Browsed by
Month: July 2016

iptables – add, remove and backup your rules!

iptables – add, remove and backup your rules!

Hi,

today, in this post, we are going to talk about iptables. It’s user-space application that allows to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores.

The first basic command to learn is the one allowing to list all rules in all chains, “iptables -L” or “iptables –list”. In iptables by default three different chain exist: INPUT, FORWARD and OUTPUT. Each one of these chains is related to an “action”, INPUT handles the rules for input connections and so on.

Empty iptbales rules listing:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Now let’s try to add a simple rule allowing ssh access only form a certain IP range:

iptables -A INPUT -s 10.0.0.0/8 -p tcp -m multiport --dports 22 -m comment --comment "010 ssh" -m state --state NEW -j ACCEPT

The meaning of each option is described here below:

  • -A : append the rule to a chain, in this case to the INPUT chain
  • -s : address/mask source specification (the source of the connection), in this case only 10.x.x.x addresses are allowed to use ssh
  • -p : the connection protocol used, in this case TCP
  • -m multiport: matches multiple ports
  • –dports : the destination port or port range
  • -m comment –comment : adds a comment to the rule
  • -m state : allow filter rules to match based on connection state, in this case NEW connections
  • -j : jump to the specified target, in this case ACCEPT (accept connection)

Instead if we want to remove the rule the -D option can be used:

iptables -D INPUT -s 10.0.0.0/8 -p tcp -m multiport --dports 22 -m comment --comment "010 ssh" -m state --state NEW -j ACCEPT

Another useful command is the one allowing the dump of all the rules:

sudo iptables-save > iptables-export.bak

All rules of all chains are written to the file, so that you can restore them later.

To make any change persistent after a reboot of the iptables service the “iptables-save” command has to be executed.

This concludes this small overview of iptables!

CYA,

Vincenzo

Writing files with dd

Writing files with dd

Hello,

like the SSH config post this is going to showcase two or three commands which I use very often when I’m in need of creating a file with a specific size.

To acheive this the command used on pretty much all Linux distribution is “dd”. dd is designed to copy blocks of data from an input file to an output file.

Let’s start with a few examples:

this first command is used to write a 1 Gb file using dd:

dd if=/dev/zero of=1g.img bs=1 count=0 seek=1G

The arguments are:

  • if= -> if the interface is present, this is the source of the data.
  • of= -> the name and path of the file to write
  • bs= -> the block size which is read each time
  • count= -> number of blocks to write
  • seek= -> skips n° blocks from the beginning of the file

Let’s look at another example, writing 10Mb:

dd if=/dev/zero of=10m.img bs=1 count=0 seek=10M
#or
dd if=/dev/zero of=10m.img bs=10M count=1 

The source can be changed depending on what kind of data you need:

  • /dev/zero : writes zeros
  • /dev/random : writes random data
  • /dev/urandom : writes more secure random data

One final thing to know about dd is that it can also be used to write images. For example, when you need to create a bootable USB with a Linux image. Let’s see how:

#first download your image...
wget http://cdimage.debian.org/debian-cd/8.5.0/amd64/iso-cd/debian-8.5.0-amd64-netinst.iso
#then write it to USB
dd if=/path/to/debian-8.5.0-amd64-netinst.iso of=/dev/sdbX

And that’s it! You have now a bootable USB with a Debian image.

Cheers,

Vincenzo