A very simple TCP port blocker in pure TCL.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 | File: tcp_block.tcl
proc ClearMsgs { } {
.fr_one.txt_log_msgs delete 1.0 end
}
proc block {port sock_hand client_ip client_port} {
set cmd_data ""
set line "Access on port $port from IP $client_ip"
if {$port == 80} {
set cmd_data " - [gets $sock_hand]"
}
close $sock_hand
.fr_one.txt_log_msgs insert end "$line$cmd_data\n"
.fr_one.txt_log_msgs see end
}
# main ;-)
wm title . {TCP Blocker}
wm resizable . 0 0
wm deiconify .
frame .fr_one -borderwidth 0 -height 75 -relief groove -width 340
text .fr_one.txt_log_msgs -height 10 -state normal
grid .fr_one -in . -column 0 -row 1 -columnspan 1 -rowspan 1
grid .fr_one.txt_log_msgs -in .fr_one -column 0 -row 2 -columnspan 1 -rowspan 1
frame .fr_two -borderwidth 0 -height 75 -relief groove -width 340
button .fr_two.b_clear -text "Clear" -command "ClearMsgs" -width 8 -state normal
button .fr_two.b_quit -text "Quit" -command "set eot 1" -width 8 -state normal
grid .fr_two -in . -column 0 -row 2 -columnspan 1 -rowspan 1
grid .fr_two.b_clear -in .fr_two -column 0 -row 1 -columnspan 1 -rowspan 1
grid .fr_two.b_quit -in .fr_two -column 1 -row 1 -columnspan 1 -rowspan 1
set port 1
set eot 0
# Get ports to Block.
source portstoblock
foreach port [split $ports " "] {
set sock_handles($port) [socket -server [list block $port] $port]
.fr_one.txt_log_msgs insert end "Binding to $port\n"
}
vwait eot
foreach port $ports {
puts $port
close $sock_handles($port)
}
exit 0
# end main ;-)
File: portstoblock
set ports {21 22 23 25 42 43 53 80 109 110 111 119 143 443}
|
Here is a "quick hack" port blocker I put together one night to make my laptop semi-secure on the net. I make use of the fileevent command to handle the connections. The ports are opened up for listening on, and all connections are directed to one function to a handle them. Some conection info is written to a text widget, such as the connecting clients IP and the port they were trying to access. If the port being connected to was port 80, the sent data is logged also and the port is closed. This is by no means a real firewall!
we use a very similar process which we call "doorbell" which fires off a proc after dropping the connection. This proc does one of several things depending on the port that was accessed. It can email a status report, open a connection to a remote machine ( as a sort of ringback ), start a server on a different port or just increase or decrease logging levels. A suprisingly powerful technique. However, I would be careful with the line that writes out any input to port 80, as it seems to me this could be open to abuse.