Download Shareware and Freeware Software for Windows, Linux, Macintosh, PDA

line Home  |  About Us  |  Link To Us  |  FAQ  |  Contact

Serving Software Downloads in 976 Categories, Downloaded 29.542.331 Times

Fwctl 0.28

  Date Added: August 03, 2010  |  Visits: 675

Fwctl

Report Broken Link
Printer Friendly Version


Product Homepage
Download (71 downloads)



Fwctl is a Perl module to configure the Linux kernel packet filtering firewall. SYNOPSIS use Fwctl; my $fwctl = new Fwctl( %opts ); $fwctl->dump_acct; $fwctl->reset_fw; $fwctl->configure; Fwctl is a module to configure the Linux kernel packet filtering firewall using higher level abstraction than rules on input, output and forward chains. It supports masquerading and accounting as well. Why Fwctl ? Well, say you are the kind of paranoid firewall administrator which likes his firewalls rules tight. Very tight. Say the kind, that likes to distinguish between a SYN and ACK packet when accepting a TCP connection (anybody configuring packet filters should care about that last point), or like to specify the interface name on each rules. (Whether this is really need, or such a stance is relevant, is not the point.) How would such an administrator proceed ? First of all you deny everything on all interfaces and on all chains (input, forward and output) and turn on logging. Now starting from this configuration (in which Fwctl puts the firewall on initialization), say you want to enable ping from the internal network to the internal ip. What rules do you need ? You need a rule on the input chain to accept the echo-request packet and a rule on the output chain to accept the echo-reply request. Right ? Well, what about the loopback. For sure, when we say from local net to local ip, this imply local ip to local ip ? Then you add a rule to the output chain with the loopback interface, and a rule on the input rule to the loopback chain. And we didnt even start forwarding yet ! Add masquerading to the lot and multi connections protocols like FTP and you got something unmanageable. So you start accepting things you shouldnt to get your job done and in the end your filters look like emmenthal. Fwctl handles all the complexity of this, so that when you say accept ftp -src FTP_PROXY -dst INTERNET -noport you dont accept too much of what you didnt intend. (Well you just opened arbitrary TCP connections to unprivileged ports on the Internet from your proxy server, but thats because of the FTP protocol, not because your cheating on the firewall rules.) Fwctl works with entity known as service. A service can be ftp, netbios, ping or anything else. The service abstraction handles all the communication necessary for that application. (The UDP and TCP communication in DNS, or the control, data and passive connections for FTP.) Additionally, to handle all the special case with ANY specification, when the src of dst imply a local IP, or masquerading, in short for Fwctl to be able to deduce the interface implicated by the src and dst portion of a rules you need to provide it with your network topology. Fwctl must guess from your topology the routing decision that will be made in the kernel. In the best of worlds, Fwctl should contains the same routing algorithm as the one in the kernel. Well, it doesnt so if you are using fancy routing feature, Fwctl wont work. In fact, it can only handle something equivalent to simple static routing. You have been warned. So in short, to configure your packet filters with Fwctl you need to Define your network topology using the interfaces file. (Optional) Define meaningful aliases for hosts and networks which are part of your configuration. Implement your security policy using high level abstract rules in the rules file. Finally, Fwctl is extensible. You can easily add services modules using the Fwctl::RuleSet module which contains all the primitive you need to handle all the special cases involved in the input, forward and output chain selection..

Requirements: No special requirements
Platforms: Linux
Keyword: Configure Ftp Fwctl Kernel Libraries Linux Kernel Local Ip Module Need Packet Packet Filtering Perl Module Rules Tcp
Users rating: 0/10

License: Freeware Size: 79.87 KB
USER REVIEWS
More Reviews or Write Review


FWCTL RELATED
Utilities  -  Linux Kernel Monitor 0.3 Alpha
Linux Kernel Monitor is a tool for monitoring and managing linuxs kernel. It has been developed for GNOME, using Glib and Gtk libraries in C language. lkmonitor tries to offer detailed information of the characteristics of the system, as type of...
86.02 KB  
Utilities  -  Kernel Mode Linux 2.4.35.1_001 (For Linux2.4)
Kernel Mode Linux project is a technology which enables us to execute user programs in kernel mode. In Kernel Mode Linux, user programs can be executed as user processes that have the privilege level of kernel mode. The benefit of executing user...
26.62 KB  
Utilities  -  Linux Kernel 2.6.22.5
Linux Kernel is the essential part of Linux, responsible for resource allocation, low-level hardware interfaces, security, simple communications, and basic file system management. Linux is a clone of the operating system Unix, written from...
54.3 MB  
Utilities  -  Linux Kernel 2.6.23 RC3
Linux Kernel is the essential part of Linux, responsible for resource allocation, low-level hardware interfaces, security, simple communications, and basic file system management. Linux is a clone of the operating system Unix, written from...
54 MB  
Utilities  -  Openwall Linux kernel patch 2.4.35-ow2
Openwall Linux kernel patch is a collection of security-related features for the Linux kernel, all configurable via the new Security options configuration section. In addition to the new features, some versions of the patch contain various...
34.82 KB  
Utilities  -  Lanshield Watchdog Linux Kernel Patch 0.1
Lanshield Watchdog Linux Kernel Patch drives an onboard (97317VUL) watchdog which resets the device every ten minutes. Lanshield Watchdog Linux Kernel Patch is for the onboard(97317VUL) watchdog which resets the device every 10 minutes. BOARD:...
3.07 KB  
File Utilities  -  Linux kernel webcams Driver GSPCA / SPCA5xx 01.00.20
With the appearance of the digital world, "creations" are getting slowly detached from their material supports. Images, music, words and algorithms furrow the planet day and night in front of the wide open eyes of the merchants. The...
193.54 KB  
Utilities  -  Linux Kernel State Tracer 2.3.3
Linux Kernel State Tracer(LKST) records information as trace data about events in the Linux Kernel. It records various events like process context switch, send signal, exception, memory allocation, send packet, and so on.
1.06 MB  
Utilities  -  FR1 2.15b
FR1 is a Linux kernel driver that adapts the kernels own software RAID1 driver. Its intelligent in that it doesnt blindly resynchronize a whole mirror component when only a few blocks need resyncing. That can save hours of resync time on a large...
68.61 KB  
Utilities  -  vp-usb-lock 0.2.1
vp-usb-lock is a Linux kernel driver and PAM module that utilizes the PC wireless USB lock and makes it possible to use it as authentication method for your Linux box. It is easy to install, but needs access to the sources of the kernel and PAM...
81.92 KB  
NEW DOWNLOADS IN PROGRAMMING, LIBRARIES
Programming  -  FLEX-db Digital Asset Manager 3.0.9
FLEX-db - an enterprise Digital Asset Manager (DAM). It ingests and links metadata with files, creates thumbnails, and processes files using business rules. FLEX-db has a JSP client, Java app server for file input and output and an EJB metadata...
21.57 MB  
Programming  -  Libicom 0.9.0
The libicom library is a character based dynamicly linked library for Linux. It is used to remotely control the Icom IC-R8500 wide band receiver via an RS232 link. All call and return parameters to the control functions are character string based....
20.48 KB  
Programming  -  dotdesktop 0.3
Dotdesktop library provides ability to parse desktop entry file and access the information in a convenient way. Desktop entry file format is defined by freedesktop.org, it is used to describe information about an application such as the name and...
327.68 KB  
Programming  -  Cedalion for Linux 0.2.6
Cedalion is a programming language that allows its users to add new abstractions and define (and use) internal DSLs. Its innovation is in the fact that it uses projectional editing to allow the new abstractions to have no syntactic limitations.
471.04 KB  
Programming  -  libyasl 0.2
Libyasl is a C++ class library to easily realize TCP/UDP/Multicast clientsand servers in IPv4 and IPv6 environments under GNU/Linux systems.
143.36 KB  
Libraries  -  EuGTK 4.8.9
Makes it easy to develop good- looking, fast, cross-platform programs that run on Linux, OS X, and Windows. Euphoria is a very fast interpreted/compiled language with straight-forward syntax. EuGTK allows programming in a clean, object-oriented...
10.68 MB  
Libraries  -  Linux User Group Library Manager 1.0
The LUG Library Manager is a project to help Linux User Groups start their own library. A LUG library is helpful to the community at large because it increases access to information, and gives everyone the opportunity to become more knowledgeable.
5.35 KB  
Libraries  -  Module::MakefilePL::Parse 0.12
Module::MakefilePL::Parse is a Perl module to parse required modules from Makefile.PL. SYNOPSIS use Module::MakefilePL::Parse; open $fh, Makefile.PL; $parser = Module::MakefilePL::Parse->new( join("", ) ); $info = $parser->required;...
8.19 KB  
Libraries  -  sqlpp 0.06
sqlpp Perl package is a SQL preprocessor. sqlpp is a conventional cpp-alike preprocessor taught to understand SQL ( PgSQL, in particular) syntax specificities. In addition to the standard #define/#ifdef/#else/#endif cohort, provides also...
10.24 KB  
Libraries  -  App::SimpleScan::Substitution::Line 2.02
App::SimpleScan::Substitution::Line is a line with optional fixed variable values. SYNOPSIS my $line = App::SimpleScan::Substitution::Line->new(" this "); # Use only this value when substituting " ". $line->fix(substituite =>...
54.27 KB