Loading
Mastering IPTables, Part I
Linux comes with a powerful firewall built-in, although the interface can be a little intimidating. This is the first in a multi-part tutorial on how to master basic and not-so-basic IPTables functionality and create the perfect firewall for your home network.
Webcast
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Sponsored by AMD
White Paper
Private PaaS for the Agile Enterprise
If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.
Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.
Sponsored by ActiveState
- Containers—Not Virtual Machines—Are the Future Cloud
- Lock-Free Multi-Producer Multi-Consumer Queue on Ring Buffer
- Linux Systems Administrator
- Introduction to MapReduce with Hadoop on Linux
- Senior Perl Developer
- Technical Support Rep
- UX Designer
- Weechat, Irssi's Little Brother
- One Tail Just Isn't Enough
- Android's Limits
- Reply to comment | Linux Journal
21 min 55 sec ago - Reply to comment | Linux Journal
22 min 22 sec ago - Replica Watches
2 hours 47 min ago - Reply to comment | Linux Journal
6 hours 57 min ago - on the path to understanding
7 hours 1 min ago - As a fisher,we know that a
1 day 2 hours ago - All I Say Is Worth Share!
1 day 3 hours ago - GeekSays
1 day 3 hours ago - thanks
1 day 7 hours ago - You should consider visiting
1 day 8 hours ago
Featured Jobs
| Linux Systems Administrator | Houston and Austin, Texas | Host Gator |
| Senior Perl Developer | Austin, Texas | Host Gator |
| Technical Support Rep | Houston and Austin, Texas | Host Gator |
| UX Designer | Austin, Texas | Host Gator |
| Web & UI Developer (JavaScript & j Query) | Austin, Texas | Host Gator |
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?
Developer Poll
Comments
DROP everything
I even set OUTPUT to drop ... what happens if you get a virus or a worm? (does linux have one of those?)
Or somebody on your network (most likely w/ a windows machine) gets a virus or worm? Those packets might go thru FORWARD but if they somehow hack into your firewall then those packets would be thru OUTPUT.
I go way paranoid on my rules. I set interface names, I allow each protocol out 1 by 1, set expected ip ranges, always tcp reset when I reject, etc.... It may be a pain to setup, but I only do that once; and it protects me better 24x7 IMO.
vim user, set
vim user,
set bg=dark
Thanks.
seems like it keeps getting
seems like it keeps getting hung up on digg.
Does anyone else have troubles viewing this?
I took a snapshot.
http://fayettedigital.com/images/firewall.png
I can't read much of what's on the screen. Red on black is very hard to read and I have no idea what the colors are for the text I can't see. This is a fairly new system with a nvidia card running Ubuntu Hardy to a 20" SGI monitor (hi res). I'm viewing it with Firefox 3.x.
Thanks,
Jim.
Transcript
Greetings,
For all future videos I will include links to the transcript and script (if applicable). Here is the transcript and firewall script for this one:
Transcript: http://dark-code.bulix.org/z5svtd-68680?raw
Script: http://dark-code.bulix.org/y8t9ur-68683
These will be available in the video description from now on.
Elliot
Gracias por el post, era muy
Gracias por el post, era muy interesante leer
your gay
your gay
help
hi iluv linux "fedore" mainly....!
i dont hav much experience of linux.
if anyone can help me.
i started a wireless isp business and running a "mikrotik AP" router.
my internet connection runs from (PC-1) with DSL & from there link to Linux Server with (Radius Manager) and also Link to the "Mikrotik AP".
My (Mikrotik AP) is already good firewall but thats for blocking my clients, i need advise or help on setting firewall for the othe side (my dsl router) to protect my main pc with windows xp & my linux radius manager pc. (bellow is a my setup connection)
Isp-----windows xp--------radius manager<<<<--->>>>mikrotok<<<<<----->>>>>Wireless Clients
IPTables Part 1
I was able to copy the script Elliot creates while watching the video. It's not exactly the same, but captures all the same stuff
#!/bin/sh
#locate iptables (this will cause issues if the command fails, but is flexible)
IPT=`which iptables`
#or possibly the following, but on CYGWIN it's not in the right format)
#IPT=`whereis iptables`
#flush iptables
$IPT -F
#-----------------------
# POLICIES
#-----------------------
#
# DEFAULT POLICIES
#-----------------------
#For outbound traffic
$IPT -P OUTPUT ACCEPT
#For inbound traffic
$IPT -P INPUT DROP
#For routed traffic is to drop for now
$IPT -P FORWARD DROP
#
# ALLOWED INBOUND TRAFFIC
#-----------------------------
#ALLOW loopback traffic
$IPT -A INPUT --in-interface lo -j ACCEPT
#ALLOW http
$IPT -A INPUT -p tcp --dport 80 -j ACCEPT
#ALLOW ssh
$IPT -A INPUT -p tcp --dport 22 -j ACCEPT
#ALLOW Responses
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
IPTables script
PS. I did not verify the script works, so don't shoot any flaming arrows my way, but I will update it if I find any
The text in the captured screen in not clear
The text in the captured screen in not clear, I can not read it.
Advise: use black background and white foreground, do not use colors.
Shell Script (Text on screen)
I recreated the script Elliot used. It's not exactly the same, but has the same functionality
#!/bin/sh
#locate iptables (this will cause issues if the command fails, but is flexible)
IPT=`which iptables`
#or possibly the following, but on CYGWIN it's not in the right format)
#IPT=`whereis iptables`
#flush iptables
$IPT -F
#-----------------------
# POLICIES
#-----------------------
#
# DEFAULT POLICIES
#-----------------------
#For outbound traffic
$IPT -P OUTPUT ACCEPT
#For inbound traffic
$IPT -P INPUT DROP
#For routed traffic is to drop for now
$IPT -P FORWARD DROP
#
# ALLOWED INBOUND TRAFFIC
#-----------------------------
#ALLOW loopback traffic
$IPT -A INPUT --in-interface lo -j ACCEPT
#ALLOW http
$IPT -A INPUT -p tcp --dport 80 -j ACCEPT
#ALLOW ssh
$IPT -A INPUT -p tcp --dport 22 -j ACCEPT
#ALLOW Responses
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Fantastic tutorial
Well done Elliot. Your timing couldn't have been more perfect. IPTables has always been a pain in the butt to understand. Being able to see and hear someone explain how it works is a great way to learn. I have enjoyed watching the video and will definitely tune in for the next part.
I've just installed a new Linux server at work which acts as our internet gateway via an ADSL router modem. It took me two days to setup the iptable rules and it is finally working (after reading lots of HOWTO docs). Now it will be nice to verify that what I have done is actually correct, and be able to understand all the rules I copied from the HOWTO's. ;-)
As for a transcript.
That would be nice, but I simply did the following. If you use Firefox web browser, simply look in your profile's Cache directory for a 10Mb file. That's the local copy of the video clip you watched. Simply copy it out for archiving purposes and for later enjoyment. :-)
Regards,
- Graeme -
Transcript
+1
Transcript?
It would be nice if there were a transcript to these videos. A transcript can be read in a short amount of time to gain knowledge, or skimmed to see if the material is relevant, or used for later reference, or even used to capture notes so all eyes can be on the viewing.
Thank you.