Free rulesets software for linux

Firestarter is a firewall tool for Linux, and uses GNOME. You can use the wizard to create a basic firewall, then streamline it further using the dynamic rules.
You can open and close ports with a few clicks, or stealth your services giving access only to a select few.
It features a real-time hit monitor which you can watch as attackers probe your machine for open ports.
Main features:
- Open Source software, available free of charge
- User friendly, easy to use, graphical interface
- A wizard walks you through setting up your firewall on your first time
- Suitable for use on desktops, servers and gateways
- Real-time firewall event monitor shows intrusion attempts as they happen
- Enables Internet connection sharing, optionally with DHCP service for the clients
- Allows you to define both inbound and outbound access policy
- Open or stealth ports, shaping your firewalling with just a few mouse clicks
- Enable port forwarding for your local network in just seconds
- Option to whitelist or blacklist traffic
- Real time firewall events view
- View active network connections, including any traffic routed through the firewall
- Advanced Linux kernel tuning features provide protection from flooding, broadcasting and spoofing
- Support for tuning ICMP parameters to stop Denial of Service (DoS) attacks
- Support for tuning ToS parameters to improve services for connected client computers
- Ability to hook up user defined scripts or rulesets before or after firewall activation
- Supports Linux Kernels 2.4 and 2.6
- Translations available for many languages (38 languages as of November 2004)

iptables firewall script is an Linux firewall based on the iptables software.

Sample:

######## START FUNCTIONS #########
scripthelp () {
cat /dev/null 2>&1

Every 5 minutes
*/5 * * * * /path/to/this/script restart > /dev/null 2>&1

refresh
-------

Dumps current rules and reloads them.

stop
----

Dumps current rules and halts firewall.
---------------------------------------------------------

Usage: $0 [start|restart|refresh|stop]

SCRIPTHELP
}

fireme () {
if [ -z "`lsmod|grep iptable_filter`" ];
then
modprobe iptable_filter
fi

#######################################
#---------- Start predefined target rulesets ----------#
#######################################

# On the fly
$PROG -N ONTHEFLY
$PROG -A ONTHEFLY -j LOG --log-level 5 --log-prefix "TL0G_ONTHEFLY: "
$PROG -A ONTHEFLY -j DROP

# DENIED PORTS Privileged (1-1023) Target Ruleset
$PROG -N DENIED_PORT_PRIV
$PROG -A DENIED_PORT_PRIV -m state --state RELATED,ESTABLISHED -j ACCEPT
$PROG -A DENIED_PORT_PRIV -j LOG --log-level 5 --log-prefix "TL0G_DENIED_PORT_PRIV: "
$PROG -A DENIED_PORT_PRIV -j DROP

# DENIED PORTS Unprivileged TCP (1024+) Target Ruleset
$PROG -N DENIED_PORT_UNPRIV_TCP
$PROG -A DENIED_PORT_UNPRIV_TCP -m state --state RELATED,ESTABLISHED -j ACCEPT
$PROG -A DENIED_PORT_UNPRIV_TCP -j LOG --log-level 5 --log-prefix "TL0G_DENIED_PORT_T-UNPRIV: "
$PROG -A DENIED_PORT_UNPRIV_TCP -m state --state NEW,INVALID -j DROP

# DENIED PORTS Unprivileged UDP (1024+) Target Ruleset
$PROG -N DENIED_PORT_UNPRIV_UDP
$PROG -A DENIED_PORT_UNPRIV_UDP -j LOG --log-level 5 --log-prefix "TL0G_DENIED_PORT_U-UNPRIV: "
$PROG -A DENIED_PORT_UNPRIV_UDP -j DROP

#######################################
#---------- End predefined target rulesets ----------#
######################################

# Services
$PROG -A INPUT -p tcp --dport 0:112 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_PRIV
$PROG -A INPUT -p udp --dport 0:112 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_PRIV

$PROG -A INPUT -p tcp --dport 114:1023 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_PRIV
$PROG -A INPUT -p udp --dport 114:1023 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_PRIV

# NFS
$PROG -A INPUT -p tcp --dport 2049 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_TCP
$PROG -A INPUT -p udp --dport 2049 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_UDP

# X11
$PROG -A INPUT -p tcp --dport 6000:6005 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_TCP
$PROG -A INPUT -p udp --dport 6000:6005 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_UDP

# Netbus
$PROG -A INPUT -p tcp --dport 12345:12346 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_TCP
$PROG -A INPUT -p udp --dport 12345:12346 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_UDP

# Deny all else on TCP unless initiated from local machine/network.
# This rule covers NFS, X11, and Netbus listed above, its a catch-all for any TCP
# ports you may have services running on, but dont know what ports they use.
# Prevents an accidental crack attempt via TCP services.
# If you wish to allow any services, or alter the existing rules, they must be
# added BEFORE the rule below.

$PROG -A INPUT -p tcp --dport 1024:65535 -s 0/0 -d $IP -i $IFACE -j DENIED_PORT_UNPRIV_TCP

echo "[ [32;01mOK [0m]"
echo "rc.firewall loaded with IP: $IP and interface: $IFACE."
}

########################### END FUNCTIONS ##########################

##############################################
#----------------- START CONFIGURATION SECTION --------------------#
##############################################
# Set path to iptables program

PROG=/path/to/iptables

# Set interface type, ie; eth0, ppp0

IFACE=""

###############################################
#------------------ END CONFIGURATION SECTION ---------------------#
##############################################

# Test to make sure configuration variables are set, die if not.

if [ ! -x "$PROG" ] || [ -z "$IFACE" ];
then
echo "$PROG is not executable, or interface is not set, exiting."
exit 0
else

# Get current IP address

IP=`ifconfig $IFACE| grep inet| cut -f2 -d:| cut -f1 -d" "`

# Get old IP from last firewall load (if any).
# The purpose of getting OLDIP is so you can use this script in a cron
# job to update the firewall with the current IP, great for dialups
# and other dynamic connections.
# Examples:
# Check every 15 minutes:
# */15 * * * * /path/to/this/script restart > /dev/null 2>&1
# Check every 5 minutes:
# */5 * * * * /path/to/this/script restart > /dev/null 2>&1

OLDIP=`$PROG -n -L INPUT| grep 6005|grep udp| cut -b55-|cut -f1 -d u`

case $1 in

start)
if [ -z "$OLDIP" ];
then
echo -n "Starting firewall..."
fireme
elif [ $IP = $OLDIP ];
then
echo "FIREWALL IS UPDATED."
fi
;;
restart)
echo -n "Restarting firewall..."
if [ -z "`$PROG -n -L INPUT| grep 6005`" ];
then
fireme
elif [ $IP = $OLDIP ];
then
echo "FIREWALL IS UPDATED."
else
for i in DENIED_PORT_PRIV DENIED_PORT_UNPRIV_TCP DENIED_PORT_UNPRIV_UDP ONTHEFLY
do
$PROG -F $i
$PROG -F INPUT
$PROG -F FORWARD
$PROG -X $i
done
fireme
fi
;;
refresh)
echo -n "Resetting firewall..."
if [ -z "`$PROG -n -L INPUT| grep 6005`" ];
then
fireme
else
for i in DENIED_PORT_PRIV DENIED_PORT_UNPRIV_TCP DENIED_PORT_UNPRIV_UDP ONTHEFLY
do
$PROG -F $i
$PROG -F INPUT
$PROG -F FORWARD
$PROG -X $i
done
fireme
fi
;;
stop)
for i in DENIED_PORT_PRIV DENIED_PORT_UNPRIV_TCP DENIED_PORT_UNPRIV_UDP ONTHEFLY
do
$PROG -F $i
$PROG -F INPUT
$PROG -F FORWARD
$PROG -X $i
done
echo "Firewall stopped...[ [32;01mOK [0m]"
;;
*)
echo
scripthelp
;;
esac
fi

TripleA is an open source clone of the popular axis and allies boardgame.
TripleA game supports network play, alternative rule sets, and is easy to customize.
Enhancements:
- A lobby to find players on board, map scaling, an odds calculator, and new maps and rulesets were added.

cp2fwbuilder (Checkpoint Firewall 1 to FwBuilder) helps you to migrate an existing Checkpoint Firewall 1 installation and its rulesets to Linux with iptables or a BSD-based firewall.
This is done by converting the Rulebase- and the Objects- Database from Checkpoint to the FirewallBuilder XML Format.
Remember though, that this program is under development and could eventually do nasty things when doing the translation. especially with things like Userauthentication or Clientauthentication which are not supported under fwbuilder.
To use it, you have the following options
cp2fwbuilder
[--objects=]
[--rules=]
[--all_objs] [--all_services]
[--with_implicit_rules]
[--sort_by_type]
[--verbose] [--version] [--comments]
[--output_xml=]
cp2fwbuilder --objects=objects.C --rules=rulebase.W --output_xml=rulebase.xml
fwbuilder -f rulebase.xml
Enhancements:
- removed quotes from object names

levy is a perl script which generates a basic iptables rulesets based on a given external interface and a set of ports to open. Its design is to save folks some time in creating a skeleton ruleset to work from, though it can construct a fully functional firewall with NAT support.
levy has several run-time options to control what sorts of rulesets to generate: see levy.pl -h for a full list.
Here are some examples for usage:
I want a basic firewall which allows in ports 22, 80, 113 (matching their protocols), logs all dropped connections, aggressively defines reserved addresses, and provides NAT for 192.168.0.0/16. My interface to the internet is eth0 --
./levy.pl eth0 22 80 113 -l -r -m -n 192.168.0.0/16 > firewall.rules
After testing this ruleset, I decide its fine, though I want to open https (443) and set the output as a shell script I can just run:
./levy.pl eth0 22 80 113 143 -e -l -r -m -n 192.168.0.0/16 > firewall.rc
Main features:
- Levy supports creating a restrictive firewall with specific public services, defined subnets for NAT, and defined trusted networks.

Network Ustadi is a Web interface for managing network services. It provides firewall management, routing table management, NAT configuration, DHCP server configuration, interface configuration, etc.
To ease the task of network administration, decrease the likelihood of erronous command execution and to maintain all network services from a central point, EnderUNIX SDT anounces the availability of its 9th open-source tool, netUstad.
The tool, designed and coded by one of our developers Ozkan KIRIK, has the capability to generate FreeBSD IPFW and Linux Iptables rulesets. It has been written in C language and includes its own HTTP server.
The newly anounced version provides a web interface for system administrators to add/delete/update IPFW and Iptables rulesets, manage routing table and network interfaces. You can manage your firewall via a TCP/IP connected remote PC, easily.
Enhancements:
- Problems that causes the process to terminate, solved.
- Virtual Server configuration problem fixed.
- Some fixes in nat management module.

links2world Firewall is a very simple tool writen in C, that helps you generate iptables rules for Linux 2.4.x and newer kernels. Released under GNU General Public License, it is very easy to configure and designed to run on hosts with one or more network interfaces.
Furthermore, they are able to generate iptables rulesets for one or maximum two network interfaces.
Most of the existing iptables script generators are shell scripts. You have to dig in and to look through entire script in order to customize and configure it for your needs.
On the other hand, links2world Firewall uses a very human readable configuration file that is very easy to understand and write. Still more, it does not matter if you have one, two, three or twenty network interfaces, links2world Firewall is able to generate statefull iptables rulesets able to control the packet flows between all the networks your machine is connected to.
Enhancements:
- minor fixes that solved compilation errors when using older compiles

Game::Life - Plays Conways Game of Life.

SYNOPSIS

use Game::Life;
my $game = new Game::Life( 20 );
my $starting = [
[ 1, 1, 1 ],
[ 1, 0, 0 ],
[ 0, 1, 0 ]
];

$game->place_points( 10, 10, $starting );
for (1..20) {
my $grid = $game->get_grid();
foreach ( @$grid ) {
print map { $_ ? X : . } @$_;
print "n";
}
print "nn";
$game->process();
}

Conways Game of Life is a basic example of finding living patterns in rather basic rulesets (see NOTES). The Game of Life takes place on a 2-D rectangular grid, with each grid point being either alive or dead. If a living grid point has 2 or 3 neighbors within the surrounding 8 points, the point will remain alive in the next generation; any fewer or more will kill it. A dead grid point will become alive if there are exactly 3 living neighbors to it. With these simple rules, fascinating structures such as gliders that move across the grid, glider guns that generate these gliders, XOR gates, and others have been found.

This module simply provides a way to simulate the Game of Life in Perl.

In terms of coordinate systems as used in place_points, toggle_point and other functions, the first coodinate is the vertical direction, 0 being the top of the board, and the second is the horizontal direaction, 0 being the left side of the board. Thus, toggling the point of (3,2) will switch the state of the point in the 4th row and 3rd column.

The edges of the board are currently set as "flat"; cells on the edge do not have any neighbors, and thus will fall off the board. Future versions may allow for warp edges (if a cell moves off the left side it reappears on the right side).