Free tcp connections active software for linux

conn-close gives us possibility to get rid of entries in ip_conntrack about ESTABLISHED TCP connections that goes through our server.

conn-close script uses hping2 to send spoofed RST packets which will fool conntrack and cause specified connections to be considered by conntrack as closed (now these connections will be in ip_conntrack in CLOSE state), even though RST packets will be more likely discarded by destination host.

Information about connections is read of course from /proc/net/ip_conntrack.

Idea was taken from script seen somewhere on the internet.

Configuration with no services supported script is for a single host firewall configuration with no services supported by the firewall machine itself.

Sample:

# USER CONFIGURABLE SECTION

# The name and location of the ipchains utility.
IPTABLES=iptables

# The path to the ipchains executable.
PATH="/usr/local/sbin"

# Our internal network address space and its supporting network device.
OURNET="10.5.0.0/24"
OURBCAST="10.5.0.255"
OURDEV="eth0"

# The outside address and the network device that supports it.
ANYADDR="0/0"
ANYDEV="ppp0"

# The TCP services we wish to allow to pass - "" empty means all ports
# note: comma separated
TCPIN="ssh,ftp,ftp-data"
TCPOUT="smtp,www,ssh,telnet,ftp,ftp-data,irc,http"

# The UDP services we wish to allow to pass - "" empty means all ports
# note: comma separated
UDPIN="domain"
UDPOUT="domain"

# The ICMP services we wish to allow to pass - "" empty means all types
# ref: /usr/include/netinet/ip_icmp.h for type numbers
# note: comma separated
ICMPIN="0,3,11"
ICMPOUT="8,3,11"

# Logging; uncomment the following line to enable logging of datagrams
# that are blocked by the firewall.
# LOGGING=1

# END USER CONFIGURABLE SECTION
####################################
# Flush the Input table rules
echo -n Flushing forward... && {
$IPTABLES -F FORWARD
} && echo done

# We want to deny incoming access by default.
# echo -n Denying incoming access... && {
# $IPTABLES -P FORWARD drop
# } && echo done

# Drop all datagrams destined for this host received from outside.
echo -n Dropping incoming datagrams... && {
$IPTABLES -A INPUT -i $ANYDEV -j DROP
} && echo done

# SPOOFING
# We should not accept any datagrams with a source address matching ours
# from the outside, so we deny them.
echo -n Preventing spoofing... && {
$IPTABLES -A FORWARD -s $OURNET -i $ANYDEV -j DROP
} && echo done

# SMURF
# Disallow ICMP to our broadcast address to prevent "Smurf" style attack.
echo -n Preventing SMURFs... && {
$IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET -j DROP
} && echo done

# We should accept fragments, in iptables we must do this explicitly.
echo -n Accepting fragments... && {
$IPTABLES -A FORWARD -f -j ACCEPT
} && echo done

# TCP
# We will accept all TCP datagrams belonging to an existing connection
# (i.e. having the ACK bit set) for the TCP ports were allowing through.
# This should catch more than 95 % of all valid TCP packets.
echo -n Accepting valid incoming tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -d $OURNET --dports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
echo -n Accepting valid outgoing tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -s $OURNET --sports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done

# TCP - INCOMING CONNECTIONS
# We will accept connection requests from the outside only on the
# allowed TCP ports.
echo -n Accepting incoming tcp connections on allowed ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $ANYDEV -d $OURNET --dports $TCPIN --syn -j ACCEPT
} && echo done

# TCP - OUTGOING CONNECTIONS
# We will accept all outgoing tcp connection requests on the allowed TCP ports.
echo -n Accepting outgoing traffic on allowed tcp ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $OURDEV -d $ANYADDR --dports $TCPOUT --syn -j ACCEPT
} && echo done

# UDP - INCOMING
# allow UDP datagrams in on the allowed ports and back.
echo -n Allowing UDP datagrams in on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -d $OURNET --dports $UDPIN -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -s $OURNET --sports $UDPIN -j ACCEPT
} && echo done

# UDP - OUTGOING
# We will allow UDP datagrams out to the allowed ports and back.
echo -n Allowing UDP datagrams out on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -d $ANYADDR --dports $UDPOUT -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -s $ANYADDR --sports $UDPOUT -j ACCEPT
} && echo done

# ICMP - INCOMING
# We will allow ICMP datagrams in of the allowed types.
# echo -n Allowing ICMP datagrams in of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET --icmp-type $ICMPIN -j ACCEPT
# } && echo done

# ICMP - OUTGOING
# We will allow ICMP datagrams out of the allowed types.
# echo -n Allowing ICMP datagrams out of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $OURDEV -d $ANYADDR --icmp-type $ICMPOUT -j ACCEPT
# } && echo done

# DEFAULT and LOGGING
# All remaining datagrams fall through to the default
# rule and are dropped. They will be logged if youve
# configured the LOGGING variable above.
#

# DoS
# enabling Syn-flood protection
echo -n Enabling Syn-flood protection... && {
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling Furtive port scanner protection
echo -n Enabling Furtive port scanner protection... && {
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling ping of death protection
echo -n Enabling ping of death protection... && {
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
} && echo done


if [ "$LOGGING" ]
then
# Log barred TCP
$IPTABLES -A FORWARD -m tcp -p tcp -j LOG
# Log barred UDP
$IPTABLES -A FORWARD -m udp -p udp -j LOG
# Log barred ICMP
$IPTABLES -A FORWARD -m udp -p icmp -j LOG
fi
#
# end.

PHP Sessions Management Class is a php class to handle sessions by using a mySQL database for session related data storage providing better security then the default session handler used by PHP.
If you are not familiar with what php sessions are and what are they good for, check out the dedicated chapter in the php manual
If you are familiar with php sessions and you want to use this php class in your projects then remember that to prevent session hijacking, you must not forget to use the regenerate_id() method whenever you do a privilege change in your application
Before usage, make sure you use the session_data.sql file (which is a sql dump file generated with phpMyAdmin) from the install_sql folder to set up the table used by the class
You dont need to modify anything in your previous applications: after instantiating the php class, just use sessions as you would normally.
Note:
The class assumes that there is an active connection to a mySQL database and it does not attempt to create one. This is due to the fact that, usually, there is a config file that holds the database connection related information and another class, or function that handles database connection. If this is not how you do it, you can easily adapt the code by putting the database connection related code in the "open" method of the class.
Enhancements:
- The get_users_online() method is now more accurate as it now runs the garbage collector before getting the number of online users.
- The structure of the MySQL table used by the class was tweaked in so that the "http_user_agent" field was changed from VARCHAR(255) to TEXT to accomodate user agent strings that are longer than 255 characters.
- The "session_data" field was also changed from TEXT to BLOB to help users who store a large amount of data in sessions.

Network Communicator is a simple script for sending and receiving data over TCP/UDP connections.
It can be useful for testing firewall configurations, routing tables, and similar things.
I had originally written two scripts for testing TCP only: a talker and a listener. Upon failure to properly modify them to support UDP only, I made Netcom. It allows the sending and receiving of TCP or UDP data to arbitrary IPs/Ports and optional from/to files.
Im sure there are already tools like this out there like netcat, but wasnt able to get netcat working properly for UDP also. Either way, here you go and enjoy!
Launch Netcom with no options to view the usage.
Enhancements:
- A complete re-write to support arbitrary source/destination and port forwarding (not tunneling).

StdioTunnel project allows you to tunnel arbitrary TCP connections through any shell access connection.

If the connection provides a clear 8-bit data path and allows you to start programs, you can use it with StdioTunnel.

It tunnels TCP connections in much the same way SSH does, but is useful in particular cases where SSH port forwarding is disabled, and it does not require running or changing the configuration of any server processes on either side of the connection.

Once StdioTunnel handshakes, the connection you used to initiate it is no longer available. The local StdioTunnel process will ignore further input. The connection is shut down when you kill the StdioTunnel process at either end.

All that is required for StdioTunnel to make a connection is that the standard input and output of the remote side appear to be connected through an 8-bit clear channel to the standard input and output of the process started by the local side. ssh with the -e none option to turn off the escape character works quite nicely as the connecting process.

Please note that using ANY software, StdioTunnel included, to work-around firewall restrictions may make systems on either side of the firewall more vulnerable to any number of attacks. StdioTunnel may have bugs that make such vulnerabilities even worse. The user takes sole responsibility for any adverse consequences of using this software.

PHP Active Code Library (ACL) is a PHP 5 class used to store and call PHP files that are stored in a database.

The files are stored in a plain text field and not a binary field. PHP ACL also takes care of include/require calls.

If a file includes another file stored in the database, PHP ACL takes care of getting, generating, and including that file.

HTTPTunnel is a simple client/server application for creating an HTTP tunnel between two machines, optionally via a Web proxy.
This is a small application for tunnelling an arbitrary TCP socket connection over HTTP. It can be used, for example, to tunnel traffic out from behind a restrictive firewall that only allows outgoing HTTP web connections.
The basic idea is that you run an instance of the HTTP Tunnel application locally in client mode, that then connects out to another instance that you run at the remote end of the tunnel in server mode.
You then connect to the local client end of the tunnel with the application whose traffic you wish to tunnel, and all communications are then wrapped in HTTP. The tunnel may also go via a HTTP proxy, either explicitly or transparently.
Enhancements:
- This release includes some major bugfixes and improvements in the tunneling error detection and retransmission code.
- It also introduces support for building and running under Cygwin.

tsocks provides transparent network access through a SOCKS version 4 or 5 proxy (usually on a firewall).

SOCKS servers are a form of proxy that are commonly used in firewalled LAN environments to allow access between networks, and often to the Internet. The problem is that most applications dont know how to gain access through SOCKS servers. This means that network based applications that dont understand SOCKS are very limited in networks they can reach. An example of this is simple telnet.

tsocks role is to allow these non SOCKS aware applications (e.g telnet, ssh, ftp etc) to use SOCKS without any modification. It does this by intercepting the calls that applications make to establish network connections and negotating them through a SOCKS server as necessary. If youre on a network firewalled from the internet with a SOCKS server for outside access, telnet cant use this server and thus cant telnet out to the Internet., sou you cannot get out.

tsocks is based on the shared library interceptor concept. Through use of the LD_PRELOAD environment variable or the /etc/ld.so.preload file tsocks is automatically loaded into the process space of every executed program. From there it overrides the normal connect() function by providing its own. Thus when an application calls connect() to establish a TCP connection it instead passes control to tsocks. tsocks determines if the connection needs to be made via a SOCKS server (by checking /etc/tsocks.conf) and negotiates the connection if so (through use of the real connect() function )