Schwer Log

Firewall Script

Tuesday, June 29th, 2004



#!/bin/bash

# a firewall script i wrote myself!

# 06 Jan. 2003

# chkconfig: 2345 25 90

# description: packet filtering firewall
_start()

{

        # enable the kernel's spoof protection

        echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
        # Delete old iptables rules

        # and temporarily block all traffic.

        iptables -P OUTPUT DROP

        iptables -P INPUT DROP

        iptables -P FORWARD DROP

        iptables -F
        # set a default DROP policies except for output

        iptables -P INPUT DROP

        iptables -P OUTPUT ACCEPT

        iptables -P FORWARD DROP
        # allow all local traffic

        iptables -A INPUT -i lo -j ACCEPT
        # allow all established traffic

        iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
        # drop un-associated packets

        iptables -A INPUT -m state --state INVALID -j DROP
        # drop ICMP pings

        iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
        # things to accept

        # http

        # iptables -A INPUT -p tcp -d 192.9.202.129 --dport 80 -j ACCEPT

        # ssh

        # iptables -A INPUT -p tcp -d 192.9.202.129 --dport 30 -j ACCEPT
        # drop any broadcast messages

        iptables -A INPUT -d  ! 192.9.202.129 -j DROP
        # log and drop everything else

        iptables -A INPUT -m limit -j LOG --log-prefix "FIREWALL: "

        iptables -A INPUT -j DROP

}
_stop()

{

        # flush rules

        iptables -F
        # zero counters

        iptables -Z
        # set policy back to ACCEPT

        iptables -P INPUT ACCEPT

        iptables -P OUTPUT ACCEPT

        iptables -P FORWARD ACCEPT

}
case "$1" in

        start)

                echo -n "Starting firewall: "

                _start

                echo done

                ;;

        stop)

                echo -n "Stoping firewall: "

                _stop

                echo done

                ;;

        restart)

                $0 stop

                $0 start

                ;;

        status)

                iptables -L

                ;;

        *)

                echo "Usage: $0 {start|stop|restart|status}"

                exit 1

                ;;

esac

exit 0

Posted in Uncategorized | No Comments »

Get an interface’s information

Monday, March 15th, 2004

Here is a bit of code to get an interface’s information; including the interface name, and MAC address:

(more…)

Posted in Uncategorized | No Comments »

Did I mention we are hosting a Sonic.net wireless hotspot? Well we are. I doubt that we will make any money off of it, because a. I haven’t told my neighbors about it, and b. I’m not sure how technically inclined my neighbors are.

In any case it allows me to have a secure wireless network in my house. The connection goes through an IPSec tunnel, so there’s no eavesdropping, and is authenticated on the Sonic.net side, so I know who is using my connection. Also the wireless network is on its own network seperate from the private LAN; which makes me feel better about using the usually insecure medium that is wireless.

For those interested I have some code to add to the Cisco VPN client start up script. It is real basic, it just checks to see if the wireless network you are in is the Sonic.net one, and if so start up the VPN client, otherwise don’t. This way I can roam to different hotspots and not have to hassle with bringing the VPN connection up or down, it is all just automatic. Keep reading for the code.

(more…)

Posted in Uncategorized | No Comments »

alarmClock

Saturday, February 14th, 2004

I added an HFile for C to the CodeBeautifier plugin, and I want to see how it turns out. Click ‘continue reading’ to see the actual code.

alarmClock is a program I wrote last semester for my Systems Programming course. The program is actually two programs; one that is a menu, and the other that is a timer. Signals are sent between the two processes to coordinate the alarm going off, hitting snooze, and quitting the program all together. Here is a sample with the timer set to five seconds, the snooze set at three seconds, and the ring “tone” set to ‘ringing’.

[augie@gohan alarmClock]$ ./alarmClock -t 5 -s 3 ringing wait_for_child
start
ringing
ringing
snooze
ringing
ringing
quiting
wait_for_child
wait_for_child
wait_for_child
wait_for_child
wait_for_child
child exited with code: 8

(more…)

Posted in Uncategorized | No Comments »

Fun with powers of two

Friday, February 13th, 2004

Here is one of the problems we had for Theory of Comp. and my solution. It’s an interesting problem, but really just a an excuse to try out the CodeBeautifier plugin for MT.

4)Write a computer program that finds the smallest power of 2 that starts with a given number k. Run the program for k = 97. (For example, the smallest power of 2 that starts with 54 is 239 = 549755813888.)



#!/usr/bin/perl -w
use strict;

use bignum;
my $prefix = $ARGV[0];

my $test_num;

my $n = 0;

my $bool = 1;
while($bool)

{

	$test_num = 2 ** $n;

	if( $test_num =~ /^($prefix).*/ )

	{ $bool = 0; }

	else

	{ $n = $n + 1; }

}