Linux – Page 13 – techish.net

Basic IPtables Firewall

This is a very simple iptables firewall scripts to get you started. I use this all the time as a basis. It allows for access to your system via SSH (you can define a different port if you run SSH on a different port; you do, right? ;)), outbound DNS requests.
I use this as a boilerplate for all containers in the virtual world.

#!/bin/bash
IPT="/sbin/iptables"
# Flush old rules, old custom tables
$IPT --flush
$IPT --delete-chain
# Set default policies for all three default chains
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT DROP
# Enable free use of loopback interfaces
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
# All TCP sessions should begin with SYN
$IPT -A INPUT -p tcp ! --syn -m state --state NEW -s 0.0.0.0/0 -j DROP
# Accept inbound TCP packets
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -s 0.0.0.0/0 -j ACCEPT
# Accept inbound ICMP messages
$IPT -A INPUT -p ICMP --icmp-type 8 -s 0.0.0.0/0 -j ACCEPT
# Accept outbound packets
$IPT -I OUTPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT

CentOS Install Types and Descriptions

Desktop: base, basic-desktop, core, debugging, desktop-debugging, desktop-platform, directory-client, fonts, general-desktop, graphical-admin-tools, input-methods, internet-applications, internet-browser, java-platform, legacy-x, network-file-system-client, office-suite, print-client, remote-desktop-clients, server-platform, x11
Minimal Desktop: base, basic-desktop, core, debugging, desktop-debugging, desktop-platform, directory-client, fonts, input-methods, internet-browser, java-platform, legacy-x, network-file-system-client, print-client, remote-desktop-clients, server-platform, x11
Minimal: core
Basic Server: base, console-internet, core, debugging, directory-client, hardware-monitoring, java-platform, large-systems, network-file-system-client, performance, perl-runtime, server-platform
Database Server: base, console-internet, core, debugging, directory-client, hardware-monitoring, java-platform, large-systems, network-file-system-client, performance, perl-runtime, server-platform, mysql-client, mysql, postgresql-client, postgresql, system-admin-tools
Web Server: base, console-internet, core, debugging, directory-client, java-platform, mysql-client, network-file-system-client, performance, perl-runtime, php, postgresql-client, server-platform, turbogears, web-server, web-servlet
Virtual Host: base, console-internet, core, debugging, directory-client, hardware-monitoring, java-platform, large-systems, network-file-system-client, performance, perl-runtime, server-platform, virtualization, virtualization-client, virtualization-platform
Software Development Workstation: additional-devel, base, basic-desktop, core, debugging, desktop-debugging, desktop-platform, desktop-platform-devel, development, directory-client, eclipse, emacs, fonts, general-desktop, graphical-admin-tools, graphics, input-methods, internet-browser, java-platform, legacy-x, network-file-system-client, performance, perl-runtime, print-client, remote-desktop-clients, server-platform, server-platform-devel, technical-writing, tex, virtualization, virtualization-client, virtualization-platform, x11

OpenVZ Templates

Here’s a few links to the OpenVZ templates which include stable, beta, old and user contributed templates:
http://wiki.openvz.org/Download/template/precreated
http://download.proxmox.com/appliances/

CentOS Netinstall URL

These are the valid 32 and 64bit CentOS6 netinstall URLs.

32bit:  http://mirror.centos.org/centos/6/os/i386
64bit:  http://mirror.centos.org/centos/6/os/x86_64

Of course, you could have this mirrored locally – just replace with your local mirror serving up CentOS6. =)

Nginx 1.0.14 Upgrade

Upgrade successful for Nginx 1.0.14 from 1.0.13.