDROP --proto icmp -j LOG --log-level info
--log-prefix "ICMP Drop "
iptables -A LDROP --proto gre -j LOG --log-level info
--log-prefix "GRE Drop "
iptables -A LDROP -f -j LOG --log-level emerg
--log-prefix "FRAG Drop "
iptables -A LDROP -j DROP
# Create a table for watching some accepting rules
iptables --new WATCH 2>/dev/null
iptables -A WATCH -m limit -j LOG --log-level warn --log-prefix "ACCEPT "
iptables -A WATCH -j ACCEPT
echo Special target for local addresses:
iptables --new LOCAL 2>/dev/null
echo $LOCAL_ADDRS
for ip in $LOCAL_ADDRS; do
iptables -A INPUT --dst $ip -j LOCAL
# iptables -A INPUT --src $ip -i ! lo -j LDROP # lame spoof protect
done
echo Authorize mail from mail relay.
iptables -A LOCAL --proto tcp --syn --src $MAIL_RELAY --dst $EXT_IP --dport 25 -j ACCEPT
echo Authorizing samba access to:
echo $SMB_ACCESS
iptables --new SMB 2>/dev/null
for ip in $SMB_ACCESS; do
iptables -A SMB -s $ip -j ACCEPT
done
iptables -A LOCAL --proto udp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 445 -j SMB
iptables -A INPUT -i ! $EXT_IF --dst $SMB_BCAST -j ACCEPT #lame samba broadcast
echo Drop and log every other incoming tcp connection attempts.
iptables -A LOCAL -i ! lo --proto tcp --syn --j LDROP
echo Authorize dns access for local nets.
for net in $MASQ_NETS 127.0.0.0/8; do
iptables -A INPUT --proto udp --src $net --dport 53 -j ACCEPT
done
echo Enforcing up ICMP policies, use iptables -L ICMP to check.
# If you deny all ICMP messages you head for trouble since it would
# break lots of tcp/ip algorythm (acz)
iptables --new ICMP 2>/dev/null
iptables -A INPUT --proto icmp -j ICMP
iptables -A ICMP -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A ICMP -p icmp --icmp-type destination-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type protocol-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type port-unreachable -j ACCEPT
iptables -A ICMP -p icmp --icmp-type fragmentation-needed -j LDROP
iptables -A ICMP -p icmp --icmp-type source-route-failed -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type network-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type communication-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-precedence-violation -j LDROP
iptables -A ICMP -p icmp --icmp-type precedence-cutoff -j LDROP
iptables -A ICMP -p icmp --icmp-type source-quench -j LDROP
iptables -A ICMP -p icmp --icmp-type redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type echo-request -j WATCH
iptables -A ICMP -p icmp --icmp-type router-advertisement -j LDROP
iptables -A ICMP -p icmp --icmp-type router-solicitation -j LDROP
iptables -A ICMP -p icmp --icmp-type time-exceeded -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-transit -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-reassembly -j WATCH
iptables -A ICMP -p icmp --icmp-type parameter-problem -j WATCH
iptables -A ICMP -p icmp --icmp-type ip-header-bad -j WATCH
iptables -A ICMP -p icmp --icmp-type required-option-missing -j WATCH
iptables -A ICMP -p icmp --icmp-type timestamp-request -j LDROP
iptables -A ICMP -p icmp --icmp-type timestamp-reply -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-request -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-reply -j LDROP
iptables -A ICMP -p icmp -j LDROP
echo Authorize tcp traffic.
iptables -A INPUT --proto tcp -j ACCEPT
echo Authorize packet output.
iptables --policy OUTPUT ACCEPT
#echo reject ident if you drop em you gotta wait for timeout
#iptables -I LOCAL --proto tcp --syn --dst $EXT_IP --dport 113 -j REJECT
echo Drop and log all udp below 1024.
iptables -A INPUT -i ! lo --proto udp --dport :1023 -j LDROP
echo Drop rpc dynamic udp port:
RPC_UDP=`rpcinfo -p localhost|perl -n -e /.*udps+(d+)s+/ && print $1,"n"|sort -u`
echo $RPC_UDP
for port in $RPC_UDP; do
iptables -A LOCAL -i ! lo --proto udp --dport $port -j LDROP
done
echo Authorize udp above 1024.
iptables -A INPUT --proto udp --dport 1024: -j ACCEPT
<<lessSample:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# Set up variables
EXT_IF="eth0"
INT_IF="eth1"
EXT_IP=24.x.x.x/32
INT_IP=192.168.0.1/32
EXT_NET=24.x.x.0/24
INT_NET=192.168.0.0/24
MASQ_NETS="192.168.0.0/24"
LOCAL_ADDRS="127.0.0.0/8 192.168.0.1/32 24.x.x.x/32"
MAIL_RELAY=24.x.x.x/32
SMB_ACCESS="192.168.0.2/32"
SMB_BCAST="192.168.0.255/32"
# Turn on IP forwarding
echo Turning on IP forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
# Load the ip_tables module
echo Loading ip_tables module.
/sbin/modprobe ip_tables || exit 1
# I let the kernel dynamically load the other modules
echo Flush standard tables.
iptables --flush INPUT
iptables --flush OUTPUT
iptables --flush FORWARD
echo Deny everything until firewall setup is completed.
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP
CHAINS=`iptables -n -L |perl -n -e /Chains+(S+)/ && !($1 =~ /^(INPUT|FORWARD|OUTPUT)$/) && print "$1 "`
echo Remove remaining chains:
echo $CHAINS
for chain in $CHAINS; do
iptables --flush $chain
done
# 2nd step cause of dependencies
for chain in $CHAINS; do
iptables --delete-chain $chain
done
for net in $MASQ_NETS; do
# I delete all the rules so you can rerun the scripts without bloating
# your nat entries.
iptables -D POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE 2>/dev/null
iptables -A POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE || exit 1
done
iptables --policy FORWARD ACCEPT
# Create a target for logging and dropping packets
iptables --new LDROP 2>/dev/null
iptables -A LDROP --proto tcp -j LOG --log-level info
--log-prefix "TCP Drop "
iptables -A LDROP --proto udp -j LOG --log-level info
--log-prefix "UDP Drop "
iptables -A LDROP --proto icmp -j LOG --log-level info
--log-prefix "ICMP Drop "
iptables -A LDROP --proto gre -j LOG --log-level info
--log-prefix "GRE Drop "
iptables -A LDROP -f -j LOG --log-level emerg
--log-prefix "FRAG Drop "
iptables -A LDROP -j DROP
# Create a table for watching some accepting rules
iptables --new WATCH 2>/dev/null
iptables -A WATCH -m limit -j LOG --log-level warn --log-prefix "ACCEPT "
iptables -A WATCH -j ACCEPT
echo Special target for local addresses:
iptables --new LOCAL 2>/dev/null
echo $LOCAL_ADDRS
for ip in $LOCAL_ADDRS; do
iptables -A INPUT --dst $ip -j LOCAL
# iptables -A INPUT --src $ip -i ! lo -j LDROP # lame spoof protect
done
echo Authorize mail from mail relay.
iptables -A LOCAL --proto tcp --syn --src $MAIL_RELAY --dst $EXT_IP --dport 25 -j ACCEPT
echo Authorizing samba access to:
echo $SMB_ACCESS
iptables --new SMB 2>/dev/null
for ip in $SMB_ACCESS; do
iptables -A SMB -s $ip -j ACCEPT
done
iptables -A LOCAL --proto udp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 445 -j SMB
iptables -A INPUT -i ! $EXT_IF --dst $SMB_BCAST -j ACCEPT #lame samba broadcast
echo Drop and log every other incoming tcp connection attempts.
iptables -A LOCAL -i ! lo --proto tcp --syn --j LDROP
echo Authorize dns access for local nets.
for net in $MASQ_NETS 127.0.0.0/8; do
iptables -A INPUT --proto udp --src $net --dport 53 -j ACCEPT
done
echo Enforcing up ICMP policies, use iptables -L ICMP to check.
# If you deny all ICMP messages you head for trouble since it would
# break lots of tcp/ip algorythm (acz)
iptables --new ICMP 2>/dev/null
iptables -A INPUT --proto icmp -j ICMP
iptables -A ICMP -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A ICMP -p icmp --icmp-type destination-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type protocol-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type port-unreachable -j ACCEPT
iptables -A ICMP -p icmp --icmp-type fragmentation-needed -j LDROP
iptables -A ICMP -p icmp --icmp-type source-route-failed -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type network-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type communication-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-precedence-violation -j LDROP
iptables -A ICMP -p icmp --icmp-type precedence-cutoff -j LDROP
iptables -A ICMP -p icmp --icmp-type source-quench -j LDROP
iptables -A ICMP -p icmp --icmp-type redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type echo-request -j WATCH
iptables -A ICMP -p icmp --icmp-type router-advertisement -j LDROP
iptables -A ICMP -p icmp --icmp-type router-solicitation -j LDROP
iptables -A ICMP -p icmp --icmp-type time-exceeded -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-transit -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-reassembly -j WATCH
iptables -A ICMP -p icmp --icmp-type parameter-problem -j WATCH
iptables -A ICMP -p icmp --icmp-type ip-header-bad -j WATCH
iptables -A ICMP -p icmp --icmp-type required-option-missing -j WATCH
iptables -A ICMP -p icmp --icmp-type timestamp-request -j LDROP
iptables -A ICMP -p icmp --icmp-type timestamp-reply -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-request -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-reply -j LDROP
iptables -A ICMP -p icmp -j LDROP
echo Authorize tcp traffic.
iptables -A INPUT --proto tcp -j ACCEPT
echo Authorize packet output.
iptables --policy OUTPUT ACCEPT
#echo reject ident if you drop em you gotta wait for timeout
#iptables -I LOCAL --proto tcp --syn --dst $EXT_IP --dport 113 -j REJECT
echo Drop and log all udp below 1024.
iptables -A INPUT -i ! lo --proto udp --dport :1023 -j LDROP
echo Drop rpc dynamic udp port:
RPC_UDP=`rpcinfo -p localhost|perl -n -e /.*udps+(d+)s+/ && print $1,"n"|sort -u`
echo $RPC_UDP
for port in $RPC_UDP; do
iptables -A LOCAL -i ! lo --proto udp --dport $port -j LDROP
done
echo Authorize udp above 1024.
iptables -A INPUT --proto udp --dport 1024: -j ACCEPT
Download (MB)
Added: 2007-02-14 License: GPL (GNU General Public License) Price:
984 downloads
Movie2XviD Script 0.2.0
Movie2XviD is a script for encoding a DVD or other movie to AVI (XviD). more>>
Movie2XviD is a script for encoding a DVD or other movie to AVI (XviD).
Auto computing bitrate and hight quality, but it is a little slowly.
Enhancements:
- Add options
- video filter
- help
- new computing bitrate
<<lessAuto computing bitrate and hight quality, but it is a little slowly.
Enhancements:
- Add options
- video filter
- help
- new computing bitrate
Download (0.001MB)
Added: 2007-01-21 License: Perl Artistic License Price:
1007 downloads
Rains PPP scripts 2.9.1
Rains PPP scripts are a set of tools that simplify the use and setup of pppd. more>>
Rains PPP scripts are a set of tools that simplify the use and setup of pppd.
Features include connection time logging, a ppp-off that works right with more than one pppd running, dial-on-demand support for pppd 2.3.x., and more.
Another interesting feature is that the scripts keep track of your connect speed and time, and included is an mirc script to show connection status from a remote machine, as well as a shell script that works for *IX boxes.
Enhancements:
- Made TTL for dyn.db 60 seconds
- --bootup should have been --quiet in ppp-on
- Fixed POSTLOGINSTRING
- Now using low-ascii in the README and ppp-on
- Re-fixed permission problems on /etc/inet.status (I hope)
- Fixed more spelling/grammar
<<lessFeatures include connection time logging, a ppp-off that works right with more than one pppd running, dial-on-demand support for pppd 2.3.x., and more.
Another interesting feature is that the scripts keep track of your connect speed and time, and included is an mirc script to show connection status from a remote machine, as well as a shell script that works for *IX boxes.
Enhancements:
- Made TTL for dyn.db 60 seconds
- --bootup should have been --quiet in ppp-on
- Fixed POSTLOGINSTRING
- Now using low-ascii in the README and ppp-on
- Re-fixed permission problems on /etc/inet.status (I hope)
- Fixed more spelling/grammar
Download (0.020MB)
Added: 2006-09-14 License: GPL (GNU General Public License) Price:
1143 downloads
Short URL Script 1.0
Short URL Script lets you have a URL shortening service under your own domain. more>>
Short URL Script allows you to have a URL shortening service under your own domain.
Short URL Script script can create shorter URLs that do not break in e-mails. As a site owner you can use the script for managing downloads, masking URLs and keeping track of how many times a link has been clicked.
Main features:
- Visitors can enter a URL and create a short URL that redirects to the original URL
- Visitors can enter an individual ID instead of the randomly created string
- Admin area for deactivating, activating, deleting and searching URLs
- Completely template driven
- Installation routine
<<lessShort URL Script script can create shorter URLs that do not break in e-mails. As a site owner you can use the script for managing downloads, masking URLs and keeping track of how many times a link has been clicked.
Main features:
- Visitors can enter a URL and create a short URL that redirects to the original URL
- Visitors can enter an individual ID instead of the randomly created string
- Admin area for deactivating, activating, deleting and searching URLs
- Completely template driven
- Installation routine
Download (0.31MB)
Added: 2006-08-17 License: Free for non-commercial use Price:
720 downloads
logindpostgres 1
logindpostgres is a script that reads SQL select statements from PostgreSQL logs. more>>
logindpostgres is a script that reads SQL select statements from PostgreSQL logs and generates all the indices to optimize the database for each request.
logindpostgres has been tested on 1.2 GB of logs.
<<lesslogindpostgres has been tested on 1.2 GB of logs.
Download (0.008MB)
Added: 2006-09-05 License: GPL (GNU General Public License) Price:
1144 downloads
iTRANS Amarok Script 0.4.4
iTRANS Amarok Script is an amaroK script to get the lyrics of hindi songs using the services provided at www.giitaayan.com more>>
iTRANS Amarok Script is an amaroK script to get the lyrics of hindi songs using the services provided at http://www.giitaayan.com
Idea is to get the iTRANS encoded lyrics in the ISB files and then convert them into UTF-8 to display in the context window. If more than one hit then give the user an option to select the best hit among them.
<<lessIdea is to get the iTRANS encoded lyrics in the ISB files and then convert them into UTF-8 to display in the context window. If more than one hit then give the user an option to select the best hit among them.
Download (0.14MB)
Added: 2007-01-26 License: GPL (GNU General Public License) Price:
1005 downloads
smsjoker-script 2.4
smsjoker-script is a script to send SMS over the SMS-Script-Gateway of http://www.smsjoker.de/ more>>
smsjoker-script is a script to send SMS over the SMS-Script-Gateway of http://www.smsjoker.de/
I use it to send SMS out of kaddressbook in KDE 3.5.x with:
smsjoker-script "%N" "%F"
An other interesting usage is to send an text (like "Merry Christmas and a happy new Year") to every number in an textfile.
Usage: /Path/to/the/script/smsjoker [Options] [Destination] [Text]
If you enter [Destination] you must also enter [Text]
[Destination] can be an number or the path to an textfile with numbers on each line
[Text] can be the SMS-Text or the path to an textfile with the SMS-text in it
If you dont give Destination and Text you come to the interactive-mode
Possible Options:
-t [eigen|anonym] eigen shows your own Cellphone-Number as sender not an standard-one
-d Go to Debug-Mode
-p Enforce Popups
Enhancements:
- Important Update: The IP of the smsjokers http-interface will change. You should update to 2.4 now.
<<lessI use it to send SMS out of kaddressbook in KDE 3.5.x with:
smsjoker-script "%N" "%F"
An other interesting usage is to send an text (like "Merry Christmas and a happy new Year") to every number in an textfile.
Usage: /Path/to/the/script/smsjoker [Options] [Destination] [Text]
If you enter [Destination] you must also enter [Text]
[Destination] can be an number or the path to an textfile with numbers on each line
[Text] can be the SMS-Text or the path to an textfile with the SMS-text in it
If you dont give Destination and Text you come to the interactive-mode
Possible Options:
-t [eigen|anonym] eigen shows your own Cellphone-Number as sender not an standard-one
-d Go to Debug-Mode
-p Enforce Popups
Enhancements:
- Important Update: The IP of the smsjokers http-interface will change. You should update to 2.4 now.
Download (0.008MB)
Added: 2006-12-03 License: GPL (GNU General Public License) Price:
1056 downloads
Icecast amaroK script 0.5
Icecast/Darkice script for amaroK. more>>
Icecast amaroK script is an Icecast/Darkice script for amaroK.
Functions:
- It sends the title of the song being played to an Icecast server.
- It can start your Icecast server and Darkice on amaroK starting
- It allows you to stream what you are listening to in amaroK (in fact everything you are listening to!!!).
Utilisateurs francophones, regardez le tutoriel http://www.trustonme.net/didactels/341.html
<<lessFunctions:
- It sends the title of the song being played to an Icecast server.
- It can start your Icecast server and Darkice on amaroK starting
- It allows you to stream what you are listening to in amaroK (in fact everything you are listening to!!!).
Utilisateurs francophones, regardez le tutoriel http://www.trustonme.net/didactels/341.html
Download (0.030MB)
Added: 2006-05-29 License: GPL (GNU General Public License) Price:
1249 downloads
Advanced Poll Script 2.0.7
Advanced Poll Script provides a polling system with powerful administration tool. more>>
Advanced Poll Script provides a polling system with powerful administration tool.
Advanced Poll is a polling system with powerful administration tool. It features: multiple polls, unlimited options, templates, language support, IP-Logging, IP-Locking, cookie support, comment feature, vote expire feature, random poll support and more. Supports both text file and mySQL database.
<<lessAdvanced Poll is a polling system with powerful administration tool. It features: multiple polls, unlimited options, templates, language support, IP-Logging, IP-Locking, cookie support, comment feature, vote expire feature, random poll support and more. Supports both text file and mySQL database.
Download (0.41MB)
Added: 2007-04-24 License: Free for non-commercial use Price:
921 downloads
Advanced Guestbook Script 2.4.2
Advanced Guestbook Script provides a PHP-based guestbook script. more>>
Advanced Guestbook Script provides a PHP-based guestbook script.
Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, page spanning , picture upload, templates, html tags handling, smilies, advanced guestbook codes and language support. The admin script lets you modify, view, and delete messages.
<<lessAdvanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, page spanning , picture upload, templates, html tags handling, smilies, advanced guestbook codes and language support. The admin script lets you modify, view, and delete messages.
Download (0.48MB)
Added: 2007-04-27 License: GPL (GNU General Public License) Price:
558 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above logging script search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
