在线生成iptables脚本的网站

ggw

源文http://cepage.vicp.net/article.php/414

--------------------------------------------------------------------------------
在线生成firewall脚本(iptables)--向导模式
Bifrost - GUI firewall management interface to iptables
http://bifrost.heimdalls.com

LinWiz - Linux configuration file and scripting Wizards
http://www.lowth.com/LinWiz/

GIPTables Firewall - IPTABLES Rules Generator
http://www.giptables.org/

Easy Firewall Generator for IPTables(在线生成复杂的防火墙脚本*****)
http://morizot.net/firewall/gen/

PFG for IPTables 在线生成简单的防火墙脚本***
http://www.thegate.nu/pfg/

Firewall Builder - GUI Firewall Frontend（功能强大的防火墙构建工具*****）
http://www.fwbuilder.org/index.html

______________________________________________________
Dnsmasq - caching DNS forwarder
http://thekelleys.org.uk/dnsmasq/doc.html


FireHOL, the iptables stateful packet filtering firewall builder
http://firehol.sourceforge.net/


BullDog - A comprehensive and progressive firewall
http://tanaya.net/BullDog/
WallFire: wflogs - firewall log analysis tool
http://www.wallfire.org/wflogs/


Ulog-php - a php analyser for netfilter U-log
http://home.regit.org/ulogd-php.html

Firewall Tester
http://ftester.sourceforge.net/


YAFT's Another Firewall Tool
http://sourceforge.net/projects/yaft




Turtle Firewall Project
http://turtlefirewall.sourceforge.net/

TuxFrw - Firewall Automation Tool
http://tuxfrw.sourceforge.net/index.html

Shoreline Firewall
http://www.shorewall.net/
______________________________________
perl firewall在线生成
levy - Perl Firewall Generater
http://muse.linuxmafia.org/levy/
____________________________________
gSshield - BASH Shell Script Configurator
http://muse.linuxmafia.org/gshield.html
_________________________________
流量分析
Mason - Builds from system traffic
http://www.stearns.org/mason/
________________________________________
firewall log分析软件
adcfw-log - firewall logs analyzer/summarizer
http://adcfw-log.sourceforge.net/

IPTables log analyzer
http://www.gege.org/iptables/
_______________________

IPMENU - Curses Firewall Frontend
http://users.pandora.be/stes/ipmenu.html
________________________________
Firelogd - Firewall Log Daemon
http://www.speakeasy.org/~roux/dmn/
firewall log分析软件主页(fireparse)
Fireparse - Firewall Log Parser
http://aaron.marasco.com/linux.html
__________________________________________
SAINT - Assess the Security of Computer Networks
http://www.saintcorporation.com/saint/
saint在linux著名的扫描软件下面那个是下载地址
SATAN - Port Scanner with a Web Interface
http://www.ibiblio.org/pub/packages/security/Satan-for-Linux/
_____________________________________
Abacus - Intrusion Prevention System
http://www.psionic.com/abacus/

Firewall Generator（在线生成简单的防火墙脚本***）
http://www.citadec.com/FirewallGenerator.html

faint

这些都是老外的东西。咱们用就行了。发现借用老外的东西就是比国内的好!

7dehao

怎么是一个私人的网站？而且用的是动态ip(花生壳)？

faint

盗连人家的东西吧。

Snoopy

是盗人家的,但能方便我们无所谓,

ggw

是他们盗人家吧.我也是..呵...总之好用就行..
有朋友用C写iptables的资料吗

zendragon

# cat /root/auto-block/auto-block.php
[php]

#!/usr/bin/php
<?php

function current_time()
{
    return strftime("%Y-%m-%d %H:%M:%S", time());
}

$ip_dropped = array();
function drop_ip($ip)
{
    global $ip_dropped;
    $ip_dropped[$ip]++;

    if ($ip_dropped[$ip] > 10) {
        // drop again
        $cmd = "/sbin/iptables -D INPUT -s $ip -j DROP";
        exec($cmd);
        $ip_dropped[$ip] = 1;
    } else if ($ip_dropped[$ip] > 1) {
         // already dropped
         return;
    }

    $cmd = "/sbin/iptables -A INPUT -s $ip -j DROP";
    echo current_time() . " $cmd\n";
    system($cmd);
}

$stdin = fopen('php://stdin', 'r');

$RUNNING_TIME = 3600;
$CALC_TIME = 1;
$LIMIT_COUNT = 20;
$LIMIT_COUNT_408 = 5;

echo "====================\nRefreshing iptables...\n--------------------\n";
system("/root/auto-block/iptables-startup.sh");
echo "--------------------\nReady..\n";
echo current_time() . "\n";
echo "--------------------\n";

$begin_time = time();
while (!feof($stdin) && (time() - $begin_time < $RUNNING_TIME)) {
    $line = fgets($stdin, 256);
    list ($code, $time, $ip, $host, $dummy, $firstline, $bytes) = split (" ", $line, 7);

    $time_count[$time] += 1;
    if (count($time_count) > $CALC_TIME) {
        unset($time_count);
        unset($ip_count);
        unset($ip_count_code);
    }

    $ip_count["$ip"] += 1;
    if ($ip_count["$ip"] > $LIMIT_COUNT) {
        drop_ip($ip);
        unset($ip_count["$ip"]);
    }

    $ip_count_code["$ip"]["$code"] += 1;
    if ($ip_count_code["$ip"]["408"] > $LIMIT_COUNT_408) {
        drop_ip($ip);
        unset($ip_count_code["$ip"]);
    }
}

echo "--------------------\n";
echo current_time() . "\n";
echo "--------------------\nFinished\n====================\n";

fclose($stdin);
?>

[/php]

zendragon

#cat /root/auto-block/start-block.sh

1. 
   
2. [FONT=courier new]
   
3. #!/bin/sh
   
4. 
   
5. for ((;;))
   
6. do
   
7. tail -f /usr/local/apache/logs/access_log | /root/auto-block/auto-block.php
   
8. done
   
9. [/font]
   

复制代码