Category: linux

iptables 101

Posted on by mario

How to do things with iptables. Safety first: How to reset everything.

sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
Also, safety first: Don’t just copy something and run it on your server. You better understand what you are doing.
How to block a service?
Instead of using “DROP” you should use “REJECT –reject-with tcp-reset”. If you want to be able to access that service from the inside, you have to add an allow rule first.
sudo iptables -A INPUT -p tcp -s localhost --dport 3306 -j ACCEPT #mysql allow local
sudo iptables -A INPUT -p tcp --dport 3306 -j REJECT --reject-with tcp-reset #mysql

The “REJECT –reject-with tcp-reset” looks to the outside like there is no service running. A “DROP” will show that there is a firewall / iptables working.

Blocking an IP range

sudo iptables -A bannedDownloader -s 14.120.0.0/16 -j DROP

Disallow NTP queries

sudo iptables -A INPUT -p udp -s localhost --dport 123 -j ACCEPT #ntp allow local
sudo iptables -I INPUT -p udp --dport 123 -j REJECT #ntp

Block timestamp

sudo iptables -I INPUT 1 -p ICMP --icmp-type timestamp-request -j DROP
sudo iptables -I INPUT 1 -p ICMP --icmp-type timestamp-reply -j DROP
sudo iptables -A INPUT -p icmp --icmp-type 13 -j DROP

Fun with windows subsystem for linux Part 3

Posted on by mario

Now there Debian available over the Microsoft Store on Windows 10. Very small RAM usage, much better than the ubuntu version.

Open PowerShell as Administrator and run:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

Then Open the Microsoft Store and search for debian.

The File are now in C:\Users\%USERNAME%\AppData\Local\Packages\TheDebianProject.DebianGNULinux_*

I wonder why it is no longer in C:\Users\%USERNAME%\AppData\Local\lxss\

For having correct displayed german characters I had to change the console

sudo dpkg-reconfigure locales
sudo apt install console-setup
sudo dpkg-reconfigure console-setup

debian boots into uefi shell

Posted on by mario

Today one of my linux servers did not boot. Instead there was a grub uefi shell. Typing the help command listed a bunch of commands in dark blue on a dark grey. Not easy to read. Trying to use the gui did not solve the problem. Resetting the config did also not help. Some forum posts said to create a symlink to the efi file. My issue was that /boot/efi is a separate partion due btrfs on the my system.

What did work was using the command line to add the efi again.

bcfg boot add 0 fs0:\EFI\debian\grubx64.efi "Debian"

However writing in english mode on a german style keyboard is often “times of wonder”. Use # ( hash) for the backslash and ä for the quotes. I still wonder why I have to use a backslash on a linux system…

Archive for category linux

Archives by Month: