Rapid Application

Ryan Golhar ryangolhar at verizon.net
Sat May 29 20:59:47 UTC 2004 

Sure, Here are my rules:
 
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:ADDRESS-FILTER - [0:0]
:LINWIZ-INPUT - [0:0]
:REJECT-PKT - [0:0]
:SYN-FLOOD - [0:0]
 
-A INPUT -j LINWIZ-INPUT
 
######################################################################
# Allow all loopback interface traffic
 
-A LINWIZ-INPUT -i lo -j ACCEPT
 
# Block all attempts to spoof the loopback address
 
-A LINWIZ-INPUT -s 127.0.0.0/8 -j LOG --log-prefix "SPOOFED-LOOPBACK: "
-A LINWIZ-INPUT -s 127.0.0.0/8 -j DROP
-A LINWIZ-INPUT -d 127.0.0.0/8 -j LOG --log-prefix "SPOOFED-LOOPBACK: "
-A LINWIZ-INPUT -d 127.0.0.0/8 -j DROP
 
# Block Syn Flood attacks
 
-A LINWIZ-INPUT -p tcp -m tcp --syn -j SYN-FLOOD
 
# Ensure that TCP connections start with syn packets
 
-A LINWIZ-INPUT -p tcp -m tcp ! --syn -m state --state NEW -j LOG
--log-prefix "SYN-EXPECTED: "
-A LINWIZ-INPUT -p tcp -m tcp ! --syn -m state --state NEW -j DROP
 
# Allow session continuation traffic
 
-A LINWIZ-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
# Allow all ssh traffic
 
-A LINWIZ-INPUT -p tcp -m tcp --dport 22 -j ACCEPT
 
# Call the IP and MAC address filtering chain
 
-A LINWIZ-INPUT -j ADDRESS-FILTER
 
# Allow ICMP ping requests from allowed hosts
 
-A LINWIZ-INPUT -p icmp -m icmp --icmp-type ping -j ACCEPT
 
# Allow selected TCP/IP and/or UDP services
 
-A LINWIZ-INPUT -p tcp -m tcp --dport 111 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 389 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 636 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 2049 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 4000:4003 -j ACCEPT
-A LINWIZ-INPUT -p udp -m udp --dport 111 -j ACCEPT
-A LINWIZ-INPUT -p udp -m udp --dport 2049 -j ACCEPT
-A LINWIZ-INPUT -p udp -m udp --dport 4000:4003 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 515 -j ACCEPT
-A LINWIZ-INPUT -p udp -m udp --dport 515 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 27000 -j ACCEPT
-A LINWIZ-INPUT -p tcp -m tcp --dport 27005 -j ACCEPT
 
# Block all other TCP/IP and UDP traffic
 
-A LINWIZ-INPUT -j REJECT-PKT
 
######################################################################
# Syn flood filtering chain
 
-A SYN-FLOOD -m limit --limit 1/s --limit-burst 4 -j RETURN
-A SYN-FLOOD -j LOG --log-prefix "SYN-FLOOD: "
-A SYN-FLOOD -j DROP
 
######################################################################
# Chain used to reject all TCP/IP, UDP and ICMP/PING packets
 
# This is Windows NetBIOS broadcasts
-A REJECT-PKT -p udp -m udp --sport 137:138 --dport 137:138 -j DROP
# this IP:port address to flooding the network with broadcast messages
-A REJECT-PKT -p udp -m udp -s 192.168.170.110 --sport 11002 --dport
11001 -j DROP
-A REJECT-PKT -p tcp -m tcp -j LOG
-A REJECT-PKT -p tcp -m tcp -j REJECT --reject-with tcp-reset
-A REJECT-PKT -p udp -m udp -j LOG
-A REJECT-PKT -p udp -m udp -j REJECT --reject-with
icmp-port-unreachable
-A REJECT-PKT -p icmp -m icmp --icmp-type ping -j LOG
-A REJECT-PKT -p icmp -m icmp --icmp-type ping -j REJECT --reject-with
icmp-host-unreachable
 
######################################################################
# IP and MAC address filtering chain
 
# asparagine
-A ADDRESS-FILTER -s 192.168.170.176 -j RETURN
...a bunch more here...
-A ADDRESS-FILTER -j REJECT-PKT
 
COMMIT

 
 

-----
Ryan Golhar
Computational Biologist
The Informatics Institute at
The University of Medicine & Dentistry of NJ

Phone: 973-972-5034
Fax: 973-972-7412
Email: golharam at umdnj.edu 

-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Pegambar
Sent: Friday, May 28, 2004 10:09 PM
To: redhat-list at redhat.com
Subject: Rapid Application



hello 

can anyone tell me Rapid Application Development tools(like VB) in
Linux. I use Glade but it require most of the coding behind after
creating the front end. is there anything(s) more? with licence or
without licence.

thanks



Allah Hafiz

ik katra us ky Fazl ny darya bana dya

mai khaq tha usy ny surrya bana dya

Adam




  _____  

Post your free ad now!  <http://ca.personals.yahoo.com/> Yahoo! Canada
Personals


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-list/attachments/20040529/e22f4dde/attachment.htm>

More information about the redhat-list mailing list