summaryrefslogtreecommitdiff
Diffstat
-rwxr-xr-xAndroid.mk39
-rw-r--r--README90
-rwxr-xr-xSERVPOET18
-rwxr-xr-xconfigs/firewall-masq71
-rwxr-xr-xconfigs/firewall-standalone34
-rwxr-xr-xconfigs/pap-secrets10
-rwxr-xr-xconfigs/pppoe-server-options6
-rwxr-xr-xconfigs/pppoe.conf140
-rwxr-xr-xdoc/CHANGES339
-rwxr-xr-xdoc/HOW-TO-CONNECT268
-rwxr-xr-xdoc/KERNEL-MODE-PPPOE98
-rwxr-xr-xdoc/LICENSE341
-rwxr-xr-xdoc/PROBLEMS5
-rwxr-xr-xman/pppoe-connect.866
-rwxr-xr-xman/pppoe-relay.8124
-rwxr-xr-xman/pppoe-server.8184
-rwxr-xr-xman/pppoe-setup.823
-rwxr-xr-xman/pppoe-sniff.877
-rwxr-xr-xman/pppoe-start.827
-rwxr-xr-xman/pppoe-status.825
-rwxr-xr-xman/pppoe-stop.821
-rwxr-xr-xman/pppoe.8236
-rwxr-xr-xman/pppoe.conf.5167
-rw-r--r--pstart3
-rw-r--r--pstop21
-rwxr-xr-xscripts/pppoe-connect319
-rwxr-xr-xscripts/pppoe-connect.in319
-rwxr-xr-xscripts/pppoe-init66
-rwxr-xr-xscripts/pppoe-init-suse64
-rwxr-xr-xscripts/pppoe-init-suse.in64
-rwxr-xr-xscripts/pppoe-init-turbolinux64
-rwxr-xr-xscripts/pppoe-init-turbolinux.in64
-rwxr-xr-xscripts/pppoe-init.in66
-rwxr-xr-xscripts/pppoe-setup352
-rwxr-xr-xscripts/pppoe-setup.in352
-rwxr-xr-xscripts/pppoe-start196
-rwxr-xr-xscripts/pppoe-start.in196
-rwxr-xr-xscripts/pppoe-status84
-rwxr-xr-xscripts/pppoe-stop96
-rwxr-xr-xscripts/pppoe-stop.in96
-rwxr-xr-xsrc/common.c651
-rwxr-xr-xsrc/config.h146
-rwxr-xr-xsrc/debug.c152
-rwxr-xr-xsrc/discovery.c736
-rwxr-xr-xsrc/if.c352
-rwxr-xr-xsrc/libevent/Makefile42
-rwxr-xr-xsrc/libevent/Makefile.in42
-rwxr-xr-xsrc/libevent/event.c645
-rwxr-xr-xsrc/libevent/event.h114
-rwxr-xr-xsrc/libevent/event_sig.c265
-rwxr-xr-xsrc/libevent/event_tcp.c577
-rwxr-xr-xsrc/libevent/event_tcp.h87
-rwxr-xr-xsrc/libevent/eventpriv.h46
-rwxr-xr-xsrc/libevent/hash.c266
-rwxr-xr-xsrc/libevent/hash.h54
-rwxr-xr-xsrc/md5.c249
-rwxr-xr-xsrc/md5.h34
-rwxr-xr-xsrc/plugin.c469
-rwxr-xr-xsrc/ppp.c262
-rwxr-xr-xsrc/pppoe-server.c2137
-rwxr-xr-xsrc/pppoe-server.h156
-rwxr-xr-xsrc/pppoe-sniff.c266
-rwxr-xr-xsrc/pppoe.c959
-rwxr-xr-xsrc/pppoe.h347
-rwxr-xr-xsrc/relay.c1559
-rwxr-xr-xsrc/relay.h99
66 files changed, 15542 insertions, 1 deletions
diff --git a/configs/firewall-masq b/configs/firewall-masq
new file mode 100755
index 0000000..14b9971
--- a/dev/null
+++ b/configs/firewall-masq
@@ -0,0 +1,71 @@
+#!/bin/sh
+#
+# firewall-masq This script sets up firewall rules for a machine
+# acting as a masquerading gateway
+#
+# Copyright (C) 2000 Roaring Penguin Software Inc. This software may
+# be distributed under the terms of the GNU General Public License, version
+# 2 or any later version.
+# LIC: GPL
+
+# Interface to Internet
+EXTIF=ppp+
+
+# NAT-Tables are different, so we can use ACCEPT everywhere (?)
+iptables -t nat -P PREROUTING ACCEPT
+iptables -t nat -P OUTPUT ACCEPT
+iptables -t nat -P POSTROUTING ACCEPT
+
+# Flush the NAT-Table
+iptables -t nat -F
+
+iptables -t filter -P INPUT DROP
+iptables -t filter -F
+
+# Allow incoming SSH
+#iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 22 -j ACCEPT
+
+# Log & Deny the rest of the privileged ports
+iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 0:1023 -j LOG
+iptables -t filter -A INPUT -i $EXTIF -p udp --dport 0:1023 -j LOG
+iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 0:1023 -j DROP
+iptables -t filter -A INPUT -i $EXTIF -p udp --dport 0:1023 -j DROP
+
+# Log & Deny NFS
+iptables -t filter -A INPUT -i $EXTIF -p udp --dport 2049 -j LOG
+iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 2049 -j LOG
+iptables -t filter -A INPUT -i $EXTIF -p udp --dport 2049 -j DROP
+iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 2049 -j DROP
+
+# Log & Deny X11
+iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 6000:6063 -j LOG
+iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 6000:6063 -j DROP
+
+# Log & Deny XFS
+iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 7100 -j LOG
+iptables -t filter -A INPUT -i $EXTIF -p tcp --dport 7100 -j DROP
+
+# Deny TCP connection attempts
+iptables -t filter -A INPUT -i $EXTIF -p tcp --syn -j LOG
+iptables -t filter -A INPUT -i $EXTIF -p tcp --syn -j DROP
+
+# Deny ICMP echo-requests
+iptables -t filter -A INPUT -i $EXTIF -p icmp --icmp-type echo-request -j DROP
+
+# Do masquerading
+iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
+
+# Enable forwarding
+echo 1 > /proc/sys/net/ipv4/ip_forward
+
+# no IP spoofing
+if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ] ; then
+ for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
+ echo 1 > $i
+ done
+fi
+
+# Disable Source Routed Packets
+for i in /proc/sys/net/ipv4/conf/*/accept_source_route; do
+ echo 0 > $i
+done
generated by cgit at 2024-05-18 06:51:01 (GMT)