network configuration tool
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 4847
Network Configurator 0.1.8
Network Configurator is a network configuration tool. more>>
Network Configurator is a network configuration tool.
Network Configurator is user-level tool that aims to make network configuration more easy. It have command line and GTK+ interface.
Supported network types:
- Ethernet
- PPPoE
- PPTP
- Wi-Fi (no WEP and WPA for now)
- dialup
<<lessNetwork Configurator is user-level tool that aims to make network configuration more easy. It have command line and GTK+ interface.
Supported network types:
- Ethernet
- PPPoE
- PPTP
- Wi-Fi (no WEP and WPA for now)
- dialup
Download (MB)
Added: 2006-07-11 License: GPL (GNU General Public License) Price:
1219 downloads
network-config 0.1
network-config is a simple network configuration tool. more>>
network-config is a simple network configuration tool.
Network-config is a simple and easy to use program that helps configuring the network interfaces for linux-based operating systems. It allows to have multiple configurations for the same computer and to easy configure NAT for internet sharing.
It can also be used to scan for wireless networks. It is written in perl and uses gtk2+, but also works as a command line program.
<<lessNetwork-config is a simple and easy to use program that helps configuring the network interfaces for linux-based operating systems. It allows to have multiple configurations for the same computer and to easy configure NAT for internet sharing.
It can also be used to scan for wireless networks. It is written in perl and uses gtk2+, but also works as a command line program.
Download (0.032MB)
Added: 2006-08-07 License: GPL (GNU General Public License) Price:
1186 downloads
Razer device configuration tool 0.05
The next generation Razer device configuration software bringing the Razer gaming experience more>>
Razer device configuration tool 0.05 is a versatile and very useful razer device configuration tool which can bring the Razer gaming experience to the free OpenSource world. This utility is supposed to replace the old deathaddercfg utility. It features a device HAL library, a python razer HAL module, a commandline tool and a graphical QT tool to configure the devices.
<<less Added: 2009-07-06 License: GPL Price: FREE
18 downloads
Unix configuration extractor 4
The Unix configuration extractor is a script more>> The Unix configuration extractor is a script that runs on the server to extract necessary security configurations. This script doesnt make any changes to the server other than creating the dump files<<less
Download (19KB)
Added: 2009-03-31 License: Freeware Price: Free
206 downloads
Kernel Configuration Comparison 0.2
Kernel Configuration Comparison (kccmp) provides a GUI for comparing two Linux kernel .config files. more>>
Kernel Configuration Comparison (kccmp) provides a GUI for comparing two Linux kernel ".config" files.
It shows configuration variables with different values in a tabular format. It also shows configuration variables found in only one of the input configuration files.
Building:
kccmp by default requires Qt 3.x. However, by changing one line in kccmp.pro you can build against Qt 4.x. Note that the Qt 4.x build requilres libboost_regex as well.
The standard build is as easy as:
example:
% qmake
% make
Usage
% kccmp /path/to/first/.config path/to/second/.config
example:
% kccmp /usr/src/linux/.config /usr/src/linux/.config.old
Enhancements:
- This release was ported to Qt 3.x.
- The requirement for libboost_regex was removed.
- Building with either Qt 4.x or Qt 3.x is now supported.
<<lessIt shows configuration variables with different values in a tabular format. It also shows configuration variables found in only one of the input configuration files.
Building:
kccmp by default requires Qt 3.x. However, by changing one line in kccmp.pro you can build against Qt 4.x. Note that the Qt 4.x build requilres libboost_regex as well.
The standard build is as easy as:
example:
% qmake
% make
Usage
% kccmp /path/to/first/.config path/to/second/.config
example:
% kccmp /usr/src/linux/.config /usr/src/linux/.config.old
Enhancements:
- This release was ported to Qt 3.x.
- The requirement for libboost_regex was removed.
- Building with either Qt 4.x or Qt 3.x is now supported.
Download (0.012MB)
Added: 2005-10-03 License: GPL (GNU General Public License) Price:
1482 downloads
Configuration HOWTO 1.99.8
Configuration HOWTO would be the main documentation for configuring most common hardware and services. more>>
Configuration HOWTO would be the main documentation for configuring most common hardware and services.
This document is one of the most important for LDP, because by configuring hardware and software you can get your own Linux box. This HOWTO was born in the Golden Age of developers, mainly for the command line. As it became too big and old for the current distros, I rewrote it more simple as I could.
Fundamentally, to configure the system, Linux users have to write some configuration files. To do it easyer, today programs and wizards are avaliable to manage them. This programs may be quite different for the various distributions.
In this HOWTO, I will speak about Mandrake-Linux and about Red Hat.
<<lessThis document is one of the most important for LDP, because by configuring hardware and software you can get your own Linux box. This HOWTO was born in the Golden Age of developers, mainly for the command line. As it became too big and old for the current distros, I rewrote it more simple as I could.
Fundamentally, to configure the system, Linux users have to write some configuration files. To do it easyer, today programs and wizards are avaliable to manage them. This programs may be quite different for the various distributions.
In this HOWTO, I will speak about Mandrake-Linux and about Red Hat.
Download (MB)
Added: 2007-01-25 License: LGPL (GNU Lesser General Public License) Price:
1006 downloads
/etc/net Configurator 0.0.7
/etc/net represents a new approach to Linux network configuration tasks. more>>
/etc/net represents a new approach to Linux network configuration tasks. Inspired by the limitations of traditional configuration subsystems, /etc/net provides builtin support for configuration profiles, interface name management, removable device support, full iproute2 command set support, interface dependency resolution, and a QoS configuration framework.
/etc/net provides support for the following interface types: Ethernet, WiFi (WEP), IPv6/IPv6 tunnels, PSK IPSec tunnels, VLAN, PLIP, Ethernet bonding and bridging, traffic equalizer, Pent@NET, usbnet, and PPP. Due to its modular design, support for new interface types can be added without overall design changes.
Main features:
/etc/net provides builtin support for:
- configuration profiles
- interface name management
- removable devices
- full iproute2 command set
- interface dependencies resolution
- QoS configuration framework
- firewall support
/etc/net provides support for the following interface types:
- Ethernet
- WiFi (WEP)
- IPv4/IPv6 tunnels
- PSK IPSec tunnels
- VLAN
- PLIP
- Ethernet bonding and bridging
- traffic equalizer
- usbnet
- PPP (PPtP, PPPoE)
Enhancements:
- This release better matches the option set of /etc/net scripts 0.8.0.
<<less/etc/net provides support for the following interface types: Ethernet, WiFi (WEP), IPv6/IPv6 tunnels, PSK IPSec tunnels, VLAN, PLIP, Ethernet bonding and bridging, traffic equalizer, Pent@NET, usbnet, and PPP. Due to its modular design, support for new interface types can be added without overall design changes.
Main features:
/etc/net provides builtin support for:
- configuration profiles
- interface name management
- removable devices
- full iproute2 command set
- interface dependencies resolution
- QoS configuration framework
- firewall support
/etc/net provides support for the following interface types:
- Ethernet
- WiFi (WEP)
- IPv4/IPv6 tunnels
- PSK IPSec tunnels
- VLAN
- PLIP
- Ethernet bonding and bridging
- traffic equalizer
- usbnet
- PPP (PPtP, PPPoE)
Enhancements:
- This release better matches the option set of /etc/net scripts 0.8.0.
Download (0.017MB)
Added: 2006-01-17 License: GPL (GNU General Public License) Price:
1376 downloads
Network Security Analysis Tool 1.5
Network Security Analysis Tool is a fast, stable bulk security scanner designed to audit remote network services. more>>
Network Security Analysis Tool is a fast, stable bulk security scanner designed to audit remote network services and check for versions, security problems, gather information about the servers and the machine, and much more.
A manpage providing extensive information on NSAT has been included in the distribution. It is available after a make install, or just by typing man doc/nsat.8 from this dir. It is suggested that you inform yourself at least about the -v (scan verbosity) option and edit the configuration file. To learn about changes in this version, please consult doc/CHANGES.
New to this version is support for distributed scanning. The manpage describes how to do a distributed scan. Note that distributed scanning in this version is just a preliminary, proof-of-concept, implementation with no guarantees for its security, reliability, or performance.
Check for updated vulnerability lists, config files, etc. from
http://nsat.sourceforge.net
Currently, these are lists of vulnerabilities:
nsat.cgi (CGI scripts)
nsat.conf (configuration)
src/mod/snmp.h (SNMP community names)
<<lessA manpage providing extensive information on NSAT has been included in the distribution. It is available after a make install, or just by typing man doc/nsat.8 from this dir. It is suggested that you inform yourself at least about the -v (scan verbosity) option and edit the configuration file. To learn about changes in this version, please consult doc/CHANGES.
New to this version is support for distributed scanning. The manpage describes how to do a distributed scan. Note that distributed scanning in this version is just a preliminary, proof-of-concept, implementation with no guarantees for its security, reliability, or performance.
Check for updated vulnerability lists, config files, etc. from
http://nsat.sourceforge.net
Currently, these are lists of vulnerabilities:
nsat.cgi (CGI scripts)
nsat.conf (configuration)
src/mod/snmp.h (SNMP community names)
Download (0.40MB)
Added: 2006-07-14 License: GPL (GNU General Public License) Price:
1204 downloads
Font Configuration Library 2.3.94
Fontconfig is a library for configuring and customizing font access. more>>
Fontconfig is a library for configuring and customizing font access.
Font Configuration Library contains two essential modules, the configuration module which builds an internal configuration from XML files and the matching module which accepts font patterns and returns the nearest matching font.
The configuration module consists of the FcConfig datatype, libexpat and FcConfigParse which walks over an XML tree and ammends a configuration with data found within. From an external perspective, configuration of the library consists of generating a valid XML tree and feeding that to FcConfigParse.
The only other mechanism provided to applications for changing the running configuration is to add fonts and directories to the list of application-provided font files.
The intent is to make font configurations relatively static, and shared by as many applications as possible.
It is hoped that this will lead to more stable font selection when passing names from one application to another. XML was chosen as a configuration file format because it provides a format which is easy for external agents to edit while retaining the correct structure and syntax.
Font configuration is separate from font matching; applications needing to do their own matching can access the available fonts from the library and perform private matching.
The intent is to permit applications to pick and choose appropriate functionality from the library instead of forcing them to choose between this library and a private configuration mechanism.
The hope is that this will ensure that configuration of fonts for all applications can be centralized in one place. Centralizing font configuration will simplify and regularize font installation and customization.
<<lessFont Configuration Library contains two essential modules, the configuration module which builds an internal configuration from XML files and the matching module which accepts font patterns and returns the nearest matching font.
The configuration module consists of the FcConfig datatype, libexpat and FcConfigParse which walks over an XML tree and ammends a configuration with data found within. From an external perspective, configuration of the library consists of generating a valid XML tree and feeding that to FcConfigParse.
The only other mechanism provided to applications for changing the running configuration is to add fonts and directories to the list of application-provided font files.
The intent is to make font configurations relatively static, and shared by as many applications as possible.
It is hoped that this will lead to more stable font selection when passing names from one application to another. XML was chosen as a configuration file format because it provides a format which is easy for external agents to edit while retaining the correct structure and syntax.
Font configuration is separate from font matching; applications needing to do their own matching can access the available fonts from the library and perform private matching.
The intent is to permit applications to pick and choose appropriate functionality from the library instead of forcing them to choose between this library and a private configuration mechanism.
The hope is that this will ensure that configuration of fonts for all applications can be centralized in one place. Centralizing font configuration will simplify and regularize font installation and customization.
Download (1.1MB)
Added: 2006-03-01 License: Freely Distributable Price:
1332 downloads
Emacs Configuration Framework 0.0.5
Emacs Configuration Framework is a versatile configuration package for Emacs. more>>
Emacs Configuration Framework is a versatile configuration package for Emacs. It is meant for users whose Emacs configuration has become so complex that it appears to be unmanageable.
It enables you to write and load the configuration for individual Emacs packages in pieces. You can use it to setup some autoloads for a package when you start Emacs and then do extra configuration after the package has loaded.
This speeds up your Emacs startup without compromising your ability to do complicated things.
Enhancements:
- This release adds a new rc.d/lang directory.
- Modes added: speedbar, semantic, cedet, and ecb.
<<lessIt enables you to write and load the configuration for individual Emacs packages in pieces. You can use it to setup some autoloads for a package when you start Emacs and then do extra configuration after the package has loaded.
This speeds up your Emacs startup without compromising your ability to do complicated things.
Enhancements:
- This release adds a new rc.d/lang directory.
- Modes added: speedbar, semantic, cedet, and ecb.
Download (0.032MB)
Added: 2006-10-09 License: GPL (GNU General Public License) Price:
1111 downloads
Network Management Tool 1.44
Network Management Tool is a tool to manage and monitor the devices on your network. more>>
Manage your network with a free Network Monitoring Software application.
Network Management Tool is an organized way to manage your network. 100% web-based network management.
Manage your network devices with ease. 100% Free Network Managment Software! Manage all your network devices, routers, switches, firewalls, hubs, and more.
Enhancements:
- A display bug that occurred when viewing the comments on a device was fixed.
<<lessNetwork Management Tool is an organized way to manage your network. 100% web-based network management.
Manage your network devices with ease. 100% Free Network Managment Software! Manage all your network devices, routers, switches, firewalls, hubs, and more.
Enhancements:
- A display bug that occurred when viewing the comments on a device was fixed.
Download (0.061MB)
Added: 2006-09-07 License: GPL (GNU General Public License) Price:
1158 downloads
Configuration File Library 1.1
The Configuration File Library (CFL) is a collection of routines for manipulating configuration files. more>>
The Configuration File Library (CFL) is a collection of routines for manipulating configuration files. The project is a portable library fully written from scratch in pure ANSI C.
It is designed to offer for C programmers common routines for manipulating configuration text files.
<<lessIt is designed to offer for C programmers common routines for manipulating configuration text files.
Download (0.38MB)
Added: 2007-05-27 License: GPL (GNU General Public License) Price:
887 downloads
Simple XML Configuration Library 0.3.6
Simple XML Configuration Library an XML library for parsing a simple configuration file format. more>>
Simple XML Configuration Library an XML library for parsing a simple configuration file format.
Simple XML Configuration Library is actively developed for *nix, Mac OS X and *BSD. The goal of the project is to provide a library that can be easily wrapped into other languages such as Python and Java.
Installation:
- run: build.sh
- run: ./configure
- run: make
- run: make install
Enhancements:
- fixed memory leak on name allocations and in Destroy
<<lessSimple XML Configuration Library is actively developed for *nix, Mac OS X and *BSD. The goal of the project is to provide a library that can be easily wrapped into other languages such as Python and Java.
Installation:
- run: build.sh
- run: ./configure
- run: make
- run: make install
Enhancements:
- fixed memory leak on name allocations and in Destroy
Download (0.022MB)
Added: 2006-03-30 License: GPL (GNU General Public License) Price:
1305 downloads
Network Ustadi 0.3.1
Network Ustadi is a Web interface for managing network services. more>>
Network Ustadi is a Web interface for managing network services. It provides firewall management, routing table management, NAT configuration, DHCP server configuration, interface configuration, etc.
To ease the task of network administration, decrease the likelihood of erronous command execution and to maintain all network services from a central point, EnderUNIX SDT anounces the availability of its 9th open-source tool, netUstad.
The tool, designed and coded by one of our developers Ozkan KIRIK, has the capability to generate FreeBSD IPFW and Linux Iptables rulesets. It has been written in C language and includes its own HTTP server.
The newly anounced version provides a web interface for system administrators to add/delete/update IPFW and Iptables rulesets, manage routing table and network interfaces. You can manage your firewall via a TCP/IP connected remote PC, easily.
Enhancements:
- Problems that causes the process to terminate, solved.
- Virtual Server configuration problem fixed.
- Some fixes in nat management module.
<<lessTo ease the task of network administration, decrease the likelihood of erronous command execution and to maintain all network services from a central point, EnderUNIX SDT anounces the availability of its 9th open-source tool, netUstad.
The tool, designed and coded by one of our developers Ozkan KIRIK, has the capability to generate FreeBSD IPFW and Linux Iptables rulesets. It has been written in C language and includes its own HTTP server.
The newly anounced version provides a web interface for system administrators to add/delete/update IPFW and Iptables rulesets, manage routing table and network interfaces. You can manage your firewall via a TCP/IP connected remote PC, easily.
Enhancements:
- Problems that causes the process to terminate, solved.
- Virtual Server configuration problem fixed.
- Some fixes in nat management module.
Download (0.27MB)
Added: 2006-07-04 License: GPL (GNU General Public License) Price:
1210 downloads
Configuration with no services supported
Configuration with no services supported script is for a single host firewall configuration with no services supported. more>>
Configuration with no services supported script is for a single host firewall configuration with no services supported by the firewall machine itself.
Sample:
# USER CONFIGURABLE SECTION
# The name and location of the ipchains utility.
IPTABLES=iptables
# The path to the ipchains executable.
PATH="/usr/local/sbin"
# Our internal network address space and its supporting network device.
OURNET="10.5.0.0/24"
OURBCAST="10.5.0.255"
OURDEV="eth0"
# The outside address and the network device that supports it.
ANYADDR="0/0"
ANYDEV="ppp0"
# The TCP services we wish to allow to pass - "" empty means all ports
# note: comma separated
TCPIN="ssh,ftp,ftp-data"
TCPOUT="smtp,www,ssh,telnet,ftp,ftp-data,irc,http"
# The UDP services we wish to allow to pass - "" empty means all ports
# note: comma separated
UDPIN="domain"
UDPOUT="domain"
# The ICMP services we wish to allow to pass - "" empty means all types
# ref: /usr/include/netinet/ip_icmp.h for type numbers
# note: comma separated
ICMPIN="0,3,11"
ICMPOUT="8,3,11"
# Logging; uncomment the following line to enable logging of datagrams
# that are blocked by the firewall.
# LOGGING=1
# END USER CONFIGURABLE SECTION
####################################
# Flush the Input table rules
echo -n Flushing forward... && {
$IPTABLES -F FORWARD
} && echo done
# We want to deny incoming access by default.
# echo -n Denying incoming access... && {
# $IPTABLES -P FORWARD drop
# } && echo done
# Drop all datagrams destined for this host received from outside.
echo -n Dropping incoming datagrams... && {
$IPTABLES -A INPUT -i $ANYDEV -j DROP
} && echo done
# SPOOFING
# We should not accept any datagrams with a source address matching ours
# from the outside, so we deny them.
echo -n Preventing spoofing... && {
$IPTABLES -A FORWARD -s $OURNET -i $ANYDEV -j DROP
} && echo done
# SMURF
# Disallow ICMP to our broadcast address to prevent "Smurf" style attack.
echo -n Preventing SMURFs... && {
$IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET -j DROP
} && echo done
# We should accept fragments, in iptables we must do this explicitly.
echo -n Accepting fragments... && {
$IPTABLES -A FORWARD -f -j ACCEPT
} && echo done
# TCP
# We will accept all TCP datagrams belonging to an existing connection
# (i.e. having the ACK bit set) for the TCP ports were allowing through.
# This should catch more than 95 % of all valid TCP packets.
echo -n Accepting valid incoming tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -d $OURNET --dports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
echo -n Accepting valid outgoing tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -s $OURNET --sports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
# TCP - INCOMING CONNECTIONS
# We will accept connection requests from the outside only on the
# allowed TCP ports.
echo -n Accepting incoming tcp connections on allowed ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $ANYDEV -d $OURNET --dports $TCPIN --syn -j ACCEPT
} && echo done
# TCP - OUTGOING CONNECTIONS
# We will accept all outgoing tcp connection requests on the allowed TCP ports.
echo -n Accepting outgoing traffic on allowed tcp ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $OURDEV -d $ANYADDR --dports $TCPOUT --syn -j ACCEPT
} && echo done
# UDP - INCOMING
# allow UDP datagrams in on the allowed ports and back.
echo -n Allowing UDP datagrams in on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -d $OURNET --dports $UDPIN -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -s $OURNET --sports $UDPIN -j ACCEPT
} && echo done
# UDP - OUTGOING
# We will allow UDP datagrams out to the allowed ports and back.
echo -n Allowing UDP datagrams out on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -d $ANYADDR --dports $UDPOUT -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -s $ANYADDR --sports $UDPOUT -j ACCEPT
} && echo done
# ICMP - INCOMING
# We will allow ICMP datagrams in of the allowed types.
# echo -n Allowing ICMP datagrams in of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET --icmp-type $ICMPIN -j ACCEPT
# } && echo done
# ICMP - OUTGOING
# We will allow ICMP datagrams out of the allowed types.
# echo -n Allowing ICMP datagrams out of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $OURDEV -d $ANYADDR --icmp-type $ICMPOUT -j ACCEPT
# } && echo done
# DEFAULT and LOGGING
# All remaining datagrams fall through to the default
# rule and are dropped. They will be logged if youve
# configured the LOGGING variable above.
#
# DoS
# enabling Syn-flood protection
echo -n Enabling Syn-flood protection... && {
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling Furtive port scanner protection
echo -n Enabling Furtive port scanner protection... && {
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling ping of death protection
echo -n Enabling ping of death protection... && {
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
} && echo done
if [ "$LOGGING" ]
then
# Log barred TCP
$IPTABLES -A FORWARD -m tcp -p tcp -j LOG
# Log barred UDP
$IPTABLES -A FORWARD -m udp -p udp -j LOG
# Log barred ICMP
$IPTABLES -A FORWARD -m udp -p icmp -j LOG
fi
#
# end.
<<lessSample:
# USER CONFIGURABLE SECTION
# The name and location of the ipchains utility.
IPTABLES=iptables
# The path to the ipchains executable.
PATH="/usr/local/sbin"
# Our internal network address space and its supporting network device.
OURNET="10.5.0.0/24"
OURBCAST="10.5.0.255"
OURDEV="eth0"
# The outside address and the network device that supports it.
ANYADDR="0/0"
ANYDEV="ppp0"
# The TCP services we wish to allow to pass - "" empty means all ports
# note: comma separated
TCPIN="ssh,ftp,ftp-data"
TCPOUT="smtp,www,ssh,telnet,ftp,ftp-data,irc,http"
# The UDP services we wish to allow to pass - "" empty means all ports
# note: comma separated
UDPIN="domain"
UDPOUT="domain"
# The ICMP services we wish to allow to pass - "" empty means all types
# ref: /usr/include/netinet/ip_icmp.h for type numbers
# note: comma separated
ICMPIN="0,3,11"
ICMPOUT="8,3,11"
# Logging; uncomment the following line to enable logging of datagrams
# that are blocked by the firewall.
# LOGGING=1
# END USER CONFIGURABLE SECTION
####################################
# Flush the Input table rules
echo -n Flushing forward... && {
$IPTABLES -F FORWARD
} && echo done
# We want to deny incoming access by default.
# echo -n Denying incoming access... && {
# $IPTABLES -P FORWARD drop
# } && echo done
# Drop all datagrams destined for this host received from outside.
echo -n Dropping incoming datagrams... && {
$IPTABLES -A INPUT -i $ANYDEV -j DROP
} && echo done
# SPOOFING
# We should not accept any datagrams with a source address matching ours
# from the outside, so we deny them.
echo -n Preventing spoofing... && {
$IPTABLES -A FORWARD -s $OURNET -i $ANYDEV -j DROP
} && echo done
# SMURF
# Disallow ICMP to our broadcast address to prevent "Smurf" style attack.
echo -n Preventing SMURFs... && {
$IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET -j DROP
} && echo done
# We should accept fragments, in iptables we must do this explicitly.
echo -n Accepting fragments... && {
$IPTABLES -A FORWARD -f -j ACCEPT
} && echo done
# TCP
# We will accept all TCP datagrams belonging to an existing connection
# (i.e. having the ACK bit set) for the TCP ports were allowing through.
# This should catch more than 95 % of all valid TCP packets.
echo -n Accepting valid incoming tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -d $OURNET --dports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
echo -n Accepting valid outgoing tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -s $OURNET --sports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
# TCP - INCOMING CONNECTIONS
# We will accept connection requests from the outside only on the
# allowed TCP ports.
echo -n Accepting incoming tcp connections on allowed ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $ANYDEV -d $OURNET --dports $TCPIN --syn -j ACCEPT
} && echo done
# TCP - OUTGOING CONNECTIONS
# We will accept all outgoing tcp connection requests on the allowed TCP ports.
echo -n Accepting outgoing traffic on allowed tcp ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $OURDEV -d $ANYADDR --dports $TCPOUT --syn -j ACCEPT
} && echo done
# UDP - INCOMING
# allow UDP datagrams in on the allowed ports and back.
echo -n Allowing UDP datagrams in on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -d $OURNET --dports $UDPIN -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -s $OURNET --sports $UDPIN -j ACCEPT
} && echo done
# UDP - OUTGOING
# We will allow UDP datagrams out to the allowed ports and back.
echo -n Allowing UDP datagrams out on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -d $ANYADDR --dports $UDPOUT -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -s $ANYADDR --sports $UDPOUT -j ACCEPT
} && echo done
# ICMP - INCOMING
# We will allow ICMP datagrams in of the allowed types.
# echo -n Allowing ICMP datagrams in of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET --icmp-type $ICMPIN -j ACCEPT
# } && echo done
# ICMP - OUTGOING
# We will allow ICMP datagrams out of the allowed types.
# echo -n Allowing ICMP datagrams out of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $OURDEV -d $ANYADDR --icmp-type $ICMPOUT -j ACCEPT
# } && echo done
# DEFAULT and LOGGING
# All remaining datagrams fall through to the default
# rule and are dropped. They will be logged if youve
# configured the LOGGING variable above.
#
# DoS
# enabling Syn-flood protection
echo -n Enabling Syn-flood protection... && {
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling Furtive port scanner protection
echo -n Enabling Furtive port scanner protection... && {
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling ping of death protection
echo -n Enabling ping of death protection... && {
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
} && echo done
if [ "$LOGGING" ]
then
# Log barred TCP
$IPTABLES -A FORWARD -m tcp -p tcp -j LOG
# Log barred UDP
$IPTABLES -A FORWARD -m udp -p udp -j LOG
# Log barred ICMP
$IPTABLES -A FORWARD -m udp -p icmp -j LOG
fi
#
# end.
Download (MB)
Added: 2007-02-14 License: GPL (GNU General Public License) Price:
982 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above network configuration tool search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
