(PM) A tool for ChoiceNet users

Ilya Etingof (ilya@glasnet.ru)
Tue, 25 May 1999 12:14:31 +0400 (MSD)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeff Haas: "Re: (PM) How can we avoid LD charges."
Previous message: Jason: "(PM) USR Renegotiations w/ 3.8.2c2"

Greetings,

Just in case anybody finds this useful -- we have written a tool to simplify
ChoiceNet / PM filters maintenance. Here's a README from the package:

-----------

What is it?
-----------

bld-filters is a supplementary tool for Lucent ChoiceNet (TM) software.
Its main objective is to ease filters build and maintenance by dividing
a filter into task specific modules referenced from a main filter.

For example:

the main filter looks like this:

># include basic security checks
>include security
>
># permit everything
>permit

while "security" module includes attack specific modules:

># include check againsft backorifice attack
>include backorifice
>
># include checks against nuke attack
>include nuke

attack specific modules do the real job, "backorifice":

># deny inbound BO polls and log other BO activity
>permit 0.0.0.0/0 0.0.0.0/0 udp src eq 31337 log
>deny 0.0.0.0/0 0.0.0.0/0 udp dst eq 31337 log

bld-filters tools compiles main filter along with all the included modules
and lists into a production filter e.g. to be used by ChoiceNet software.

Another feature of this tool is that it can compile ChoiceNet lists
into production filter that is, if instructed, it can put IP numbers/
domain names listed in ChoiceNet lists into production filter. Although at
the first glance this may look odd (given the ChoiceNet software is aimed to
perform on-host lookups of specific IP number at its resident lists thus
reducing the size of the filter) we found ChoiceNet lookups are somewhat
slow so in some cases it seems reasonable to hardcode targets into filter
rather than look them up with ChoiceNet. So, bld-filters may do the job.

Documentation
-------------

See the man page and sources. ;)

Installation
------------

This program is distributed in source form only. In order to compile
it, you must select your OS platform in Makefile and type "make". For
the list of supported platforms, please, see file PLATFORMS.

Upon a successful compilation you would need to tape "make install".

The Latest Version
------------------

Available at ftp.glasnet.ru/users/ilya/tools/bld-filters.tar.gz

Licensing
---------

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the redistributions of source
code must retain the copyright notice.

The whole package is provided "as is" without express or implied warranty.
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>

Next message: Jeff Haas: "Re: (PM) How can we avoid LD charges."
Previous message: Jason: "(PM) USR Renegotiations w/ 3.8.2c2"