You are here

Ivan Radovanovic's blog

Ivan Radovanovic's picture

Basic linux firewall configuration (iptables)

Linux firewall divides all traffic into 3 groups

  • INPUT
  • OUTPUT
  • FORWARD

First two are obvious, third group I guess also covers nat and similar features.

Traffic is controlled by adding accept or reject rules to appropriate group - compared to OpenBSD's pf iptables seems to be missing tables (weird choice for name, he he), all rules seem to behave like quick rules and you need explicitly to take care of connection state.

Ivan Radovanovic's picture

How to install deb file on linux

dpkg -i filename.deb

Ivan Radovanovic's picture

IPsec based VPN using FreeBSD

Since I wasn't really able to find information how to set this up on one place here is short recipe.

Prerequisites:

Ivan Radovanovic's picture

How to create pdfs from man pages


man -t page_name | ps2pdf - page_name.pdf

Sometimes this pdf actually looses some formatting (I don't have any idea why), so it might make more sense to create plain ps file

man -t page_name > page_name.ps

Note: You might want to change page size in /usr/share/groff_font/devps/DESC (by default it is set to letter there)

Ivan Radovanovic's picture

How to make tsclient use freerdp instead of rdesktop in freebsd

First of all why anyone would do that? Because rdesktop doesn't support newer encryption schemes supported by remote desktop while freerdp does.

Ivan Radovanovic's picture

How to prevent annoying crackers from brute force login attacks

Add following to your /etc/pf.conf

# if re0 is your card
$ext_if="re0"
# this goes in the top
table <bad_guys> persist
...
block in quick on $ext_if from <bad_guys> to any

Add following to your /etc/syslog.conf

auth.info;authpriv.info |/root/auth_checker.pl

(assuming that auth_checker.pl is in /root directory)

Ivan Radovanovic's picture

How to gracefully restart lighttpd

Gracefully here meaning without loosing any request which is in processing (request which are not accepted yet might still be rejected)

Send SIGINT to lighttpd and then start new instance of it - the one received INT will stop listening for new connections but it will finish all connections it already accepted and exit after it
killall -INT lighttpd && lighttpd -f config_file

Ivan Radovanovic's picture

RabbitMQ start with FreeBSD

1. Install erlang from ports
2. grab latest binary tar.gz package from their website download session (file name should be something like rabbitmq-server-generic-unix-X.Y.Z.tar.gz) - unpack it somewhere
3. start server from the directory where you unpack it sbin/rabbitmq-server
4. when you need to stop it run sbin/rabbitmqctl stop

Ivan Radovanovic's picture

.htaccess based authentication with apache

Put this in .htaccess file

AuthUserFile path_goes_here
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
require valid-user

File with usernames and passwords can be generated with htpasswd path username utility from command line, or use the following line to display hashed pairs in console htpasswd -n username

Pages

Subscribe to RSS - Ivan Radovanovic's blog