Posts tagged ‘note to self’
A local firewall for ubuntu
A very simple local firewall for Ubuntu machines using iptables.
I use the following set up:
In /etc/network/if-pre-up.d, I have an executable shell script called firewall which uses iptables-restore to load firewall settings stored in /etc/network/firewall. This script is as follows:
#!/bin/bash #/etc/network/if-pre-up.d/firewall - A script to restore a saved firewall on startup. cat /etc/network/firewall | iptables-restore
The firewall settings file /etc/network/firewall was created using the command:
iptables-save > /etc/network/firewall
after I set up a working firewall using iptables. (See man iptables). This file currently looks like this.
#/etc/network/firewall *filter :INPUT ACCEPT [1745:1484069] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1763:303728] :DROPCHAIN - [0:0] :LOGCONNECT - [0:0] -A INPUT -s 127.0.0.1 -p tcp -j ACCEPT -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOGCONNECT -A FORWARD -j DROPCHAIN -A LOGCONNECT -j LOG --log-prefix "IPTABLES: BLOCK TCP CONNECT" -A LOGCONNECT -j DROP COMMIT
This stops any forwarding and any attempts to form incoming tcp connections. Any attempts to open a connection are logged via kernel logging.
I couldn’t find an easy way to filter just these messages into a file (short off piping all appropriate messages to a process in /etc/syslogd.conf that only keeps iptables messages… though I’m sure there is a clever way of doing this).
Also, I probably should be paying attention to rpc udp packets… or something like that.
Shout at me if there is some better way of doing this.
Services near Tower Hamlets
This is a map of amenities in near Tower Hill. It’s here so that it is easy to find.
Map
How to stop the bell ringing in bash
To stop bash from trying to ring the bell add
set bell-style none
to the /etc/inputrc file. You can also be added to a local ~/.inputrc file – but this won’t work if
you log in as root.
Also, note that this won’t stop other applications from trying to ring the
bell – for this it might be best to switch off the bell at BIOS level.
See man bash.
Other applications whose bells you might like to stop:
less: Use the -q option. This can be acheived permanently by adding alias less=”less -q” to your .bashrc file.
man: man uses the $PAGER environment variable to display man pages, or the default pager (normally less) otherwise. Therefore add export PAGER=”less -q” to your .bashrc file.
vim: By default vim rings the bell. To stop this type set vb t_vb= at the colon-line, or add it to your .vimrc file.
emacs: Set the variable ring-bell-function to a function that doesn’t do anything. (setq ring-bell-function (lambda () nil)
Arg and gah and ap and pa 