<HTML>
<HEAD>

<SCRIPT LANGUAGE='JavaScript'>
tcp=new Array ('a2000', 'a2049', 'auth','telnet','finger','ftp','http','pop-3','pop','pop-2','NeWS','cfinger','conference','courier','csnet-ns','dos','efs','eklogin','exec','gopher','hostnames','imap','ingreslock','irc','iso-tsap','klogin','kpop','krb524','krb5_prop','kshell','link','listen','mtp','netbios-ssn','netnews','netstat','nntp','nterm','pcserver','printer','qotd','remotefs','rje','sftp','shell','smtp','supdup','systat','tcpmux','tempo','tnet','uucp','uucp-path','whois','x400','x400-snd', 'login');
udp=new Array ('talk','tftp','biff','bootpc','bootps','bwnfs','monitor','mount','aname','netwall','new-rwho','nfs','ntalk','pcnfs','rlp','rmonitor','route','snmp','snmp-trap','syslog','timed','who'); 
common=new Array ('domain','ssh','chargen','daytime','discard','echo','kerberos','kerberos-adm','kerberos-sec','kerberos_master','netbios-dgm','netbios-ns','ntp','sunrpc','time');
all_protocols=new Array ('icmp', 'sp', '5999:6100');
lockp=all_protocols.length;
form1 = new Array();
form2 = new Array();
form3 = new Array();
index = form1.length; index2 = form2.length; index3 = form3.length;

function f_store( sTR ) {
if (sTR!='') {
var i;
form1[ index ] = sTR;
++index;
document.forma.command.value="";
}
}

function f_store2( sTR ) {
if (sTR!='') {
var i;
form2[ index2 ] = sTR;
++index2;
document.forma.command2.value="";
}
}

function f_store3( sTR ) {
if (sTR!='') {
var i;
form3[ index3 ] = sTR;
++index3;
document.forma.command3.value="";
}
}

function f_p(index_p, form_p) {
allCmmnds = "";
for( i = 0; i < index_p; i++ ) 
allCmmnds += form_p[i] + "\n";
if (allCmmnds == "") allCmmnds="The list is empty";
alert( allCmmnds );
}




function wr(tu_checked, tu, pol) 
{
  p=8;
  for (i =0; i <tu_checked.length; i ++) {
  if (tu_checked[i]=='5999:6100') 
    {
      as=tu_checked[0];
      tu_checked[0]=tu_checked[i];
      tu_checked[i]=as;
      p-=1;
    };
};
for (i =0; i <tu_checked.length; i ++) 
{
  sw.document.writeln('<BR>$FW -I -a '+pol+' -P ' + tu +' \\<BR> -W $EXTERNAL_INTERFACE -S $ANY_HOST $UN_PRIV_PORTS -D $IP_ADDRESS');
  for (k =0; ((k < p) && (i<tu_checked.length)); k ++, i++) sw.document.writeln(' \\<BR>'+tu_checked[i]);
  i--;
  if ((pol=='deny') || (pol=='reject'))
  sw.document.writeln(' -o');
  p=8;
}


}; 


function add_2nd21st (first, second)
{ 
first_length=first.length; 
for (i =0; i <= second.length-1; i ++)
{ 
first[first_length+i]=second[i]; 
};

}; 



function chk(a, b, c, d) 
{ 
t=-1;
t1=-1;
t2=-1; h='';
for (i =0; i <=a.length-1; i ++) 
{ 
h=a[i];
if (a[i]=='a2000') h='2000';
if (a[i]=='a2049') h='2049';
if (a[i]=='aname') h='name';
if (document.forma.elements[a[i]].options[0].selected) if (document.forma.elements['policy'].options[0].selected==false){t++; b[t]=h}
if (document.forma.elements[a[i]].options[1].selected) if (document.forma.elements['policy'].options[1].selected==false){t1++; c[t1]=h}
if (document.forma.elements[a[i]].options[2].selected) if (document.forma.elements['policy'].options[2].selected==false){t2++; d[t2]=h}
} 

} ;


function chk2 () { 
for (i = 0; i <= all_protocols.length-1; i ++) {
if (document.forma.elements['policy'].options[0].selected) document.forma.elements[all_protocols[i]].options[0].selected=true
if (document.forma.elements['policy'].options[1].selected) document.forma.elements[all_protocols[i]].options[1].selected=true
if (document.forma.elements['policy'].options[2].selected) document.forma.elements[all_protocols[i]].options[2].selected=true

}
}

function CheckAll () { 
sw = window.open("", "script");
with (sw.document) {
open();
clear();
d = new Date();
writeln('#!/bin/sh'); 
l = '<BR>&nbsp;&nbsp;&nbsp;';
writeln(l + 'echo');
writeln(l + 'echo " $0: IP Filtering Firewall script for dial-up users."');
writeln(l + 'echo " $0: Generated by DNi at '+d.toGMTString()+'"');
writeln(l + 'echo');
writeln(l + 'echo " DNi v0.6, 18 September 1998"');
writeln(l + 'echo " Rostislav V. Belotserkovski, robel@usa.net"');
writeln(l + 'echo');
writeln(l + 'echo " DNi Home Page: http://members.tripod.com/~robel/dni/"');
writeln(l + '<BR># Some definitions for easy maintenance.');
writeln('<P># Representing an IP firewall administration programs location.');
writeln('<BR>FW=' + document.forma.elements['ipfwadm'].value);
writeln('<P>&nbsp;&nbsp;&nbsp;case "$1" in');
writeln(l + 'start)');
writeln(l + 'echo " Starting IP Filtering Firewall script" | tee /dev/console | logger');
writeln('<P># Representing all unprivileged ports.'); 
writeln('<BR># Once a service connection has been accepted, a port is selected');
writeln('<BR># from this pool and the ongoing socket connection is maintained');
writeln('<BR># over this unprivileged port.');
writeln('<BR>UN_PRIV_PORTS="1024:65535"'); 
writeln('<P># Representing any host.'); 
writeln('<BR>ANY_HOST="any/0"'); 
writeln('<P># Representing an IP address.'); 
writeln('<BR>IP_ADDRESS=`ifconfig | grep "inet addr" | grep -v "127.0.0.1" \\<BR>| awk '{print $2;}' | awk -F':' '{print $2;}'`');
writeln('<P>if (test -z $IP_ADDRESS) then');
writeln('<BR>echo');
writeln('<BR>echo ERROR: Please connect first !!!');
writeln('<BR>echo');
writeln('<BR>exit 0;');
writeln('<BR>fi;');
writeln('<P># Representing external interface.');
writeln('<BR>EXTERNAL_INTERFACE=' + document.forma.elements['ppp0'].value);
writeln('<P># Representing loopback interface.');
writeln('<BR>LOOPBACK_INTERFACE=' + document.forma.elements['lo'].value);
writeln('<P># HERE WE GO ....');
writeln('<P># Flush IP input firewall rules.'); 
writeln('<BR>$FW -I -f'); 
writeln('<P># Representing a default policy for IP input firewall rules');
writeln("<BR># that applies if packets don't match any following rules.");
if (document.forma.elements['policy'].options[0].selected) writeln('<BR>$FW -I -p deny'); 
if (document.forma.elements['policy'].options[1].selected) writeln('<BR>$FW -I -p reject'); 
if (document.forma.elements['policy'].options[2].selected) writeln('<BR>$FW -I -p accept'); 

if ((document.forma.elements['sp'].options[0].selected) ||(document.forma.elements['sp'].options[1].selected))
{
sf='deny';
if (document.forma.elements['sp'].options[1].selected) sf='reject';
writeln('<P>CLASS_A="10.0.0.0/8"');
writeln('<BR>CLASS_B="172.16.0.0/12"');
writeln('<BR>CLASS_C="192.168.0.0/16"');
writeln('<P># Refuse packets claiming to be from the external address.');
writeln('<BR>$FW -I -a '+sf+' -W $EXTERNAL_INTERFACE -S $IP_ADDRESS -o');
writeln('<P># Refuse packets claiming to be to or from the loopback interface.');
writeln('<BR>$FW -I -a '+sf+' -W $EXTERNAL_INTERFACE -S 127.0.0.1/8 -o');
writeln('<BR>$FW -I -a '+sf+' -W $EXTERNAL_INTERFACE -D 127.0.0.1/8 -o');
writeln('<P># Refuse packets claiming to be to or from a Class A, C and B private networks.');
writeln('<BR>$FW -I -a '+sf+' -W $EXTERNAL_INTERFACE -S $CLASS_A -o');
writeln('<BR>$FW -I -a '+sf+' -W $EXTERNAL_INTERFACE -D $CLASS_A -o');
writeln('<BR>$FW -I -a '+sf+' -W $EXTERNAL_INTERFACE -S $CLASS_B -o');
writeln('<BR>$FW -I -a '+sf+' -W $EXTERNAL_INTERFACE -D $CLASS_B -o');
writeln('<BR>$FW -I -a '+sf+' -W $EXTERNAL_INTERFACE -S $CLASS_C -o');
writeln('<BR>$FW -I -a '+sf+' -W $EXTERNAL_INTERFACE -D $CLASS_C -o');
}
if (index !=0) writeln('<P># Accept any traffic from these hosts or networks.');
for( i = 0; i < index; i++ ) writeln('<BR>$FW -I -a accept -W $EXTERNAL_INTERFACE -S ' + form1[i]); 
if (index2 !=0) writeln('<P># Deny any traffic from these hosts or networks.');
for( i = 0; i < index2; i++ ) writeln('<BR>$FW -I -a deny -W $EXTERNAL_INTERFACE -S ' + form2[i]+' -o'); 
if (index3 !=0) writeln('<P># Reject any traffic from these hosts or networks.');
for( i = 0; i < index3; i++ ) writeln('<BR>$FW -I -a reject -W $EXTERNAL_INTERFACE -S ' + form3[i]+' -o'); 
writeln('<P># Accept return tcp & udp traffic.'); 
writeln('<BR>$FW -I -a accept -P tcp -k -W $EXTERNAL_INTERFACE'); 
writeln('<BR>$FW -I -a accept -P udp -k -W $EXTERNAL_INTERFACE'); 
writeln('<P># Unlimited traffic on the loopback interface.');
writeln('<BR>$FW -I -a accept -W $LOOPBACK_INTERFACE');

tcp_deny=new Array();
tcp_reject=new Array();
tcp_accept=new Array();

udp_deny=new Array();
udp_reject=new Array();
udp_accept=new Array();

chk(tcp, tcp_deny, tcp_reject, tcp_accept);
chk(udp, udp_deny, udp_reject, udp_accept);
if (
(tcp_deny.length !=0) || (tcp_reject.length !=0) || (tcp_accept.length !=0) || (udp_deny.length !=0) || (udp_reject.length !=0) || (udp_accept.length !=0))
writeln('<P># Access to local services.'); 

if (tcp_deny.length !=0) wr(tcp_deny,'tcp', 'deny'); 
if (tcp_reject.length !=0) wr(tcp_reject,'tcp', 'reject'); 
if (tcp_accept.length !=0) wr(tcp_accept,'tcp', 'accept'); 

if (udp_deny.length !=0) wr(udp_deny,'udp', 'deny'); 
if (udp_reject.length !=0) wr(udp_reject,'udp', 'reject'); 
if (udp_accept.length !=0) wr(udp_accept,'udp', 'accept'); 


if ((document.forma.elements['policy'].options[0].selected) || (document.forma.elements['policy'].options[1].selected))
{
 writeln('<P># Allow ftp-data');
 writeln('<BR>$FW -I -a accept -P tcp -W $EXTERNAL_INTERFACE -S $ANY_HOST ftp-data \\<BR>-D $IP_ADDRESS $UN_PRIV_PORTS');
}

writeln('<P># ICMP traffic');
if (document.forma.elements['icmp'].options[2].selected) { writeln('<BR>$FW -I -a accept -P icmp'); }
else
{
writeln('<BR>$FW -I -a accept -P icmp -W $EXTERNAL_INTERFACE \\<BR>-S $ANY_HOST 0 3 11');
if ((document.forma.elements['icmp'].options[0].selected) && (document.forma.elements['policy'].options[0].selected==false)) writeln('<BR>$FW -I -a deny -P icmp -W $EXTERNAL_INTERFACE -o'); 
if ((document.forma.elements['icmp'].options[1].selected) && (document.forma.elements['policy'].options[1].selected==false)) writeln('<BR>$FW -I -a reject -P icmp -W $EXTERNAL_INTERFACE -o'); 
}

if (document.forma.elements['policy'].options[0].selected) writeln('<P>$FW -I -a deny -W $EXTERNAL_INTERFACE -o');
if (document.forma.elements['policy'].options[1].selected) writeln('<P>$FW -I -a reject -W $EXTERNAL_INTERFACE -o');
writeln('<P>&nbsp;&nbsp;&nbsp;echo');
writeln(l + ';;');
writeln(l + 'stop)');
writeln(l + 'echo " Shutting down IP Filtering Firewall script" | tee /dev/console | logger');
writeln('<BR>$FW -I -f');
writeln('<BR>$FW -I -p accept');
writeln('<P>&nbsp;&nbsp;&nbsp;echo');
writeln(l + ';;');
writeln(l + '*)');
writeln(l + 'echo " Usage: $0 {start|stop}"');
writeln(l + 'echo');
writeln(l + ';;');
writeln(l + 'esac');
writeln(l + 'echo " Current policy: "');
writeln(l + 'echo');
writeln('<BR>$FW -I -le');
writeln(l + 'echo');
writeln(l + 'exit 0');
close(); 
};
alert('COPY AND PASTE THIS TEXT TO A FILE AND RUN:\nchown root:root FILENAME\nchmod 750 FILENAME\n\n P L E A S E  C H E C K  Y O U R  E N C O D I N G !\n\n\n\n\nThank you for using DNi');
}; 
</SCRIPT> 
<TITLE>DNi admin tool</TITLE> 
</HEAD> 

<BODY TEXT="#000000" BGCOLOR="#FFFFFF" LINK="#0000FF" VLINK="#CC0000" ALINK="#FF0000" > 
<center> 
<P>
<B><FONT FACE="Arial,Helvetica" size=+3>Dear Internet community member, hi and welcome to:</font>
<P><FONT FACE="Arial,Helvetica" size=+3>DNi v0.6</font>
<BR><FONT FACE="Arial,Helvetica" size=+2>by <A HREF="mailto:robel@usa.net">robel@usa.net</A></font></B>
<P>
<B>
<A HREF="FW-README.html">Learn how DNi works</A>
&nbsp;&nbsp;&nbsp;<A HREF="firewall.html">Download the source and run it localy</A>
</B>
</center>
<FORM NAME='forma'>
<CENTER>
<P>Representing an IP firewall administration programs location :
<INPUT TYPE=text name=ipfwadm value=/sbin/ipfwadm>
<P>Representing external interface :
<INPUT TYPE=text name=ppp0 value=ppp0>
&nbsp;&nbsp;&nbsp;Representing loopback interface :
<INPUT TYPE=text name=lo value=lo>
</CENTER>
<P>
<P><TT>An IP packet filter can react in different ways to packet.
<P>Actions are: 
<BR>Accept: let the packet pass the filter. 
<BR>Deny: &nbsp;&nbsp;silenty drop the packet. 
<BR>Reject: drop the packet and send an ICMP Destination Unreachable message back to the sender as a notification.</TT>
<P>
<center> 
<P>
<P>
<INPUT name="command" type="text" value="">
<INPUT type="button" value="Accept any traffic from these hosts or networks" onClick="f_store (document.forma.command.value)">
<INPUT name="form" type="button" value="Show List" onClick="f_p(index, form1)">
<INPUT name="form" type="button" value="Clear List" onClick="index=0">
<P>
<P>
<INPUT name="command2" type="text" value="">
<INPUT type="button" value="Deny any traffic from these hosts or networks" onClick="f_store2 (document.forma.command2.value)">
<INPUT name="form" type="button" value="Show List" onClick="f_p(index2, form2)">
<INPUT name="form" type="button" value="Clear List" onClick="index2=0">
<P>
<P>
<INPUT name="command3" type="text" value="">
<INPUT type="button" value="Reject any traffic from these hosts or networks" onClick="f_store3 (document.forma.command3.value)">
<INPUT name="form" type="button" value="Show List" onClick="f_p(index3, form3)">
<INPUT name="form" type="button" value="Clear List" onClick="index3=0">
<P>
<INPUT name="form" type="button" value="Clear all lists" onClick="index3=0;index=0;index2=0">
<P>
<P>
<select name="policy" onchange="chk2()">
<option>Apply D E N Y policy on all incoming connection requests to all local services
<option>Apply R E J E C T policy on all incoming connection requests to all local services
<option>Apply A C C E P T policy on all incoming connection requests to all local services
</select> 
<P> 
<P> 
<TABLE BORDER=0 COLS=1 WIDTH="80%">
<TR>
<TD><center><I>
Restrict incoming connections on only those reserved contact port names representing services you are providing to the outside world. 
</I></center>
</TD>
</TR>
</TABLE>
<P>
<P>
Legend: each color indicates
<font color="blue"><B>TCP</B></FONT>,
<font color="red"><B>UDP</B></FONT> or
both <B><font color="grey">TCP</font></B> and <B><font color="grey">UDP</B></FONT> application services.
<P>
<P> 
<B>
<A HREF='javascript:CheckAll()'>Generate script</A> 
&nbsp;&nbsp;&nbsp;<A HREF="javascript:chk2()">Reset form</A></B>
<P>
<P> 
<TABLE BORDER cols=7 width="90%" CELLSPACING=0 CELLPADDING=7> 
<SCRIPT LANGUAGE='JavaScript'> 
add_2nd21st(all_protocols,tcp); 
add_2nd21st(all_protocols,udp); 
add_2nd21st(all_protocols,common);
common[common.length]='5999:6100';
t1=tcp.length;
u1=udp.length;
h=6;
for (i = 0; i <= all_protocols.length; i ++)
{ 
   document.writeln('<tr align=left>'); 
   for (c =0; c <=h; c ++)
   { 
      if ((i+c) == all_protocols.length ) break;
      bnm=all_protocols[i+c];
      i_checked="";
      if (bnm=='icmp') bnm='Incoming ICMP traffic (ping)';
      if (bnm=='5999:6100') bnm='X server traffic';
      if (bnm=='a2000') bnm='Open Windows traffic';
      if (bnm=='a2049') bnm='NFS traffic';
      if (bnm=='aname') bnm='name';
      if (bnm=='sp') bnm='Spoofing traffic';
      if (bnm=='auth') i_checked=' checked ';
      color="#330000";
      if ((i + c >1) && (i + c<t1+lockp)) color="blue";
      if ((i + c>=t1+lockp) && (i + c<t1+u1+lockp)) color="red";
      if (i + c >=t1+u1+lockp) color="grey";
      document.writeln("<td><FONT COLOR='" + color + "'>" + bnm + "</font><select name='"+ all_protocols[i+c] +"'><option>Deny<option>Reject<option>Accept</select></td>");
   }; 
   i+=h; 
   document.writeln('</tr>'); 
} 
add_2nd21st(tcp, common);
add_2nd21st(udp, common);
</SCRIPT> 
</table> 
</FORM> 
<B><A HREF='javascript:CheckAll()'>Generate script</A> 
&nbsp;&nbsp;&nbsp;<A HREF="javascript:chk2()">Reset form</A></B>
<P>
</center> 
</BODY> 
</HTML>