randonantix / pftabled Goto Github PK
View Code? Open in Web Editor NEWThis project forked from awaw/pftabled
Home Page: http://wolfermann.org/pftabled.html
License: BSD 2-Clause "Simplified" License
This project forked from awaw/pftabled
Home Page: http://wolfermann.org/pftabled.html
License: BSD 2-Clause "Simplified" License
----------------------------------------------------------------------------- pftabled @PACKAGE_VERSION@ ----------------------------------------------------------------------------- The pftabled daemon is a small helper to make your pf tables reachable from other hosts. You can add/delete/flush IP addresses to/from a remote table with a single UDP datagram. Sample client programs in C, Perl, PHP and Python are included. SECURITY: The daemon runs chrooted and drops privileges to a user named pftabled (or nobody if it doesn't exist). Even with SHA1 authentication I still recommend to secure the receiving port by adequate pf rules, e.g. block in proto udp from any to ($if_int) port 56789 pass in on $if_int proto udp from $authorized to ($if_int) port 56789 ----------------------------------------------------------------------------- Upgrading ----------------------------------------------------------------------------- If you're upgrading from version 1.05 you only need to upgrade the server, it accepts old format messages also. The option format of the included C client has changed (see pftabled-client -h). If you're upgrading from a version older than 1.04 you have to upgrade client and server. ----------------------------------------------------------------------------- Installation ----------------------------------------------------------------------------- Just run: $ ./configure $ make Installing binaries and manpage to /usr/local: # make install or # make client-install # make server-install The pftabled daemon is built on pf(4) enabled platforms only (by checking for the net/pfvar.h include file). The client is always built. Now generate an authentication key: # dd if=/dev/random of=/etc/pftabled.key bs=20 count=1 # chmod 0400 /etc/pftabled.key Copy this key to your hosts via a secure channel (ssh, floppy disk) and make sure it can only be read by the programs. ----------------------------------------------------------------------------- Usage examples ----------------------------------------------------------------------------- 1. Spam blocking On your firewall you are redirecting certain IPs to spamd: table <spammer> persist pass in on egress proto tcp from <spammer> to any port 25 \ rdr-to 127.0.0.1 port spamd Now you're able to fill this table from your mailservers, e.g. with qmail $ cat .qmail-spamtrap |pftabled-client 10.1.1.1 1234 add spammer $TCPREMOTEIP /etc/pftabled.key 2. Portsentry response You're running portsentry (or some other honeypot tool) on your hosts. Add these lines to your portsentry.conf KILL_RUN_CMD_FIRST = "0" KILL_RUN_CMD="pftabled-client 10.1.1.1 1234 add blocked $TARGET$ /etc/key" to add attackers to a blocklist on your firewall table <blocked> persist block in on $ext from <blocked> to any ----------------------------------------------------------------------------- Internals ----------------------------------------------------------------------------- Datagram format (64 bytes): +---------+---------+---------+---------+ | Version | Command | Reserved| Netmask | +---------+---------+---------+---------+ | IPv4 address | +---------+---------+---------+---------+ | | : Table name (32 bytes) : | | +---------+---------+---------+---------+ | Timestamp | +---------+---------+---------+---------+ | | : Signature (20 bytes, HMAC-SHA1) : | | +---------+---------+---------+---------+ Version: 0x01 pftabled 1.05 and earlier 0x02 pftabled 1.06 and later Command: 0x01 Add address to table. 0x02 Delete address from table. 0x03 Flush table. Timestamp: The server compares incoming timestamps with it's local clock. If the difference (= clock difference + network delay) is greater than 60 seconds, the packet gets dropped (see pftabled.h if you really need to change this value). ----------------------------------------------------------------------------- History ----------------------------------------------------------------------------- 2010-11-12 Version 1.09 Add sample PHP client. Use mandoc manual formatter if available. 2010-04-20 Version 1.08 Add sample python client. Check not only for replay attacks but for clock deviations to both sides (patch by Melissa Jenkins). 2009-02-04 Version 1.07 Add sample perl client. 2006-03-06 Version 1.06 Add mask field to enable addition/deletion of whole networks (idea and initial patch from Niki Denev). Changed pftabled-client option parsing. 2005-01-27 Version 1.05 Make authentication completely optional. Portability fixes for servers running on FreeBSD (prompted by Nick Buraglio). 2004-09-12 Version 1.04 SHA1 authentication and client selectable tables (idea from Russell Fulton) which necessitates a new wire format. 2004-05-01 Version 1.03 Bugfix: Missing initializer for timeout queue. 2004-04-24 Version 1.02 New timeout option to automatically remove table entries after a fixed time (idea from Samuel Ljungkvist). 2003-10-29 Version 1.01 Initial release. ----------------------------------------------------------------------------- Homepage ----------------------------------------------------------------------------- You can always find the latest version of pftabled at: http://www.wolfermann.org/pftabled.html -----------------------------------------------------------------------------
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.