Configure Netfilter Easily - Shorewall

Shorewall is a high-level tool for configuring Netfilter.

How Shorewall works?
You describe your firewall/gateway requirements using entries in a set of configuration files, Shorewall reads those configuration files and with the help of the iptables utility, Shorewall configures Netfilter to match your requirements.

Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode; as a consequence, Shorewall can take advantage of Netfilter's connection state tracking capabilities to create a stateful firewall.

shorewall.net

DOWNLOAD Shorewall

Firewall automation tool for GNU/Linux


TuxFrw is a complete firewall automation tool for GNU/Linux, it consists of script files created to ease the way Linux IPTables firewall rules are configured.

With TuxFrw an user can configure his own Linux-based network firewall, simply passing some IP address numbers and other network utilization policies.

# Simple, high customizable firewall scripting framework;
# Open and close ports, deny forged traffic, stop flooding and stealth your services easily;
# Set up Network Address Translation for your LAN;
# Keep your DMZ away from attacks;

Download TuxFrw

Manage multiple firewalls using the same database of network objects with FirewallBuilder

Manage multiple firewalls using the same database of network objects with FirewallBuilder
With FirewallBuilder, system administrator will be able to manage multiple firewalls using the same database of network objects. A determinate change made to an object is immediately reflected in the policy of all firewalls using this object.

What is FirewallBuilder (from FirewallBuilder Website)
FirewallBuilder is a GUI firewall configuration and management tool that supports iptables (netfilter), ipfilter, pf, ipfw, Cisco PIX (FWSM, ASA) and Cisco routers extended access lists. Firewall Builder uses object-oriented approach, it helps administrator maintain a database of network objects and allows policy editing using simple drag-and-drop operations.




FirewallBuilder HOWTOS:
Installing OpenWrt on Linksys WRT54GSv1.1, by Chris Martin
How to use Firewall Builder to manage policy of the Linksys firewall running OpenWRT firmware
How to migrate objects from one data file to another
How to use built-in policy installer in Firewall Builder 2.0
Using fwb_install
How to make firewall load firewall policy after reboot – pf
How to make firewall load firewall policy after reboot – ipfw
How to make firewall load firewall policy after reboot – ipfilter
How to make firewall load firewall policy after reboot – iptables
How to restart firewall script when interface address changes
Documents, contributed by our users

Tracking the location of your lost or stolen laptop with Adeona

Now is possible to Track the location of your lost or stolen laptop with a Open Source Application.

DOWNLOAD Adeona


Adeona presentation (from Adeona website)
Adeona is the first Open Source system for tracking the location of your lost or stolen laptop that does not rely on a proprietary, central service. This means that you can install Adeona on your laptop and go — there's no need to rely on a single third party. What's more, Adeona addresses a critical privacy goal different from existing commercial offerings. It is privacy-preserving. This means that no one besides the owner (or an agent of the owner's choosing) can use Adeona to track a laptop. Unlike other systems, users of Adeona can rest assured that no one can abuse the system in order to track where they use their laptop.

Adeona is designed to use the Open Source OpenDHT distributed storage service to store location updates sent by a small software client installed on an owner's laptop. The client continually monitors the current location of the laptop, gathering information (such as IP addresses and local network topology) that can be used to identify its current location. The client then uses strong cryptographic mechanisms to not only encrypt the location data, but also ensure that the ciphertexts stored within OpenDHT are anonymous and unlinkable. At the same time, it is easy for an owner to retrieve location information.

Why you should Track the location of your lost or stolen laptop?
With the growing ubiquity of, and user reliance on, mobile computing devices (laptops, PDAs, smart phones, etc.), loss or theft of a device is increasingly likely, disruptive, and costly. Internet-based tracking systems provide a method for mitigating this risk. These tracking systems send, over the Internet, updates regarding the current location of the device to a remotely administered repository. If the device is lost or stolen, but maintains Internet connectivity and unmodified software, the tracking system can keep tabs on the current whereabouts of the device. This data could prove invaluable when the appropriate authorities attempt to recover the device. Unfortunately, with current proprietary tracking systems users sacrifice location privacy. Indeed, even while the device is still in the rightful owner's possession, the tracking system is keeping tabs on the locations it (and its owner) visit. Even worse, with some commercial products, even outsiders (parties not affiliated with the tracking provider) can "piggy-back" on the tracking system's Internet traffic to uncover a mobile device user's private information and/or locations visited.

Adeona has three main properties:
* Private: Adeona uses state-of-the-art cryptographic mechanisms to ensure that the owner is the only party that can use the system to reveal the locations visited by a device.
* Reliable: Adeona uses a community-based remote storage facility, ensuring retrievability of recent location updates.
* Open source and free: Adeona's software is licensed under GPLv2. While your locations are secret, the tracking system's design is not.

Critical Kernel Update - Red Hat Enterprise

SO: RHEL 5.x.
Type: Kernel
Importance: have security impact

How to Update:
# yum update
# reboot


You should check after upgrade if you have he new kernel version by typing:
# uname -mrs

Security fixes:
a) A missing capability check was found in the Linux kernel do_change_type routine. This could allow a local unprivileged user to gain privileged access or cause a denial of service. (CVE-2008-2931, Important)

b) A flaw was found in the Linux kernel Direct-IO implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2007-6716, Important)

c) Tobias Klein reported a missing check in the Linux kernel Open Sound System (OSS) implementation. This deficiency could lead to a possible information leak. (CVE-2008-3272, Moderate)

d) a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate)

e) A flaw was found in the Linux kernel tmpfs implementation. This could allow a local unprivileged user to read sensitive information from the kernel. (CVE-2007-6417, Moderate)

Bug fix
a) A kernel crash may have occurred on heavily-used Samba servers after 24 to 48 hours of use.

b) On certain systems, if multiple InfiniBand queue pairs simultaneously fell into an error state, an overrun may have occurred, stopping traffic.

c) With bridging, when forward delay was set to zero, setting an interface to the forwarding state was delayed by one or possibly two timers, depending on whether STP was enabled. This may have caused long delays in moving an interface to the forwarding state. This issue caused packet loss when migrating virtual machines, preventing them from being migrated without interrupting applications.