---* gen_fire *--- ****************** tomekk@tweety:~/firelol# ./gen_fire start generating iptables rules... iptables -P INPUT DROP iptables -P FORWARD DROP iptables -F iptables -X iptables -N INTERNET iptables -N DROPPED iptables -A INPUT -i lo -p ALL -j ACCEPT iptables -A INPUT -i eth1 -p ALL -j ACCEPT iptables -A DROPPED -s 1.1.1.1 -j DROP iptables -A DROPPED -s 2.2.2.2 -j DROP iptables -A INPUT -i eth0 -d 83.17.234.9 -p ALL -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i eth0 -d 83.17.234.9 -p ALL -j INTERNET iptables -A INTERNET -p ALL -j DROPPED iptables -A INTERNET -p ICMP --icmp-type 0 -m limit --limit 1/s -j ACCEPT iptables -A INTERNET -p ICMP --icmp-type 3 -m limit --limit 1/s -j ACCEPT iptables -A INTERNET -p ICMP --icmp-type 3/1 -m limit --limit 1/s -j ACCEPT iptables -A INTERNET -p ICMP --icmp-type 3/2 -m limit --limit 1/s -j ACCEPT iptables -A INTERNET -p ICMP --icmp-type 3/3 -m limit --limit 1/s -j ACCEPT iptables -A INTERNET -p ICMP --icmp-type 3/4 -m limit --limit 1/s -j ACCEPT iptables -A INTERNET -p ICMP --icmp-type 8 -m limit --limit 1/s -j ACCEPT iptables -A INTERNET -p ICMP --icmp-type 11 -m limit --limit 1/s -j ACCEPT iptables -A INTERNET -p TCP --dport 21 -j ACCEPT iptables -A INTERNET -p TCP --dport 22 -j ACCEPT iptables -A INTERNET -p TCP --dport 80 -j ACCEPT iptables -A INTERNET -p UDP -s 12.12.12.12 --dport 53 -j ACCEPT iptables -A INTERNET -p tcp -j REJECT --reject-with tcp-reset iptables -A INTERNET -p udp -j REJECT --reject-with icmp-port-unreachable iptables -t nat -A POSTROUTING -o eth0 -s 10.10.10.0/24 -j SNAT --to 83.17.234.9 iptables -A FORWARD -i eth1 -o eth0 -p ICMP -s 10.10.10.11 -d 0/0 -j ACCEPT iptables -A FORWARD -o eth1 -i eth0 -p ICMP -d 10.10.10.11 -s 0/0 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -p TCP -m mac --mac-source 00:16:EC:88:24:89 -s 10.10.10.11 -d 0/0 --dport 20 -j ACCEPT iptables -A FORWARD -o eth1 -i eth0 -p TCP -d 10.10.10.11 -s 0/0 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -p TCP -m mac --mac-source 00:16:EC:88:24:89 -s 10.10.10.11 -d 0/0 --dport 21 -j ACCEPT iptables -A FORWARD -o eth1 -i eth0 -p TCP -d 10.10.10.11 -s 0/0 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -p TCP -m mac --mac-source 00:16:EC:88:24:89 -s 10.10.10.11 -d 0/0 --dport 25 -j ACCEPT iptables -A FORWARD -o eth1 -i eth0 -p TCP -d 10.10.10.11 -s 0/0 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -p UDP -m mac --mac-source 00:16:EC:88:24:89 -s 10.10.10.11 -d 0/0 --dport 53 -j ACCEPT iptables -A FORWARD -o eth1 -i eth0 -p UDP -d 10.10.10.11 -s 0/0 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -p ICMP -s 10.10.10.12 -d 0/0 -j ACCEPT iptables -A FORWARD -o eth1 -i eth0 -p ICMP -d 10.10.10.12 -s 0/0 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -p TCP -m mac --mac-source 00:xx:ss:ss:dd:ss -s 10.10.10.12 -d 0/0 --dport 20 -j ACCEPT iptables -A FORWARD -o eth1 -i eth0 -p TCP -d 10.10.10.12 -s 0/0 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -p TCP -m mac --mac-source 00:xx:ss:ss:dd:ss -s 10.10.10.12 -d 0/0 --dport 21 -j ACCEPT iptables -A FORWARD -o eth1 -i eth0 -p TCP -d 10.10.10.12 -s 0/0 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -p TCP -m mac --mac-source 00:xx:ss:ss:dd:ss -s 10.10.10.12 -d 0/0 --dport 25 -j ACCEPT iptables -A FORWARD -o eth1 -i eth0 -p TCP -d 10.10.10.12 -s 0/0 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -p UDP -m mac --mac-source 00:xx:ss:ss:dd:ss -s 10.10.10.12 -d 0/0 --dport 53 -j ACCEPT iptables -A FORWARD -o eth1 -i eth0 -p UDP -d 10.10.10.12 -s 0/0 -j ACCEPT iptables -t nat -A PREROUTING -i eth0 -p TCP -d 83.17.234.9 --dport 21 -j DNAT --to 10.10.10.152:1234 echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_dynaddr echo 1 > /proc/sys/net/ipv4/tcp_syncookies echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects done ---* gen_hosts *--- ******************* tomekk@tweety:~/firelol# ./gen_hosts start generating /etc/hosts... done generating /etc/nicesharper/users... done generating /etc/dhcp/dhcpd.conf... done tomekk@tweety:~/etc/dhcp# cat dhcpd.conf # file creation time 00:21:19/08-12-2009 # static entries from file '/etc/firelol/confs/dhcp/static_confs/dhcpd.conf' # global options for the DHCP server option domain-name "somedomain"; option domain-name-servers 10.10.10.10; default-lease-time 6000; max-lease-time 14400; ddns-update-style none; ddns-updates off; # dynamic entries from file '/etc/firelol/confs/dhcp/dynamic_confs/our_hosts.conf' # static entries from file '/etc/firelol/confs/dhcp/static_confs/subnets/subnet.1' subnet 10.10.10.0 netmask 255.255.255.0 { authoritative; option subnet-mask 255.255.255.0; option broadcast-address 10.10.10.255; # john doe 1 comment host comp1_host { hardware ethernet 00:16:EC:88:24:89; fixed-address 10.10.10.11; option routers 10.10.10.10; option netbios-name-servers 10.10.10.20; } # jane doe 2 comment host comp2_host { hardware ethernet 00:xx:ss:ss:dd:ss; fixed-address 10.10.10.12; option routers 10.10.10.10; option netbios-name-servers 10.10.10.20; } } tomekk@tweety:~/etc# cat hosts # file creation time 00:21:19/08-12-2009 # static entries from file '/etc/firelol/confs/dhcp/static_confs/hosts' # static hosts which will be added to the top of the hosts file 127.0.0.1 localhost localhost 85.27.34.12 xxx.internetdsl.tpnet.pl dsl 10.10.10.10 gateway.our_lan gateway # dynamic entries from file '/etc/firelol/confs/dhcp/dynamic_confs/our_hosts.conf' 10.10.10.11 comp1_host.nicedomain comp1_host 10.10.10.12 comp2_host.nicedomain comp2_host tomekk@tweety:~/etc/nicesharper# cat users 10.10.10.11 eth1 10.10.10.12 eth1