Posts Tagged note to self

A local firewall for ubuntu

A very simple local firewall for Ubuntu machines using iptables.

I use the following set up:

In /etc/network/if-pre-up.d, I have an executable shell script called firewall which uses iptables-restore to load firewall settings stored in /etc/network/firewall. This script is as follows:

#!/bin/bash
#/etc/network/if-pre-up.d/firewall - A script to restore a saved firewall on startup.
cat /etc/network/firewall | iptables-restore

The firewall settings file /etc/network/firewall was created using the command:

iptables-save > /etc/network/firewall

after I set up a working firewall using iptables. (See man iptables). This file currently looks like this.

#/etc/network/firewall
*filter
:INPUT ACCEPT [1745:1484069]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1763:303728]
 :D ROPCHAIN - [0:0]
:LOGCONNECT - [0:0]
-A INPUT -s 127.0.0.1 -p tcp -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOGCONNECT
-A FORWARD -j DROPCHAIN
-A LOGCONNECT -j LOG --log-prefix "IPTABLES: BLOCK TCP CONNECT"
-A LOGCONNECT -j DROP
COMMIT

This stops any forwarding and any attempts to form incoming tcp connections. Any attempts to open a connection are logged via kernel logging.

I couldn’t find an easy way to filter just these messages into a file (short off piping all appropriate messages to a process in /etc/syslogd.conf that only keeps iptables messages… though I’m sure there is a clever way of doing this).

Also, I probably should be paying attention to rpc udp packets… or something like that.

Shout at me if there is some better way of doing this.

Add comment April 1, 2008

Services near Tower Hamlets

Decorative PictureThis is a map of amenities in near Tower Hill. It’s here so that it is easy to find.
Map

Add comment March 15, 2008

How to stop the bell ringing in bash

To stop bash from trying to ring the bell add

set bell-style none

to the /etc/inputrc file. You can also be added to a local ~/.inputrc file – but this won’t work if
you log in as root.

Also, note that this won’t stop other applications from trying to ring the
bell – for this it might be best to switch off the bell at BIOS level.

See man bash.

Other applications whose bells you might like to stop:

less: Use the -q option. This can be acheived permanently by adding alias less=”less -q” to your .bashrc file.

man: man uses the $PAGER environment variable to display man pages, or the default pager (normally less) otherwise. Therefore add export PAGER=”less -q” to your .bashrc file.

vim: By default vim rings the bell. To stop this type set vb t_vb= at the colon-line, or add it to your .vimrc file.

emacs: Set the variable ring-bell-function to a function that doesn’t do anything. (setq ring-bell-function (lambda () nil)

1 comment March 9, 2008

Meta

Facets

Add new tag AOP apt aspect oriented programming assumes knowledge autiobiographical bash scripts bell books clarity code samples configuration console emacs for the benefit of google functional programming graphical design hacks higher-order functions howtos intention revealing programming keyboard links linux note to self opinions parsing patterns philosophising philosophizing programming python random ideas refactoring removing packages stories succinct svn systems stuff theoretical philosophizing typing vim viper work ethic you probably don't want to read this

Archives

Pages

 

November 2009
M T W T F S S
« Aug    
 1
2345678
9101112131415
16171819202122
23242526272829
30