09-05-2010 08:18:42
38.107.191.94
CCBot/1.0 (+http://www.commoncrawl.org/bot.html)
1and1.com
If you need webhosting, 1and1.com is pretty easy to use.
Please order through the link above if you do choose them.
http://www.dd-wrt.com/
http://www.sveasoft.com/
http://www.linksysinfo.org/
http://www.netstumbler.com/
Example rc_firewall autoupdate script and rc_firewall rules that implement mac filtering. Please create files in linux/unix editor such as vim located on the downloads page if using windows platform.
rc_firewall example:
#!/bin/sh
# MAC Filter List 09-11-2005
/usr/sbin/iptables -N check_mac
/usr/sbin/iptables -F check_mac
/usr/sbin/iptables -I INPUT -i br0 -j check_mac
/usr/sbin/iptables -I FORWARD -i br0 -j check_mac
# NOTE: The following list does MAC Address Filtering.
# ONLY people on this list will have internet access.
/usr/sbin/iptables -A check_mac -m mac --mac-source AA:BB:CC:DD:EE:FF -j RETURN
/usr/sbin/iptables -A check_mac -m mac --mac-source BB:CC:DD:EE:FF:GG -j RETURN
/usr/sbin/iptables -A check_mac -m mac --mac-source CC:DD:EE:FF:GG:HH -j RETURN
/usr/sbin/iptables -A check_mac -m mac --mac-source 00:EE:FF:GG:HH:II -j RETURN
/usr/sbin/iptables -A check_mac -j DROP
# IPTable rule to attempt to drop p2p programming
/usr/sbin/iptables -I FORWARD -m ipp2p --ipp2p -j DROP
# IPTable rule to attempt specific p2p apps
/usr/sbin/iptables -t mangle -I PREROUTING -p tcp -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto directconnect -j DROP
/usr/sbin/iptables -t mangle -I PREROUTING -p tcp -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto fasttrack -j DROP
/usr/sbin/iptables -t mangle -I PREROUTING -p tcp -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto applejuice -j DROP
/usr/sbin/iptables -t mangle -I PREROUTING -p tcp -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto audiogalaxy -j DROP
/usr/sbin/iptables -t mangle -I PREROUTING -p tcp -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto bittorrent -j DROP
/usr/sbin/iptables -t mangle -I PREROUTING -p tcp -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto gnucleuslan -j DROP
/usr/sbin/iptables -t mangle -I PREROUTING -p tcp -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto gnutella -j DROP
/usr/sbin/iptables -t mangle -I PREROUTING -p tcp -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto live365 -j DROP
#ADF
rc_firewallautoupdate script example:
#!/bin/sh
# Default AutoUpdate Firewall Script
sync_ok=0
sync_url="ftp://username:password@yourftphostiporurl"
echo "Attempting To Load Dynamic Rules" >> /tmp/runlog
until [ "$sync_ok" = "1" ] # Keep Trying To Get Firewall Rules
do
echo "Getting: "$sync_url >> /tmp/runlog
wget -q -O /tmp/rc_firewall.new $sync_url
sync_reply=`cat /tmp/rc_firewall.new | grep "#ADF"`
if [ "$sync_reply" = "#ADF" ]; then
echo "Dynamic Rules Received OK" >> /tmp/runlog
newmd5=`md5sum /tmp/rc_firewall.new | awk '{ print $1 }'`
oldmd5=`md5sum /usr/local/etc/firewall.sh | awk '{ print $1 }'`
echo "Received MD5: "$newmd5" Old Version MD5:"$oldmd5 >> /tmp/runlog
if [ $newmd5 != $oldmd5 ]; then
echo "Applying Newer Version" >> /tmp/runlog
cp /tmp/rc_firewall.new /usr/local/etc/firewall.sh
chmod +x /usr/local/etc/firewall.sh
/usr/local/etc/firewall.sh
else
echo "Skipping Update - Both Versions Equal" >> /tmp/runlog
fi
sync_ok=1
else
echo "Dynamic Rules Failed To Download" >> /tmp/runlog
sleep 60 # Wait 60seconds and try again
fi
done
# Note: FTP Firewall File Version should have a tag (i.e. #IDLIDLIDL at the end of file)
# In this example, the firewall has #ADF at the end..