Scripting

Getting iptables to survive a reboot

As far as I know Debian doesn’t have any defined way to save your iptables rules. I’ve done it this way: First I’ve made my iptables rules and made sure they work. Second is to save those rules to a configuration file iptables-save > /root/scripts/iptables.save I always try to save my custom scripts and required […]

Read More
Linux

Allow NFS through iptables on a RedHat system

This post describes how you can configure your RedHat Enterprise WS 4 NFS system behind a iptables firewall to be available for clients outside the firewall on a permanent basis. Symptom NFS relies on portmap to assign the ports on which it will listen. One side effect of this is that the ports are randomly […]

Read More
Linux

Limit ssh access by MAC-address using iptables

This is a simple iptables rule to allow ssh access to a specific MAC-address iptables -A INPUT -p tcp –destination-port 22 -m mac –mac-source XX:XX:XX:XX:XX:XX -j ACCEPT This is a nice rule to allow only your laptop ssh access on your servers no matter what IP-address you may have while you are on the road. […]

Read More
Network

Allow NFS through iptables

This is one way to determine the ports needed to open in your iptables rules to get NFS to work properly. First we need to determine the ports NFS uses rpcinfo -p | awk -F ” ” ‘{print $3 “, ” $4 “, ” $5}’ | sort | uniq Notice! Since portmap assigns ports on […]

Read More
Linux

Port Knocking

What is Port Knocking? Port knocking is a method by which you can dynamically open ports on your server to a single IP address. Port knocking allows you to transparently run a service on your server without exposing the services of that port to all IP addresses. In practice, it is very similar to having […]

Read More