Download Shareware and Freeware Software for Windows, Linux, Macintosh, PDA

line Home  |  About Us  |  Link To Us  |  FAQ  |  Contact

Serving Software Downloads in 976 Categories, Downloaded 32.289.431 Times

Fwctl 0.28

  Date Added: August 03, 2010  |  Visits: 707


Report Broken Link
Printer Friendly Version

Product Homepage
Download (71 downloads)

Fwctl is a Perl module to configure the Linux kernel packet filtering firewall. SYNOPSIS use Fwctl; my $fwctl = new Fwctl( %opts ); $fwctl->dump_acct; $fwctl->reset_fw; $fwctl->configure; Fwctl is a module to configure the Linux kernel packet filtering firewall using higher level abstraction than rules on input, output and forward chains. It supports masquerading and accounting as well. Why Fwctl ? Well, say you are the kind of paranoid firewall administrator which likes his firewalls rules tight. Very tight. Say the kind, that likes to distinguish between a SYN and ACK packet when accepting a TCP connection (anybody configuring packet filters should care about that last point), or like to specify the interface name on each rules. (Whether this is really need, or such a stance is relevant, is not the point.) How would such an administrator proceed ? First of all you deny everything on all interfaces and on all chains (input, forward and output) and turn on logging. Now starting from this configuration (in which Fwctl puts the firewall on initialization), say you want to enable ping from the internal network to the internal ip. What rules do you need ? You need a rule on the input chain to accept the echo-request packet and a rule on the output chain to accept the echo-reply request. Right ? Well, what about the loopback. For sure, when we say from local net to local ip, this imply local ip to local ip ? Then you add a rule to the output chain with the loopback interface, and a rule on the input rule to the loopback chain. And we didnt even start forwarding yet ! Add masquerading to the lot and multi connections protocols like FTP and you got something unmanageable. So you start accepting things you shouldnt to get your job done and in the end your filters look like emmenthal. Fwctl handles all the complexity of this, so that when you say accept ftp -src FTP_PROXY -dst INTERNET -noport you dont accept too much of what you didnt intend. (Well you just opened arbitrary TCP connections to unprivileged ports on the Internet from your proxy server, but thats because of the FTP protocol, not because your cheating on the firewall rules.) Fwctl works with entity known as service. A service can be ftp, netbios, ping or anything else. The service abstraction handles all the communication necessary for that application. (The UDP and TCP communication in DNS, or the control, data and passive connections for FTP.) Additionally, to handle all the special case with ANY specification, when the src of dst imply a local IP, or masquerading, in short for Fwctl to be able to deduce the interface implicated by the src and dst portion of a rules you need to provide it with your network topology. Fwctl must guess from your topology the routing decision that will be made in the kernel. In the best of worlds, Fwctl should contains the same routing algorithm as the one in the kernel. Well, it doesnt so if you are using fancy routing feature, Fwctl wont work. In fact, it can only handle something equivalent to simple static routing. You have been warned. So in short, to configure your packet filters with Fwctl you need to Define your network topology using the interfaces file. (Optional) Define meaningful aliases for hosts and networks which are part of your configuration. Implement your security policy using high level abstract rules in the rules file. Finally, Fwctl is extensible. You can easily add services modules using the Fwctl::RuleSet module which contains all the primitive you need to handle all the special cases involved in the input, forward and output chain selection..

Requirements: No special requirements
Platforms: Linux
Keyword: Configure Ftp Fwctl Kernel Libraries Linux Kernel Local Ip Module Need Packet Packet Filtering Perl Module Rules Tcp
Users rating: 0/10

License: Freeware Size: 79.87 KB
Utilities  -  Linux Kernel Monitor 0.3 Alpha
Linux Kernel Monitor is a tool for monitoring and managing linuxs kernel. It has been developed for GNOME, using Glib and Gtk libraries in C language. lkmonitor tries to offer detailed information of the characteristics of the system, as type of...
86.02 KB  
Utilities  -  Kernel Mode Linux (For Linux2.4)
Kernel Mode Linux project is a technology which enables us to execute user programs in kernel mode. In Kernel Mode Linux, user programs can be executed as user processes that have the privilege level of kernel mode. The benefit of executing user...
26.62 KB  
Utilities  -  Linux Kernel
Linux Kernel is the essential part of Linux, responsible for resource allocation, low-level hardware interfaces, security, simple communications, and basic file system management. Linux is a clone of the operating system Unix, written from...
54.3 MB  
Utilities  -  Linux Kernel 2.6.23 RC3
Linux Kernel is the essential part of Linux, responsible for resource allocation, low-level hardware interfaces, security, simple communications, and basic file system management. Linux is a clone of the operating system Unix, written from...
54 MB  
Utilities  -  Openwall Linux kernel patch 2.4.35-ow2
Openwall Linux kernel patch is a collection of security-related features for the Linux kernel, all configurable via the new Security options configuration section. In addition to the new features, some versions of the patch contain various...
34.82 KB  
Utilities  -  Lanshield Watchdog Linux Kernel Patch 0.1
Lanshield Watchdog Linux Kernel Patch drives an onboard (97317VUL) watchdog which resets the device every ten minutes. Lanshield Watchdog Linux Kernel Patch is for the onboard(97317VUL) watchdog which resets the device every 10 minutes. BOARD:...
3.07 KB  
File Utilities  -  Linux kernel webcams Driver GSPCA / SPCA5xx 01.00.20
With the appearance of the digital world, "creations" are getting slowly detached from their material supports. Images, music, words and algorithms furrow the planet day and night in front of the wide open eyes of the merchants. The...
193.54 KB  
Utilities  -  Linux Kernel State Tracer 2.3.3
Linux Kernel State Tracer(LKST) records information as trace data about events in the Linux Kernel. It records various events like process context switch, send signal, exception, memory allocation, send packet, and so on.
1.06 MB  
Utilities  -  FR1 2.15b
FR1 is a Linux kernel driver that adapts the kernels own software RAID1 driver. Its intelligent in that it doesnt blindly resynchronize a whole mirror component when only a few blocks need resyncing. That can save hours of resync time on a large...
68.61 KB  
Utilities  -  vp-usb-lock 0.2.1
vp-usb-lock is a Linux kernel driver and PAM module that utilizes the PC wireless USB lock and makes it possible to use it as authentication method for your Linux box. It is easy to install, but needs access to the sources of the kernel and PAM...
81.92 KB  
Programming  -  Cedalion for Linux 0.2.6
Cedalion is a programming language that allows its users to add new abstractions and define (and use) internal DSLs. Its innovation is in the fact that it uses projectional editing to allow the new abstractions to have no syntactic limitations.
471.04 KB  
Programming  -  Math::GMPf 0.29
Math::GMPf - perl interface to the GMP library's floating point (mpf) functions.
30.72 KB  
Programming  -  Net::Wire10 1.08
Net::Wire10 is a Pure Perl connector that talks to Sphinx, MySQL and Drizzle servers. Net::Wire10 implements the low-level network protocol, alias the MySQL wire protocol version 10, necessary for talking to one of the aforementioned...
30.72 KB  
Programming  -  logilab-common 0.56.2
a bunch of modules providing low level functionnalities shared among some python projects devel Please note that some of the modules have some extra dependencies. For instance, logilab.common.db will require a db-api 2.0 compliant...
174.08 KB  
Programming  -  OpenSSL for linux 1.0.0a
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a...
3.83 MB  
Libraries  -  wolfSSL 3.15.3
The wolfSSL embedded SSL/TLS library is a lightweight SSL library written in ANSI standard C and targeted for embedded and RTOS environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating...
3.88 MB  
Libraries  -  EuGTK 4.8.9
Makes it easy to develop good- looking, fast, cross-platform programs that run on Linux, OS X, and Windows. Euphoria is a very fast interpreted/compiled language with straight-forward syntax. EuGTK allows programming in a clean, object-oriented...
10.68 MB  
Libraries  -  Linux User Group Library Manager 1.0
The LUG Library Manager is a project to help Linux User Groups start their own library. A LUG library is helpful to the community at large because it increases access to information, and gives everyone the opportunity to become more knowledgeable.
5.35 KB  
Libraries  -  Module::MakefilePL::Parse 0.12
Module::MakefilePL::Parse is a Perl module to parse required modules from Makefile.PL. SYNOPSIS use Module::MakefilePL::Parse; open $fh, Makefile.PL; $parser = Module::MakefilePL::Parse->new( join("", ) ); $info = $parser->required;...
8.19 KB  
Libraries  -  sqlpp 0.06
sqlpp Perl package is a SQL preprocessor. sqlpp is a conventional cpp-alike preprocessor taught to understand SQL ( PgSQL, in particular) syntax specificities. In addition to the standard #define/#ifdef/#else/#endif cohort, provides also...
10.24 KB