We will use an example based approach to examine the various iptables commands. In this first example, we will create a very simple set of rules to set up a Stateful Packet Inspection (SPI) firewall that will allow all outgoing connections but block all unwanted incoming connections:

 xinetd, the eXtended InterNET Daemon, is an open-source daemon which runs on many Linux and Unix systems and manages Internet-based connectivity. It offers a more secure extension to or version of inetd, the Internet daemon. xinetd performs the same function as inetd: it starts programs that provide Internet services. Instead of having such servers started [...]

This tutorial walks you through implementing disk quotas for both users and groups on Linux, using a virtual filesystem, which is a filesystem created from a disk file. Since quotas work on a per-filesystem basis, this is a way to implement quotas on a sub-section, or even multiple subsections of your drive, without reformatting. This [...]

All of the operations considered in this article are operations upon a router, whether that router is a Linux box or Cisco dedicated hardware or some other type of machine. In this chapter I consider the traditional methods of IPv4 routing as using static configurations that are manually input by the network administrator. 1.1 Traditional [...]

FreeBSD 4.x and 5.1 ships with BIND version 8.x as the default or base installation. FreeBSD 5.3 – the first of the stable 5.x series – ships with BIND 9.3.0 and some annoying traits. FreeBSD 6.2 ships with BIND 9.4.1 as the base installation. FreeBSD differentiates between a base DNS install and a normal DNS [...]

Most Linux distributions ship with tcp_wrappers “wrapping” all your TCP services. A tcp_wrapper (known as /usr/sbin/tcpd) is invoked from/sbin/inetd instead of the real service, such as telnet or ftp. tcpd then checks the host that is requesting the service and either executes the real server or denies access from that host. tcpd allows you to restrict access to your tcp services. You should make [...]

E-Mail delivery can be invoked by issuing the command “sendmail -q”. For those who are interested in what sendmail actually does, “sendmail -q -v” will give a more verbose version of the delivery process.

It is very convenient to automate the process of e-mail delivery. A tool commonly used for this process is cron.

The “Three-Finger-Salute” or, the key combination Ctrl+Alt+Del is typically mapped to the command /sbin/shutdown -r now. In other words, it reboots your system. Sometimes this may be unwanted behavior, so this tip shows you how to disable, or remap that key combination.

Setting the hardware clock is especially useful in case you have clock problems. If you experience a clock that is losing or gaining a lot of time each after a reboot, set hardware clock right, then remove /etc/adjtime.

1. How to you change file ownership and chown files recursively? # chown user:user folder -R 2. How to view queued mail in sendmail or postfix? # mailq 3. How to show which alternative binary program does your machine executes first? # alternatives –display program-name 4. How to create public/private rsa key pair? # ssh-keygen [...]

There are times that a server does not need to listen and process any TCP/UDP request for a long list of consecutive local IP addresses. This blog entry provides a starting point of creating server scripts to block a long list of consecutive IP address from the server for permanent blocking. To start, launch your [...]