tbs sports
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 74
SportStat 0.2.2
SportStat is a web based application for the recording and analysis of sports statistics. more>>
SportStat is a web based application for the recording and analysis of sports statistics.
SportStat project was designed to be used by high school teams and athletic departments. Because of this, it is (and unless plans change, will remain) home team centered.
This means that while the program can track your results against other teams, it will not track other teams against each other.
Enhancements:
- The init code was reorganized.
- Better filtering was added in phpMyEdit.
- A better install system was added for the example data.
- Custom queries can be logged.
- Formatting of the reports was improved.
- Numerous bugfixes were made.
<<lessSportStat project was designed to be used by high school teams and athletic departments. Because of this, it is (and unless plans change, will remain) home team centered.
This means that while the program can track your results against other teams, it will not track other teams against each other.
Enhancements:
- The init code was reorganized.
- Better filtering was added in phpMyEdit.
- A better install system was added for the example data.
- Custom queries can be logged.
- Formatting of the reports was improved.
- Numerous bugfixes were made.
Download (0.054MB)
Added: 2005-12-30 License: GPL (GNU General Public License) Price:
1395 downloads
SportsTracker 2.5.1
SportsTracker is an application for recording sporting activities. more>>
SportsTracker is an application for people which want to record their sporting activities. SportsTracker is not bound to a specific kind of sport, the user can create categories for all sport types which are endurance related, such as cycling, running or swimming.
The main advantage is a good overview of your exercises and you can easily create diagrams and statistics for specific time ranges and sport types.
If you own a heartrate monitor with a computer interface you can organize the recorded exercise files by attaching them to the exercise entries and view them on demand. You can also import the data from the exercise files. Users of a Polar device should install PolarViewer for this feature.
All the application data is stored in XML files. So it should be easy to access it with other tools or to write importers and exporters for other applications.
<<lessThe main advantage is a good overview of your exercises and you can easily create diagrams and statistics for specific time ranges and sport types.
If you own a heartrate monitor with a computer interface you can organize the recorded exercise files by attaching them to the exercise entries and view them on demand. You can also import the data from the exercise files. Users of a Polar device should install PolarViewer for this feature.
All the application data is stored in XML files. So it should be easy to access it with other tools or to write importers and exporters for other applications.
Download (0.28MB)
Added: 2007-06-04 License: GPL (GNU General Public License) Price:
878 downloads
StepStats 1.0
StepStats is a smart and simple application that allows you to keep track of your sport successes. more>>
StepStats is a smart and simple application that allows you to keep track of your sport successes. The application is perfectly suitable for all sports, where you want to create stats on distance, time or speed.
Main features:
- simple, understandable interface
- keeps track of date, distance, steps and time
- gives you stats with overall values and a nice graph with your speed
- automatic backup of your data once a week to prevent data loss or corruption
- available for MacOS X, Windows and Linux
- and best of all - It is Freeware
<<lessMain features:
- simple, understandable interface
- keeps track of date, distance, steps and time
- gives you stats with overall values and a nice graph with your speed
- automatic backup of your data once a week to prevent data loss or corruption
- available for MacOS X, Windows and Linux
- and best of all - It is Freeware
Download (2.5MB)
Added: 2007-08-06 License: Freeware Price:
809 downloads
NATting SOHO firewall
NATting SOHO firewall is a firewall script for iptables. more>>
NATting SOHO firewall is a firewall script for iptables.
# Model NATting SOHO firewall for SP article
# by Jay Beale (jay@bastille-linux.org)
#
# Warning: youre going to have to hack this for your own purposes.
#
# Assumptions:
# your internal network is 192.168.1.0/24 on eth1
# your internet IP is 10.0.0.1 on eth0
# your internal network IP on eth1 is 192.168.1.1
#
# Additonally:
# you have another internal network, a DMZ: 192.168.2.0/24 on eth2
$INTERNAL_IP = 192.168.1.1
$INTERNAL_NET = 192.168.1.0/24
$INTERNET = 10.0.0.1
$DMZ = 192.168.2.0/24
# Insert the required kernel modules
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# Set default policies for packets going through this firewall box
iptables -t nat -P PREROUTING DROP
iptables -t nat -P POSTROUTING DROP
iptables -P FORWARD DROP
# Set default policies for packet entering this box
iptables -P OUTPUT ALLOW
iptables -P INPUT ALLOW
# Kill spoofed packets
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done
# Anything coming from our internal network should have only our addresses!
iptables -A FORWARD -i eth1 -s ! $INTERNAL_NET -j DROP
# Anything coming from the Internet should have a real Internet address
iptables -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP
iptables -A FORWARD -i eth0 -s 172.16.0.0/12 -j DROP
iptables -A FORWARD -i eth0 -s 10.0.0.0/8 -j DROP
# Note:There are more "reserved" networks, but these are the classical ones.
# Block outgoing network filesharing protocols that arent designed
# to leave the LAN
# SMB / Windows filesharing
iptables -A FORWARD -p tcp --sport 137:139 -j DROP
iptables -A FORWARD -p udp --sport 137:139 -j DROP
# NFS Mount Service (TCP/UDP 635)
iptables -A FORWARD -p tcp --sport 635 -j DROP
iptables -A FORWARD -p udp --sport 635 -j DROP
# NFS (TCP/UDP 2049)
iptables -A FORWARD -p tcp --sport 2049 -j DROP
iptables -A FORWARD -p udp --sport 2049 -j DROP
# Portmapper (TCP/UDP 111)
iptables -A FORWARD -p tcp --sport 111 -j DROP
iptables -A FORWARD -p udp --sport 111 -j DROP
# Block incoming syslog, lpr, rsh, rexec...
iptables -A FORWARD -i eth0 -p udp --dport syslog -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 515 -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 514 -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 512 -j DROP
###
# Transparently proxy all web-surfing through Squid box
$SQUID = 192.168.1.2:8080
$SQUIDSSL = 192.168.1.2:443
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 80 -j DNAT --to $SQUID
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 443 -j DNAT --to $SQUIDSSL
# Transparently forward all outgoing mail to a relay host
$SMTP = 192.168.1.3
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 25 -j DNAT --to $SMTP
# Transparently redirect web connections from outside to the DMZ web
# server
$DMZ_WEB = 192.168.2.2
iptables -t nat -A PREROUTING -i eth0 -d 192.168.1.1 -dport 80 -j DNAT --to $DMZ_WEB
# Source NAT to get Internet traffic through
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to $INTERNET
# Activate the forwarding!
echo 1 >/proc/sys/net/ipv4/ip_forward
<<less# Model NATting SOHO firewall for SP article
# by Jay Beale (jay@bastille-linux.org)
#
# Warning: youre going to have to hack this for your own purposes.
#
# Assumptions:
# your internal network is 192.168.1.0/24 on eth1
# your internet IP is 10.0.0.1 on eth0
# your internal network IP on eth1 is 192.168.1.1
#
# Additonally:
# you have another internal network, a DMZ: 192.168.2.0/24 on eth2
$INTERNAL_IP = 192.168.1.1
$INTERNAL_NET = 192.168.1.0/24
$INTERNET = 10.0.0.1
$DMZ = 192.168.2.0/24
# Insert the required kernel modules
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# Set default policies for packets going through this firewall box
iptables -t nat -P PREROUTING DROP
iptables -t nat -P POSTROUTING DROP
iptables -P FORWARD DROP
# Set default policies for packet entering this box
iptables -P OUTPUT ALLOW
iptables -P INPUT ALLOW
# Kill spoofed packets
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done
# Anything coming from our internal network should have only our addresses!
iptables -A FORWARD -i eth1 -s ! $INTERNAL_NET -j DROP
# Anything coming from the Internet should have a real Internet address
iptables -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP
iptables -A FORWARD -i eth0 -s 172.16.0.0/12 -j DROP
iptables -A FORWARD -i eth0 -s 10.0.0.0/8 -j DROP
# Note:There are more "reserved" networks, but these are the classical ones.
# Block outgoing network filesharing protocols that arent designed
# to leave the LAN
# SMB / Windows filesharing
iptables -A FORWARD -p tcp --sport 137:139 -j DROP
iptables -A FORWARD -p udp --sport 137:139 -j DROP
# NFS Mount Service (TCP/UDP 635)
iptables -A FORWARD -p tcp --sport 635 -j DROP
iptables -A FORWARD -p udp --sport 635 -j DROP
# NFS (TCP/UDP 2049)
iptables -A FORWARD -p tcp --sport 2049 -j DROP
iptables -A FORWARD -p udp --sport 2049 -j DROP
# Portmapper (TCP/UDP 111)
iptables -A FORWARD -p tcp --sport 111 -j DROP
iptables -A FORWARD -p udp --sport 111 -j DROP
# Block incoming syslog, lpr, rsh, rexec...
iptables -A FORWARD -i eth0 -p udp --dport syslog -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 515 -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 514 -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 512 -j DROP
###
# Transparently proxy all web-surfing through Squid box
$SQUID = 192.168.1.2:8080
$SQUIDSSL = 192.168.1.2:443
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 80 -j DNAT --to $SQUID
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 443 -j DNAT --to $SQUIDSSL
# Transparently forward all outgoing mail to a relay host
$SMTP = 192.168.1.3
iptables -t nat -A PREROUTING -i eth1 -tcp --dport 25 -j DNAT --to $SMTP
# Transparently redirect web connections from outside to the DMZ web
# server
$DMZ_WEB = 192.168.2.2
iptables -t nat -A PREROUTING -i eth0 -d 192.168.1.1 -dport 80 -j DNAT --to $DMZ_WEB
# Source NAT to get Internet traffic through
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to $INTERNET
# Activate the forwarding!
echo 1 >/proc/sys/net/ipv4/ip_forward
Download (MB)
Added: 2007-02-13 License: GPL (GNU General Public License) Price:
987 downloads
the mg2bot 0.64
the mg2bot is an IRC bot that was originally written to do unique channel maintenance. more>>
the mg2bot is an IRC bot that was originally written to do unique channel maintenance but which now sports a homebrew plugin system, increased channel awareness, and a bot networking capability.
Enhancements:
- Added tinyurl plugin
- Added karma plugin
- Fixed rydia plugin
- Worked out a bug or two from 0.62b
- First non-beta release
<<lessEnhancements:
- Added tinyurl plugin
- Added karma plugin
- Fixed rydia plugin
- Worked out a bug or two from 0.62b
- First non-beta release
Download (0.18MB)
Added: 2005-08-26 License: Perl Artistic License Price:
1519 downloads
Lewin Pongs 1.0
Lewin Pongs is an advanced game of pong. more>>
Lewin Pongs is an advanced game of pong.
An advanced game of pong with lots of options. A ball bounces around the screen and you hit it with paddles.
If you miss, your opponent scores, if your opponent misses, you score.
PONG, an adaptation of table tennis to the video screen, was the first commercially successful video game and is widely regarded as ushering in the video game era.
PONG was released by Atari on November 29, 1972.
PONG is a basic simulation of the racket sport of table tennis. A small square representing a ping pong ball travels across the screen in a linear trajectory. If the square strikes the perimeter of the playing field, or one of the simulated paddles, the square ricochets based on the angle of the impact.
Game play consists of players moving their respective paddles vertically to defend their scoring zones. Players score one point by maneuvering the square past their opponents paddle.
PONG can be played either by a single player pitted against a computerized opponent, or by two players each controlling a paddle. In Ataris original PONG arcade cabinets, players controlled their paddles using one of two small paddle controllers (a knob-like input device). Contrastingly, several of the derivative table tennis simulations employed longitudinally-sliding joysticks.
<<lessAn advanced game of pong with lots of options. A ball bounces around the screen and you hit it with paddles.
If you miss, your opponent scores, if your opponent misses, you score.
PONG, an adaptation of table tennis to the video screen, was the first commercially successful video game and is widely regarded as ushering in the video game era.
PONG was released by Atari on November 29, 1972.
PONG is a basic simulation of the racket sport of table tennis. A small square representing a ping pong ball travels across the screen in a linear trajectory. If the square strikes the perimeter of the playing field, or one of the simulated paddles, the square ricochets based on the angle of the impact.
Game play consists of players moving their respective paddles vertically to defend their scoring zones. Players score one point by maneuvering the square past their opponents paddle.
PONG can be played either by a single player pitted against a computerized opponent, or by two players each controlling a paddle. In Ataris original PONG arcade cabinets, players controlled their paddles using one of two small paddle controllers (a knob-like input device). Contrastingly, several of the derivative table tennis simulations employed longitudinally-sliding joysticks.
Download (1.0MB)
Added: 2006-02-23 License: GPL (GNU General Public License) Price:
1340 downloads
Configuration with no services supported
Configuration with no services supported script is for a single host firewall configuration with no services supported. more>>
Configuration with no services supported script is for a single host firewall configuration with no services supported by the firewall machine itself.
Sample:
# USER CONFIGURABLE SECTION
# The name and location of the ipchains utility.
IPTABLES=iptables
# The path to the ipchains executable.
PATH="/usr/local/sbin"
# Our internal network address space and its supporting network device.
OURNET="10.5.0.0/24"
OURBCAST="10.5.0.255"
OURDEV="eth0"
# The outside address and the network device that supports it.
ANYADDR="0/0"
ANYDEV="ppp0"
# The TCP services we wish to allow to pass - "" empty means all ports
# note: comma separated
TCPIN="ssh,ftp,ftp-data"
TCPOUT="smtp,www,ssh,telnet,ftp,ftp-data,irc,http"
# The UDP services we wish to allow to pass - "" empty means all ports
# note: comma separated
UDPIN="domain"
UDPOUT="domain"
# The ICMP services we wish to allow to pass - "" empty means all types
# ref: /usr/include/netinet/ip_icmp.h for type numbers
# note: comma separated
ICMPIN="0,3,11"
ICMPOUT="8,3,11"
# Logging; uncomment the following line to enable logging of datagrams
# that are blocked by the firewall.
# LOGGING=1
# END USER CONFIGURABLE SECTION
####################################
# Flush the Input table rules
echo -n Flushing forward... && {
$IPTABLES -F FORWARD
} && echo done
# We want to deny incoming access by default.
# echo -n Denying incoming access... && {
# $IPTABLES -P FORWARD drop
# } && echo done
# Drop all datagrams destined for this host received from outside.
echo -n Dropping incoming datagrams... && {
$IPTABLES -A INPUT -i $ANYDEV -j DROP
} && echo done
# SPOOFING
# We should not accept any datagrams with a source address matching ours
# from the outside, so we deny them.
echo -n Preventing spoofing... && {
$IPTABLES -A FORWARD -s $OURNET -i $ANYDEV -j DROP
} && echo done
# SMURF
# Disallow ICMP to our broadcast address to prevent "Smurf" style attack.
echo -n Preventing SMURFs... && {
$IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET -j DROP
} && echo done
# We should accept fragments, in iptables we must do this explicitly.
echo -n Accepting fragments... && {
$IPTABLES -A FORWARD -f -j ACCEPT
} && echo done
# TCP
# We will accept all TCP datagrams belonging to an existing connection
# (i.e. having the ACK bit set) for the TCP ports were allowing through.
# This should catch more than 95 % of all valid TCP packets.
echo -n Accepting valid incoming tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -d $OURNET --dports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
echo -n Accepting valid outgoing tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -s $OURNET --sports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
# TCP - INCOMING CONNECTIONS
# We will accept connection requests from the outside only on the
# allowed TCP ports.
echo -n Accepting incoming tcp connections on allowed ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $ANYDEV -d $OURNET --dports $TCPIN --syn -j ACCEPT
} && echo done
# TCP - OUTGOING CONNECTIONS
# We will accept all outgoing tcp connection requests on the allowed TCP ports.
echo -n Accepting outgoing traffic on allowed tcp ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $OURDEV -d $ANYADDR --dports $TCPOUT --syn -j ACCEPT
} && echo done
# UDP - INCOMING
# allow UDP datagrams in on the allowed ports and back.
echo -n Allowing UDP datagrams in on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -d $OURNET --dports $UDPIN -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -s $OURNET --sports $UDPIN -j ACCEPT
} && echo done
# UDP - OUTGOING
# We will allow UDP datagrams out to the allowed ports and back.
echo -n Allowing UDP datagrams out on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -d $ANYADDR --dports $UDPOUT -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -s $ANYADDR --sports $UDPOUT -j ACCEPT
} && echo done
# ICMP - INCOMING
# We will allow ICMP datagrams in of the allowed types.
# echo -n Allowing ICMP datagrams in of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET --icmp-type $ICMPIN -j ACCEPT
# } && echo done
# ICMP - OUTGOING
# We will allow ICMP datagrams out of the allowed types.
# echo -n Allowing ICMP datagrams out of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $OURDEV -d $ANYADDR --icmp-type $ICMPOUT -j ACCEPT
# } && echo done
# DEFAULT and LOGGING
# All remaining datagrams fall through to the default
# rule and are dropped. They will be logged if youve
# configured the LOGGING variable above.
#
# DoS
# enabling Syn-flood protection
echo -n Enabling Syn-flood protection... && {
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling Furtive port scanner protection
echo -n Enabling Furtive port scanner protection... && {
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling ping of death protection
echo -n Enabling ping of death protection... && {
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
} && echo done
if [ "$LOGGING" ]
then
# Log barred TCP
$IPTABLES -A FORWARD -m tcp -p tcp -j LOG
# Log barred UDP
$IPTABLES -A FORWARD -m udp -p udp -j LOG
# Log barred ICMP
$IPTABLES -A FORWARD -m udp -p icmp -j LOG
fi
#
# end.
<<lessSample:
# USER CONFIGURABLE SECTION
# The name and location of the ipchains utility.
IPTABLES=iptables
# The path to the ipchains executable.
PATH="/usr/local/sbin"
# Our internal network address space and its supporting network device.
OURNET="10.5.0.0/24"
OURBCAST="10.5.0.255"
OURDEV="eth0"
# The outside address and the network device that supports it.
ANYADDR="0/0"
ANYDEV="ppp0"
# The TCP services we wish to allow to pass - "" empty means all ports
# note: comma separated
TCPIN="ssh,ftp,ftp-data"
TCPOUT="smtp,www,ssh,telnet,ftp,ftp-data,irc,http"
# The UDP services we wish to allow to pass - "" empty means all ports
# note: comma separated
UDPIN="domain"
UDPOUT="domain"
# The ICMP services we wish to allow to pass - "" empty means all types
# ref: /usr/include/netinet/ip_icmp.h for type numbers
# note: comma separated
ICMPIN="0,3,11"
ICMPOUT="8,3,11"
# Logging; uncomment the following line to enable logging of datagrams
# that are blocked by the firewall.
# LOGGING=1
# END USER CONFIGURABLE SECTION
####################################
# Flush the Input table rules
echo -n Flushing forward... && {
$IPTABLES -F FORWARD
} && echo done
# We want to deny incoming access by default.
# echo -n Denying incoming access... && {
# $IPTABLES -P FORWARD drop
# } && echo done
# Drop all datagrams destined for this host received from outside.
echo -n Dropping incoming datagrams... && {
$IPTABLES -A INPUT -i $ANYDEV -j DROP
} && echo done
# SPOOFING
# We should not accept any datagrams with a source address matching ours
# from the outside, so we deny them.
echo -n Preventing spoofing... && {
$IPTABLES -A FORWARD -s $OURNET -i $ANYDEV -j DROP
} && echo done
# SMURF
# Disallow ICMP to our broadcast address to prevent "Smurf" style attack.
echo -n Preventing SMURFs... && {
$IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET -j DROP
} && echo done
# We should accept fragments, in iptables we must do this explicitly.
echo -n Accepting fragments... && {
$IPTABLES -A FORWARD -f -j ACCEPT
} && echo done
# TCP
# We will accept all TCP datagrams belonging to an existing connection
# (i.e. having the ACK bit set) for the TCP ports were allowing through.
# This should catch more than 95 % of all valid TCP packets.
echo -n Accepting valid incoming tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -d $OURNET --dports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
echo -n Accepting valid outgoing tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -s $OURNET --sports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
# TCP - INCOMING CONNECTIONS
# We will accept connection requests from the outside only on the
# allowed TCP ports.
echo -n Accepting incoming tcp connections on allowed ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $ANYDEV -d $OURNET --dports $TCPIN --syn -j ACCEPT
} && echo done
# TCP - OUTGOING CONNECTIONS
# We will accept all outgoing tcp connection requests on the allowed TCP ports.
echo -n Accepting outgoing traffic on allowed tcp ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $OURDEV -d $ANYADDR --dports $TCPOUT --syn -j ACCEPT
} && echo done
# UDP - INCOMING
# allow UDP datagrams in on the allowed ports and back.
echo -n Allowing UDP datagrams in on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -d $OURNET --dports $UDPIN -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -s $OURNET --sports $UDPIN -j ACCEPT
} && echo done
# UDP - OUTGOING
# We will allow UDP datagrams out to the allowed ports and back.
echo -n Allowing UDP datagrams out on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -d $ANYADDR --dports $UDPOUT -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -s $ANYADDR --sports $UDPOUT -j ACCEPT
} && echo done
# ICMP - INCOMING
# We will allow ICMP datagrams in of the allowed types.
# echo -n Allowing ICMP datagrams in of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET --icmp-type $ICMPIN -j ACCEPT
# } && echo done
# ICMP - OUTGOING
# We will allow ICMP datagrams out of the allowed types.
# echo -n Allowing ICMP datagrams out of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $OURDEV -d $ANYADDR --icmp-type $ICMPOUT -j ACCEPT
# } && echo done
# DEFAULT and LOGGING
# All remaining datagrams fall through to the default
# rule and are dropped. They will be logged if youve
# configured the LOGGING variable above.
#
# DoS
# enabling Syn-flood protection
echo -n Enabling Syn-flood protection... && {
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling Furtive port scanner protection
echo -n Enabling Furtive port scanner protection... && {
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling ping of death protection
echo -n Enabling ping of death protection... && {
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
} && echo done
if [ "$LOGGING" ]
then
# Log barred TCP
$IPTABLES -A FORWARD -m tcp -p tcp -j LOG
# Log barred UDP
$IPTABLES -A FORWARD -m udp -p udp -j LOG
# Log barred ICMP
$IPTABLES -A FORWARD -m udp -p icmp -j LOG
fi
#
# end.
Download (MB)
Added: 2007-02-14 License: GPL (GNU General Public License) Price:
982 downloads
NAT iptables firewall script
NAT iptables firewall script is an iptables firewall script. more>>
NAT iptables firewall script is an iptables firewall script.
This script is meant to be run once per boot the rules will be double added if you try to run it twice if you need to add another rule during runtime, change the -A to a -I to add it to the top of the list of rules if you use -A it will go at the end after the reject rule.
Sample:
# interface definitions
BAD_IFACE=eth0
DMZ_IFACE=eth1
DMZ_ADDR=x.x.x.96/28
GOOD_IFACE=eth2
GOOD_ADDR=192.168.1.0/24
MASQ_SERVER=x.x.x.98
FTP_SERVER=x.x.x.100
MAIL_SERVER=x.x.x.99
MAIL_SERVER_INTERNAL=192.168.1.3
# testing
#set -x
ip route del x.x.x.96/28 dev $BAD_IFACE
ip route del x.x.x.96/28 dev $DMZ_IFACE
ip route add x.x.x.97 dev $BAD_IFACE
ip route add x.x.x.96/28 dev $DMZ_IFACE
# we need proxy arp for the dmz network
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
# turn on ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# turn on antispoofing protection
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f; done
# flush all rules in the filter table
#iptables -F
# flush built in rules
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
# deny everything for now
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP
iptables -A OUTPUT -j DROP
# make the chains to define packet directions
# bad is the internet, dmz is our dmz, good is our masqed network
iptables -N good-dmz
iptables -N bad-dmz
iptables -N good-bad
iptables -N dmz-good
iptables -N dmz-bad
iptables -N bad-good
iptables -N icmp-acc
# accept related packets
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# internal client masqing
iptables -t nat -A POSTROUTING -s $GOOD_ADDR -o $BAD_IFACE -j SNAT --to $MASQ_SERVER
# mail server masqing
iptables -t nat -A PREROUTING -p tcp -d $MAIL_SERVER --dport smtp -j DNAT --to $MAIL_SERVER_INTERNAL:25
iptables -t nat -A PREROUTING -p tcp -d $MAIL_SERVER --dport http -j DNAT --to $MAIL_SERVER_INTERNAL:80
iptables -t nat -A PREROUTING -p tcp -d $MAIL_SERVER --dport https -j DNAT --to $MAIL_SERVER_INTERNAL:443
# to allow the above to work you need something like
# iptables -A bad-good -p tcp --dport smtp -d $MAIL_SERVER_INTERNAL -j ACCEPT
# set which addresses jump to which chains
iptables -A FORWARD -s $GOOD_ADDR -o $DMZ_IFACE -j good-dmz
iptables -A FORWARD -s $GOOD_ADDR -o $BAD_IFACE -j good-bad
iptables -A FORWARD -s $DMZ_ADDR -i $DMZ_IFACE -o $BAD_IFACE -j dmz-bad
iptables -A FORWARD -s $DMZ_ADDR -i $DMZ_IFACE -o $GOOD_IFACE -j dmz-good
iptables -A FORWARD -o $DMZ_IFACE -j bad-dmz
iptables -A FORWARD -o $GOOD_IFACE -j bad-good
# drop anything that doesnt fit these
iptables -A FORWARD -j LOG --log-prefix "chain-jump "
iptables -A FORWARD -j DROP
# icmp acceptance
iptables -A icmp-acc -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A icmp-acc -p icmp --icmp-type source-quench -j ACCEPT
iptables -A icmp-acc -p icmp --icmp-type time-exceeded -j ACCEPT
iptables -A icmp-acc -p icmp --icmp-type echo-request -j ACCEPT
iptables -A icmp-acc -p icmp --icmp-type echo-reply -j ACCEPT
# iptables -A icmp-acc -j LOG --log-prefix "icmp-acc "
iptables -A icmp-acc -j DROP
# from internal to dmz
iptables -A good-dmz -p tcp --dport smtp -j ACCEPT
iptables -A good-dmz -p tcp --dport pop3 -j ACCEPT
iptables -A good-dmz -p udp --dport domain -j ACCEPT
iptables -A good-dmz -p tcp --dport domain -j ACCEPT
iptables -A good-dmz -p tcp --dport www -j ACCEPT
iptables -A good-dmz -p tcp --dport https -j ACCEPT
iptables -A good-dmz -p tcp --dport ssh -j ACCEPT
iptables -A good-dmz -p tcp --dport telnet -j ACCEPT
iptables -A good-dmz -p tcp --dport auth -j ACCEPT
iptables -A good-dmz -p tcp --dport ftp -j ACCEPT
iptables -A good-dmz -p tcp --dport 1521 -j ACCEPT
iptables -A good-dmz -p icmp -j icmp-acc
iptables -A good-dmz -j LOG --log-prefix "good-dmz "
iptables -A good-dmz -j DROP
# from external to dmz
iptables -A bad-dmz -p tcp --dport smtp -j ACCEPT
iptables -A bad-dmz -p udp --dport domain -j ACCEPT
iptables -A bad-dmz -p tcp --dport domain -j ACCEPT
iptables -A bad-dmz -p tcp --dport www -j ACCEPT
iptables -A bad-dmz -p tcp --dport https -j ACCEPT
iptables -A bad-dmz -p tcp --dport ssh -j ACCEPT
iptables -A bad-dmz -p tcp -d $FTP_SERVER --dport ftp -j ACCEPT
iptables -A bad-dmz -p icmp -j icmp-acc
iptables -A bad-dmz -j LOG --log-prefix "bad-dmz "
iptables -A bad-dmz -j DROP
# from internal to external
iptables -A good-bad -j ACCEPT
# iptables -t nat -A POSTROUTING -o $BAD_IFACE -j SNAT --to $MASQ_SERVER
#iptables -A good-bad -p tcp -j MASQ
#iptables -A good-bad -p udp -j MASQ
#iptables -A good-bad -p icmp -j MASQ
#ipchains -A good-bad -p tcp --dport www -j MASQ
#ipchains -A good-bad -p tcp --dport ssh -j MASQ
#ipchains -A good-bad -p udp --dport 33434:33500 -j MASQ
#ipchains -A good-bad -p tcp --dport ftp -j MASQ
#ipchains -A good-bad -p icmp --icmp-type ping -j MASQ
#ipchains -A good-bad -j REJECT -l
# from dmz to internal
# iptables -A dmz-good -p tcp ! --syn --sport smtp -j ACCEPT
iptables -A dmz-good -p tcp --dport smtp -j ACCEPT
iptables -A dmz-good -p tcp --sport smtp -j ACCEPT
iptables -A dmz-good -p udp --sport domain -j ACCEPT
iptables -A dmz-good -p tcp ! --syn --sport domain -j ACCEPT
iptables -A dmz-good -p tcp ! --syn --sport www -j ACCEPT
iptables -A dmz-good -p tcp ! --syn --sport ssh -j ACCEPT
iptables -A dmz-good -p tcp -d 192.168.1.34 --dport smtp -j ACCEPT
iptables -A dmz-good -p icmp -j icmp-acc
iptables -A dmz-good -j LOG --log-prefix "dmz-good "
iptables -A dmz-good -j DROP
# from dmz to external
iptables -A dmz-bad -p tcp --dport smtp -j ACCEPT
iptables -A dmz-bad -p tcp --sport smtp -j ACCEPT
iptables -A dmz-bad -p udp --dport domain -j ACCEPT
iptables -A dmz-bad -p tcp --dport domain -j ACCEPT
iptables -A dmz-bad -p tcp --dport www -j ACCEPT
iptables -A dmz-bad -p tcp --dport https -j ACCEPT
iptables -A dmz-bad -p tcp --dport ssh -j ACCEPT
iptables -A dmz-bad -p tcp --dport ftp -j ACCEPT
iptables -A dmz-bad -p tcp --dport whois -j ACCEPT
iptables -A dmz-bad -p tcp --dport telnet -j ACCEPT
iptables -A dmz-bad -p udp --dport ntp -j ACCEPT
# ipchains -A good-bad -p udp --dport 33434:33500 -j MASQ
iptables -A dmz-bad -p icmp -j icmp-acc
iptables -A dmz-bad -j LOG --log-prefix "dmz-bad "
iptables -A dmz-bad -j DROP
# from external to internal
iptables -A bad-good -p tcp --dport smtp -d $MAIL_SERVER_INTERNAL -j ACCEPT
iptables -A bad-good -p tcp --dport http -d $MAIL_SERVER_INTERNAL -j ACCEPT
iptables -A bad-good -p tcp --dport https -d $MAIL_SERVER_INTERNAL -j ACCEPT
iptables -A bad-good -j LOG --log-prefix "bad-good "
iptables -A bad-good -j REJECT
# rules for this machine itself
iptables -N bad-if
iptables -N dmz-if
iptables -N good-if
# set up the jumps to each chain
iptables -A INPUT -i $BAD_IFACE -j bad-if
iptables -A INPUT -i $DMZ_IFACE -j dmz-if
iptables -A INPUT -i $GOOD_IFACE -j good-if
# external iface
iptables -A bad-if -p icmp -j icmp-acc
iptables -A bad-if -j ACCEPT
#ipchains -A bad-if -i ! ppp0 -j DENY -l
#ipchains -A bad-if -p TCP --dport 61000:65095 -j ACCEPT
#ipchains -A bad-if -p UDP --dport 61000:65095 -j ACCEPT
#ipchains -A bad-if -p ICMP --icmp-type pong -j ACCEPT
#ipchains -A bad-if -j icmp-acc
#ipchains -A bad-if -j DENY
# dmz iface
iptables -A bad-if -p icmp -j icmp-acc
iptables -A dmz-if -j ACCEPT
# internal iface
iptables -A good-if -p tcp --dport ssh -j ACCEPT
iptables -A good-if -p ICMP --icmp-type ping -j ACCEPT
iptables -A good-if -p ICMP --icmp-type pong -j ACCEPT
iptables -A good-if -j icmp-acc
iptables -A good-if -j DROP
# remove the complete blocks
iptables -D INPUT 1
iptables -D FORWARD 1
iptables -D OUTPUT 1
<<lessThis script is meant to be run once per boot the rules will be double added if you try to run it twice if you need to add another rule during runtime, change the -A to a -I to add it to the top of the list of rules if you use -A it will go at the end after the reject rule.
Sample:
# interface definitions
BAD_IFACE=eth0
DMZ_IFACE=eth1
DMZ_ADDR=x.x.x.96/28
GOOD_IFACE=eth2
GOOD_ADDR=192.168.1.0/24
MASQ_SERVER=x.x.x.98
FTP_SERVER=x.x.x.100
MAIL_SERVER=x.x.x.99
MAIL_SERVER_INTERNAL=192.168.1.3
# testing
#set -x
ip route del x.x.x.96/28 dev $BAD_IFACE
ip route del x.x.x.96/28 dev $DMZ_IFACE
ip route add x.x.x.97 dev $BAD_IFACE
ip route add x.x.x.96/28 dev $DMZ_IFACE
# we need proxy arp for the dmz network
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
# turn on ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# turn on antispoofing protection
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f; done
# flush all rules in the filter table
#iptables -F
# flush built in rules
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
# deny everything for now
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP
iptables -A OUTPUT -j DROP
# make the chains to define packet directions
# bad is the internet, dmz is our dmz, good is our masqed network
iptables -N good-dmz
iptables -N bad-dmz
iptables -N good-bad
iptables -N dmz-good
iptables -N dmz-bad
iptables -N bad-good
iptables -N icmp-acc
# accept related packets
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# internal client masqing
iptables -t nat -A POSTROUTING -s $GOOD_ADDR -o $BAD_IFACE -j SNAT --to $MASQ_SERVER
# mail server masqing
iptables -t nat -A PREROUTING -p tcp -d $MAIL_SERVER --dport smtp -j DNAT --to $MAIL_SERVER_INTERNAL:25
iptables -t nat -A PREROUTING -p tcp -d $MAIL_SERVER --dport http -j DNAT --to $MAIL_SERVER_INTERNAL:80
iptables -t nat -A PREROUTING -p tcp -d $MAIL_SERVER --dport https -j DNAT --to $MAIL_SERVER_INTERNAL:443
# to allow the above to work you need something like
# iptables -A bad-good -p tcp --dport smtp -d $MAIL_SERVER_INTERNAL -j ACCEPT
# set which addresses jump to which chains
iptables -A FORWARD -s $GOOD_ADDR -o $DMZ_IFACE -j good-dmz
iptables -A FORWARD -s $GOOD_ADDR -o $BAD_IFACE -j good-bad
iptables -A FORWARD -s $DMZ_ADDR -i $DMZ_IFACE -o $BAD_IFACE -j dmz-bad
iptables -A FORWARD -s $DMZ_ADDR -i $DMZ_IFACE -o $GOOD_IFACE -j dmz-good
iptables -A FORWARD -o $DMZ_IFACE -j bad-dmz
iptables -A FORWARD -o $GOOD_IFACE -j bad-good
# drop anything that doesnt fit these
iptables -A FORWARD -j LOG --log-prefix "chain-jump "
iptables -A FORWARD -j DROP
# icmp acceptance
iptables -A icmp-acc -p icmp --icmp-type destination-unreachable -j ACCEPT
iptables -A icmp-acc -p icmp --icmp-type source-quench -j ACCEPT
iptables -A icmp-acc -p icmp --icmp-type time-exceeded -j ACCEPT
iptables -A icmp-acc -p icmp --icmp-type echo-request -j ACCEPT
iptables -A icmp-acc -p icmp --icmp-type echo-reply -j ACCEPT
# iptables -A icmp-acc -j LOG --log-prefix "icmp-acc "
iptables -A icmp-acc -j DROP
# from internal to dmz
iptables -A good-dmz -p tcp --dport smtp -j ACCEPT
iptables -A good-dmz -p tcp --dport pop3 -j ACCEPT
iptables -A good-dmz -p udp --dport domain -j ACCEPT
iptables -A good-dmz -p tcp --dport domain -j ACCEPT
iptables -A good-dmz -p tcp --dport www -j ACCEPT
iptables -A good-dmz -p tcp --dport https -j ACCEPT
iptables -A good-dmz -p tcp --dport ssh -j ACCEPT
iptables -A good-dmz -p tcp --dport telnet -j ACCEPT
iptables -A good-dmz -p tcp --dport auth -j ACCEPT
iptables -A good-dmz -p tcp --dport ftp -j ACCEPT
iptables -A good-dmz -p tcp --dport 1521 -j ACCEPT
iptables -A good-dmz -p icmp -j icmp-acc
iptables -A good-dmz -j LOG --log-prefix "good-dmz "
iptables -A good-dmz -j DROP
# from external to dmz
iptables -A bad-dmz -p tcp --dport smtp -j ACCEPT
iptables -A bad-dmz -p udp --dport domain -j ACCEPT
iptables -A bad-dmz -p tcp --dport domain -j ACCEPT
iptables -A bad-dmz -p tcp --dport www -j ACCEPT
iptables -A bad-dmz -p tcp --dport https -j ACCEPT
iptables -A bad-dmz -p tcp --dport ssh -j ACCEPT
iptables -A bad-dmz -p tcp -d $FTP_SERVER --dport ftp -j ACCEPT
iptables -A bad-dmz -p icmp -j icmp-acc
iptables -A bad-dmz -j LOG --log-prefix "bad-dmz "
iptables -A bad-dmz -j DROP
# from internal to external
iptables -A good-bad -j ACCEPT
# iptables -t nat -A POSTROUTING -o $BAD_IFACE -j SNAT --to $MASQ_SERVER
#iptables -A good-bad -p tcp -j MASQ
#iptables -A good-bad -p udp -j MASQ
#iptables -A good-bad -p icmp -j MASQ
#ipchains -A good-bad -p tcp --dport www -j MASQ
#ipchains -A good-bad -p tcp --dport ssh -j MASQ
#ipchains -A good-bad -p udp --dport 33434:33500 -j MASQ
#ipchains -A good-bad -p tcp --dport ftp -j MASQ
#ipchains -A good-bad -p icmp --icmp-type ping -j MASQ
#ipchains -A good-bad -j REJECT -l
# from dmz to internal
# iptables -A dmz-good -p tcp ! --syn --sport smtp -j ACCEPT
iptables -A dmz-good -p tcp --dport smtp -j ACCEPT
iptables -A dmz-good -p tcp --sport smtp -j ACCEPT
iptables -A dmz-good -p udp --sport domain -j ACCEPT
iptables -A dmz-good -p tcp ! --syn --sport domain -j ACCEPT
iptables -A dmz-good -p tcp ! --syn --sport www -j ACCEPT
iptables -A dmz-good -p tcp ! --syn --sport ssh -j ACCEPT
iptables -A dmz-good -p tcp -d 192.168.1.34 --dport smtp -j ACCEPT
iptables -A dmz-good -p icmp -j icmp-acc
iptables -A dmz-good -j LOG --log-prefix "dmz-good "
iptables -A dmz-good -j DROP
# from dmz to external
iptables -A dmz-bad -p tcp --dport smtp -j ACCEPT
iptables -A dmz-bad -p tcp --sport smtp -j ACCEPT
iptables -A dmz-bad -p udp --dport domain -j ACCEPT
iptables -A dmz-bad -p tcp --dport domain -j ACCEPT
iptables -A dmz-bad -p tcp --dport www -j ACCEPT
iptables -A dmz-bad -p tcp --dport https -j ACCEPT
iptables -A dmz-bad -p tcp --dport ssh -j ACCEPT
iptables -A dmz-bad -p tcp --dport ftp -j ACCEPT
iptables -A dmz-bad -p tcp --dport whois -j ACCEPT
iptables -A dmz-bad -p tcp --dport telnet -j ACCEPT
iptables -A dmz-bad -p udp --dport ntp -j ACCEPT
# ipchains -A good-bad -p udp --dport 33434:33500 -j MASQ
iptables -A dmz-bad -p icmp -j icmp-acc
iptables -A dmz-bad -j LOG --log-prefix "dmz-bad "
iptables -A dmz-bad -j DROP
# from external to internal
iptables -A bad-good -p tcp --dport smtp -d $MAIL_SERVER_INTERNAL -j ACCEPT
iptables -A bad-good -p tcp --dport http -d $MAIL_SERVER_INTERNAL -j ACCEPT
iptables -A bad-good -p tcp --dport https -d $MAIL_SERVER_INTERNAL -j ACCEPT
iptables -A bad-good -j LOG --log-prefix "bad-good "
iptables -A bad-good -j REJECT
# rules for this machine itself
iptables -N bad-if
iptables -N dmz-if
iptables -N good-if
# set up the jumps to each chain
iptables -A INPUT -i $BAD_IFACE -j bad-if
iptables -A INPUT -i $DMZ_IFACE -j dmz-if
iptables -A INPUT -i $GOOD_IFACE -j good-if
# external iface
iptables -A bad-if -p icmp -j icmp-acc
iptables -A bad-if -j ACCEPT
#ipchains -A bad-if -i ! ppp0 -j DENY -l
#ipchains -A bad-if -p TCP --dport 61000:65095 -j ACCEPT
#ipchains -A bad-if -p UDP --dport 61000:65095 -j ACCEPT
#ipchains -A bad-if -p ICMP --icmp-type pong -j ACCEPT
#ipchains -A bad-if -j icmp-acc
#ipchains -A bad-if -j DENY
# dmz iface
iptables -A bad-if -p icmp -j icmp-acc
iptables -A dmz-if -j ACCEPT
# internal iface
iptables -A good-if -p tcp --dport ssh -j ACCEPT
iptables -A good-if -p ICMP --icmp-type ping -j ACCEPT
iptables -A good-if -p ICMP --icmp-type pong -j ACCEPT
iptables -A good-if -j icmp-acc
iptables -A good-if -j DROP
# remove the complete blocks
iptables -D INPUT 1
iptables -D FORWARD 1
iptables -D OUTPUT 1
Download (MB)
Added: 2007-02-14 License: GPL (GNU General Public License) Price:
603 downloads
Snort::Rule 1.03
Snort::Rule is a Perl extension for dynamically building snort rules. more>>
Snort::Rule is a Perl extension for dynamically building snort rules.
SYNOPSIS
use Snort::Rule;
$rule = Snort::Rule->new(
-action => alert,
-proto => tcp,
-src => any,
-sport => any,
-dir => ->,
-dst => 192.188.1.1,
-dport => 44444,
);
$rule->opts(msg,Test Rule");
$rule->opts(threshold,type limit,track by_src,count 1,seconds 3600);
$rule->opts(sid,500000);
print $rule->string()."n";
OR
$rule = alert tcp $SMTP_SERVERS any -> $EXTERNAL_NET 25 (msg:"BLEEDING-EDGE POLICY SMTP US Top Secret PROPIN"; flow:to_server,established; content:"Subject|3A|"; pcre:"/(TOPsSECRET|TS)//[sw,/-]*PROPIN[sw,/-]*(?=//(25)?X[1-9])/ism"; classtype:policy-violation; sid:2002448; rev:1;);
$rule = Snort::Rule->new(-parse => $rule);
print $rule->string()."n";
This is a very simple snort rule object. It was developed to allow for scripted dynamic rule creation. Ideally you could dynamically take a list of bad hosts and build an array of snort rule objects from that list. Then write that list using the string() method to a snort rules file.
<<lessSYNOPSIS
use Snort::Rule;
$rule = Snort::Rule->new(
-action => alert,
-proto => tcp,
-src => any,
-sport => any,
-dir => ->,
-dst => 192.188.1.1,
-dport => 44444,
);
$rule->opts(msg,Test Rule");
$rule->opts(threshold,type limit,track by_src,count 1,seconds 3600);
$rule->opts(sid,500000);
print $rule->string()."n";
OR
$rule = alert tcp $SMTP_SERVERS any -> $EXTERNAL_NET 25 (msg:"BLEEDING-EDGE POLICY SMTP US Top Secret PROPIN"; flow:to_server,established; content:"Subject|3A|"; pcre:"/(TOPsSECRET|TS)//[sw,/-]*PROPIN[sw,/-]*(?=//(25)?X[1-9])/ism"; classtype:policy-violation; sid:2002448; rev:1;);
$rule = Snort::Rule->new(-parse => $rule);
print $rule->string()."n";
This is a very simple snort rule object. It was developed to allow for scripted dynamic rule creation. Ideally you could dynamically take a list of bad hosts and build an array of snort rule objects from that list. Then write that list using the string() method to a snort rules file.
Download (0.005MB)
Added: 2006-09-02 License: Perl Artistic License Price:
1226 downloads
Hot Potato Online 1.2.0
Hot Potato Online is a fast paced arena sport game where players try to explode the opposition using a short-fused potato bomb. more>>
Hot Potato Online is a fast paced arena sport game where players try to explode the opposition using a short-fused potato bomb. Think dodgeball with a grenade!
The generated environment can be used to bounce, corner, and surprise foes.
Main features:
- Up to 4 players
- Team play
- 3 match types fully configurable
- Single player training "bot"
- 4 types of tiles (ground, solid, bounce, holes)
- Lobby and in-game "emotes"
- Last game and total results
- Potato deflection
- Overtime for first position
- Fullscreen / Window options
- In-game music and sounds
Enhancements:
- Players can join games in progress
- Button clicks can be cancelled
- Updated version system
- MSVCP71.DLL part of installation
- Fixed bug where we could not click buttons in the lobby
- Music can again be turned off (was broken since v. 1.1.0)
- Players will see a black screen while waiting for other players.
- Fixed number of "Killed-KilledBy" when playing in teams.
- Linux specific updates
- Statically linked freeglut and glpng
- Ability to change from fullscreen to window mode and vice versa,
- Fixed crash on clients when the server leaves the game,
- Cursor can be moved while loading the lobby.
<<lessThe generated environment can be used to bounce, corner, and surprise foes.
Main features:
- Up to 4 players
- Team play
- 3 match types fully configurable
- Single player training "bot"
- 4 types of tiles (ground, solid, bounce, holes)
- Lobby and in-game "emotes"
- Last game and total results
- Potato deflection
- Overtime for first position
- Fullscreen / Window options
- In-game music and sounds
Enhancements:
- Players can join games in progress
- Button clicks can be cancelled
- Updated version system
- MSVCP71.DLL part of installation
- Fixed bug where we could not click buttons in the lobby
- Music can again be turned off (was broken since v. 1.1.0)
- Players will see a black screen while waiting for other players.
- Fixed number of "Killed-KilledBy" when playing in teams.
- Linux specific updates
- Statically linked freeglut and glpng
- Ability to change from fullscreen to window mode and vice versa,
- Fixed crash on clients when the server leaves the game,
- Cursor can be moved while loading the lobby.
Download (15.1MB)
Added: 2006-02-06 License: GPL (GNU General Public License) Price:
1356 downloads
Splendid City Sports Scheduler for Unix 6.5.2.1
A full-featured league and tournament sports scheduling software system. more>> <<less
Download (33.1MB)
Added: 2009-04-13 License: Freeware Price: Free
193 downloads
TinyButStrong 3.2.0
TinyButStrong is a template class for PHP that allows you to generate HTML pages using MySQL, PostgreSQL. more>>
TinyButStrong is a template class for PHP that allows you to generate HTML pages using a database like PostgreSQL, MySQL, SQLite in native, and any other databases.
It is possible to design templates using any visual HTML editor (like Dreamweaver or FrontPage).
It features simple block management, useful display formats, conditional displaying for blocks and locators, a cache system, and the ability to include other HTML pages and execute associated scripts.
Main features:
- an connect to any database type (in native: MySql, SQLite, PostgreSQL),
- easy date-time and numeric formats,
- blocks with alternated display,
- multi-columns display,
- conditional display,
- event functions,
- file inclusion and other scripts execution,
- cache system.
Enhancements:
- This is a major version.
- The source is optimized, it is smaller, and it merges faster.
- There are 5 bugs fixed and 7 new features.
- It includes Onload Var fields that can be automatically merged when the template is loaded.
- There are new formats for time without leading zeros.
- The parameter ope can support several operations.
- There are special Var fields to merge PHP constants and to display TBS detailed information.
<<lessIt is possible to design templates using any visual HTML editor (like Dreamweaver or FrontPage).
It features simple block management, useful display formats, conditional displaying for blocks and locators, a cache system, and the ability to include other HTML pages and execute associated scripts.
Main features:
- an connect to any database type (in native: MySql, SQLite, PostgreSQL),
- easy date-time and numeric formats,
- blocks with alternated display,
- multi-columns display,
- conditional display,
- event functions,
- file inclusion and other scripts execution,
- cache system.
Enhancements:
- This is a major version.
- The source is optimized, it is smaller, and it merges faster.
- There are 5 bugs fixed and 7 new features.
- It includes Onload Var fields that can be automatically merged when the template is loaded.
- There are new formats for time without leading zeros.
- The parameter ope can support several operations.
- There are special Var fields to merge PHP constants and to display TBS detailed information.
Download (0.11MB)
Added: 2006-12-05 License: LGPL (GNU Lesser General Public License) Price:
1053 downloads
Peg Solitaire 0.0.1
Peg Solitaire project is a game similar to Hi-Q. more>>
Peg Solitaire project is a game similar to Hi-Q.
It sports a variety of different boards, and crisp and clean SVG graphics.
Initially developed over 6 days using the Anjuta IDE and Glade-2. Lots of code was borrowed from klotksi (gnotski), and some was borrowed from gnobots2.
<<lessIt sports a variety of different boards, and crisp and clean SVG graphics.
Initially developed over 6 days using the Anjuta IDE and Glade-2. Lots of code was borrowed from klotksi (gnotski), and some was borrowed from gnobots2.
Download (0.34MB)
Added: 2007-01-02 License: GPL (GNU General Public License) Price:
1032 downloads
Splendid City Sports Scheduler for Linux 6.5.2.1
A full-featured league and tournament sports scheduling software system. more>> <<less
Download (37.53MB)
Added: 2009-04-12 License: Freeware Price: Free
194 downloads
Run a web server inside LAN
Run a web server inside LAN is a simple script to run a WWW server inside a Local Area Network. more>>
Run a web server inside LAN is a simple script to run a WWW server inside a Local Area Network. Run a web server inside LAN script assume all iptables features are compiled statically in the kernel, or all modules are loaded.
Otherwise you may encounter some surprises trying to utilize the more featureful and creative commandlines that Ive come up with.
Sample:
#external and internal interfaces
EXT=eth0
INT=eth1
# clear everything, and create my cascading chains
iptables -F
iptables -N e0
iptables -N tcpin
iptables -N udpin
# e0 is the name of our chain for eth0
iptables -I INPUT -i $EXT -j e0
# OUTPUT Chain
iptables -A OUTPUT -o $EXT -j DROP -p icmp --icmp-type ! echo-request
# remote gnutella queries were really pissing me off one day
# iptables -A OUTPUT -o $EXT -j DROP -p tcp ! --syn --dport 6346
# iptables -A OUTPUT -o $EXT -j DROP -p tcp ! --syn --sport 6346
# $EXT Chain
# a single rule to accept SYN Packets for multiple ports (up to 15)
iptables -A tcpin -j ACCEPT -p tcp --syn -m multiport --destination-ports 873,993,995,143,80,113,21,22,23,25,53
# stateful connection tracking is wonderful stuff
# ESTABLISHED tcp connections are let through
# If we send a SYN out, the ACK is seen as RELATED
# then further communication is accepted by the ESTABLISHED rule
iptables -A e0 -j ACCEPT -m state --state ESTABLISHED
iptables -A e0 -j ACCEPT -m state --state RELATED
# certain ports I simply DROP
iptables -A tcpin -j DROP -p tcp --syn -m multiport --destination-ports 6346,139
# UDP rules...
iptables -A udpin -j DROP -p udp -m multiport --destination-ports 137,27960
# I run a DNS server, so we must accept UDP packets on port 53
iptables -A udpin -j ACCEPT -p udp -m state --state NEW --destination-port 53
# lets log NEW udp packets on ports 1024:65535, then let them through
iptables -A udpin -j LOG -p udp -m state --state NEW --destination-port 1024:65535 --log-level debug --log-prefix UDPNEW --log-ip-options
iptables -A udpin -j ACCEPT -p udp -m state --state NEW --destination-port 1024:65535
# lets log NEW tcp packets on ports 1024:65535, then let them through
iptables -A tcpin -j LOG -p tcp --syn --destination-port 1024:65535 --log-level debug --log-prefix TCPNEW --log-tcp-options --log-ip-options
iptables -A tcpin -j ACCEPT -p tcp --syn --destination-port 1024:65535
# lets log INVALID or NEW tcp packets on priveleged ports, then DROP
# (remember I have certain ACCEPT rules higher up the chain)
iptables -A tcpin -j LOG -p tcp -m state --state INVALID,NEW --destination-port 1:1023 --log-level warn --log-prefix TCPPRIV --log-tcp-options --log-ip-options
iptables -A tcpin -j DROP -p tcp -m state --state INVALID,NEW --destination-port 1:1023
iptables -A e0 -p tcp -j tcpin
iptables -A e0 -p udp -j udpin
iptables -A e0 -j LOG --log-level debug --log-prefix NETFILTER --log-ip-options -m state --state INVALID,NEW
iptables -A e0 -j DROP
# NAT Rules
# I run a web server inside...
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to-destination 192.168.1.4:80
<<lessOtherwise you may encounter some surprises trying to utilize the more featureful and creative commandlines that Ive come up with.
Sample:
#external and internal interfaces
EXT=eth0
INT=eth1
# clear everything, and create my cascading chains
iptables -F
iptables -N e0
iptables -N tcpin
iptables -N udpin
# e0 is the name of our chain for eth0
iptables -I INPUT -i $EXT -j e0
# OUTPUT Chain
iptables -A OUTPUT -o $EXT -j DROP -p icmp --icmp-type ! echo-request
# remote gnutella queries were really pissing me off one day
# iptables -A OUTPUT -o $EXT -j DROP -p tcp ! --syn --dport 6346
# iptables -A OUTPUT -o $EXT -j DROP -p tcp ! --syn --sport 6346
# $EXT Chain
# a single rule to accept SYN Packets for multiple ports (up to 15)
iptables -A tcpin -j ACCEPT -p tcp --syn -m multiport --destination-ports 873,993,995,143,80,113,21,22,23,25,53
# stateful connection tracking is wonderful stuff
# ESTABLISHED tcp connections are let through
# If we send a SYN out, the ACK is seen as RELATED
# then further communication is accepted by the ESTABLISHED rule
iptables -A e0 -j ACCEPT -m state --state ESTABLISHED
iptables -A e0 -j ACCEPT -m state --state RELATED
# certain ports I simply DROP
iptables -A tcpin -j DROP -p tcp --syn -m multiport --destination-ports 6346,139
# UDP rules...
iptables -A udpin -j DROP -p udp -m multiport --destination-ports 137,27960
# I run a DNS server, so we must accept UDP packets on port 53
iptables -A udpin -j ACCEPT -p udp -m state --state NEW --destination-port 53
# lets log NEW udp packets on ports 1024:65535, then let them through
iptables -A udpin -j LOG -p udp -m state --state NEW --destination-port 1024:65535 --log-level debug --log-prefix UDPNEW --log-ip-options
iptables -A udpin -j ACCEPT -p udp -m state --state NEW --destination-port 1024:65535
# lets log NEW tcp packets on ports 1024:65535, then let them through
iptables -A tcpin -j LOG -p tcp --syn --destination-port 1024:65535 --log-level debug --log-prefix TCPNEW --log-tcp-options --log-ip-options
iptables -A tcpin -j ACCEPT -p tcp --syn --destination-port 1024:65535
# lets log INVALID or NEW tcp packets on priveleged ports, then DROP
# (remember I have certain ACCEPT rules higher up the chain)
iptables -A tcpin -j LOG -p tcp -m state --state INVALID,NEW --destination-port 1:1023 --log-level warn --log-prefix TCPPRIV --log-tcp-options --log-ip-options
iptables -A tcpin -j DROP -p tcp -m state --state INVALID,NEW --destination-port 1:1023
iptables -A e0 -p tcp -j tcpin
iptables -A e0 -p udp -j udpin
iptables -A e0 -j LOG --log-level debug --log-prefix NETFILTER --log-ip-options -m state --state INVALID,NEW
iptables -A e0 -j DROP
# NAT Rules
# I run a web server inside...
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to-destination 192.168.1.4:80
Download (MB)
Added: 2007-02-14 License: GPL (GNU General Public License) Price:
985 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above tbs sports search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
