Linux iptables blocking IP address

[problem]

You do a netstat -an and see a raft of connections to your apache host, coming in at 10 – 20 a second.

It shows ::ffff:10.0.0.10:80 ::ffff:212.248.1.1:1403 in netstat output. These are IPV6 connections AFAIK.

Also you see ::1 – – [DD/MMM… in apache log. Restarting apache does nothing, the connections just reappear.

[/problem]

[solution]

You need to block all connections from this IP address using iptables. See example tab.

[/solution]

[example]


cp -i /etc/sysconfig/iptabes /etc/sysconfig/iptables.$(date +%j).bu
vi /etc/sysconfig/iptables

Add a line like the one below:

#block
-A INPUT -s 212.248.225.12 -j DROP

Then restart iptables like this: /etc/init.d/iptables restart as root.

Finally check your rules like this: /etc/init.d/iptables status as root.

[/example]

[reference]

[tags]Linux Security, Linux iptables, Fedora Core iptables, Linux Firewall, Unix Coding School[/tags]

[/reference]

UNIX Lesson Six

[problem]

You want to write elegant code, which integrates well (pipes) with other UNIX commands.

[/problem]

[solution]

Learn these UNIX Laws, from the inventor of UNIX pipes.

[/solution]

[example]

No examples – see the reference tab.

[/example]

[reference]

1. Make each program do one thing well. To do a new job, build afresh rather than complicate old programs by adding new features.

2. Expect the output of every program to become the input to another, as yet unknown, program. Don’t clutter output with extraneous information. Avoid stringently columnar or binary input formats. Don’t insist on interactive input.

3. Design and build software, even operating systems, to be tried early, ideally within weeks. Don’t hesitate to throw away the clumsy parts and rebuild them.

4. Use tools in preference to unskilled help to lighten a programming task, even if you have to detour to build the tools and expect to throw some of them out after you’ve finished using them.

Doug McIlroy, the inventor of Unix pipes and one of the founders of the Unix tradition.

[tags]UNIX Law, UNIX pipes, Unix Coding School[/tags]

[/reference]

UNIX Lesson Five

[problem]

Coding in UNIX is an art form, where certain philosophies prevail.

[/problem]

[solution]

To really excel at UNIX coding and produce elegant, efficient, low maintenance code – you need to learn UNIX philosophy.

[/solution]

[example]

No examples – just see the reference tab.

[/example]

[reference]

1. Rule of Modularity: Write simple parts connected by clean interfaces.

2. Rule of Clarity: Clarity is better than cleverness.

3. Rule of Composition: Design programs to be connected to other programs.

4. Rule of Separation: Separate policy from mechanism; separate interfaces from engines.

5. Rule of Simplicity: Design for simplicity; add complexity only where you must.

6. Rule of Parsimony: Write a big program only when it is clear by demonstration that nothing else will do.

7. Rule of Transparency: Design for visibility to make inspection and debugging.easier.

8. Rule of Robustness: Robustness is the child of transparency and simplicity.

9. Rule of Representation: Fold knowledge into data so program logic can be stupid and robust.

10. Rule of Least Surprise: In interface design, always do the least surprising thing.

11. Rule of Silence: When a program has nothing surprising to say, it should say nothing.

12. Rule of Repair: When you must fail, fail noisily and as soon as possible.

13. Rule of Economy: Programmer time is expensive; conserve it in preference to machine time.

14. Rule of Generation: Avoid hand-hacking; write programs to write programs when you can.

15. Rule of Optimization: Prototype before polishing. Get it working before you optimize it.

16. Rule of Diversity: Distrust all claims for “one true way”.

17. Rule of Extensibility: Design for the future, because it will be here sooner than you think.

[tags]UNIX Laws, UNIX Philosophy, Unix Coding School[/tags]

[/reference]

UNIX Lesson One

[problem]

You are a complete beginner and keen to learn UNIX!

[/problem]

[solution]

Okay in the examples, I am going to start very basically.

From the outset, you need to understand some basic terms.

  • Firstly – what is UNIX. Unix is an operating system. Other operating systems including Windows, Apple Mac, Novell, etc. It is what turns the computer, from an over-sized paper weight – into a living, breathing machine. 🙂

  • The operating system, talks to all the hardware. Definition of hardware is that if you drop it on your foot, it hurts. 🙂 It talks to the CPU (brain chip) of the computer, the memory (RAM Chips) which is sort of like your desk space, a working area. The bigger your desk space the more you can work on at once. Why size does matter – how big is big. Well currently 256mb (256 megabyte) should be the minimum, ideally 1GB (1 gigabyte) should be plenty.

  • So how do we interface with UNIX? Through a terminal and shell generally. Yes you can use GUIs (Window) – but the real power of UNIX is in the shell.

  • What is a terminal and a shell for that matter? A terminal is just a program that runs, that allows you to connect to UNIX machines – including your own. If you have just installed your own Linux machine, or having to use one at work – you’ll generally start from a windows environment – not necessarily Microsofts either! 🙂 If your are running Linux, generally you can right click your mouse on the background of your desktop and select terminal. From MS Windows there is a terminal program you can run, or ideally look up putty SSH client at the reference tab.

  • more to follow shortly …

[/solution]

[example]

[/example]

[reference]

[tags]Free Linux Lessons, Lesson One, Unix Coding School[/tags]

[/reference]

File handling – UNIX stat

[problem]

You want to view seconds since last change or use Perl to process a number of files.

Or maybe you just want a programmatic way to deal with file details, using something similar to the UNIX stat C routine.

[/problem]

[solution]

Run stat against a file and display inode change time since epoch. See my other tip on converting to local time.

[/solution]

[example]

Excellent for showing the exact time in seconds, since the last change.

Rather than the normal hours and minutes from ls.

Replace /tmp/js with filename.

$ perl -e '$ctime=(stat("/tmp/js"))[10];print("$ctimen");'
1181102779

[/example]

[reference]

[tags]Perl file handling, Perl stat, UNIX stat, Perl Coding School[/tags]

[/reference]

Check specific number arguments

[problem]

You want to check a specific number of arguments, have been supplied to your Perl script.

[/problem]

[solution]

This snippet at the example tab, demonstrates how to check that 2 args, were postfixed to the Perl script.

If you only want to check one, then use ARGV!=0, for three 2, etc.

[/solution]

[example]

Arguments are supplied via the ARGV array.

if($#ARGV!=1) { die("Usage: $0 ...n"); }

[/example]

[reference]

[tags]Perl argument handling, Perl Coding School[/tags]

[/reference]

Debugging Perl

[problem]

You have an error in your Perl script and want to debug it.

[/problem]

[solution]

Debugging in Perl is very extensive, this demo is very basic! 🙂 Check the reference for further instruction.

You can manipulate PERLDB_OPTS variable, to force some debugging – then just pass through a -d option to your perl script.

Also system debugging is at the reference tab.

[/solution]

[example]

export PERLDB_OPTS="NonStop frame=1 AutoTrace"

perl -d -pi'.bak' -e 's/unix/UNIX/g' *htm*

Output:

Package -e.
0: BEGIN { require 'perl5db.pl' };LINE: while () {
1: s/unix/UNIX/g
0: BEGIN { require 'perl5db.pl' };LINE: while () {
1: s/unix/UNIX/g
0: BEGIN { require 'perl5db.pl' };LINE: while () {
1: s/unix/UNIX/g
0: BEGIN { require 'perl5db.pl' };LINE: while () {
1: s/unix/UNIX/g
0: BEGIN { require 'perl5db.pl' };LINE: while () {
1: s/unix/UNIX/g
0: BEGIN { require 'perl5db.pl' };LINE: while () {
1: s/unix/UNIX/g
0: BEGIN { require 'perl5db.pl' };LINE: while () {
1: s/unix/UNIX/g
0: BEGIN { require 'perl5db.pl' };LINE: while () {
1: s/unix/UNIX/g
0: BEGIN { require 'perl5db.pl' };LINE: while () {
1: s/unix/UNIX/g
0: BEGIN { require 'perl5db.pl' };LINE: while () {
1: s/unix/UNIX/g
0: BEGIN { require 'perl5db.pl' };LINE: while () {
1: s/unix/UNIX/g
0: BEGIN { require 'perl5db.pl' };LINE: while () {
1: s/unix/UNIX/g
0: BEGIN { require 'perl5db.pl' };LINE: while () {
entering Config::DESTROY
entering IO::Handle::DESTROY
entering IO::Handle::DESTROY

[/example]

[reference]

[tags]Debugging Perl, Perl Coding School[/tags]

[/reference]

Perl in file pattern substitution

[problem]

You want to substitute a pattern in a number of files, making backups and modifying in place on the fly.

And you can do this in Perl – with a one liner! 🙂

[/problem]

[solution]

An amazing bit of Perl and so quick!

This one liner will replace all occurrences of a pattern, with your replace and even create backups of files edited.

[/solution]

[example]

You can even pass in a wildcard.

perl -pi'.bak' -e's/pattern/replace/g' filename
Here is a demo of replacing all occurrences of unix with UNIX, in all html files.

perl -pi'.bak' -e 's/unix/UNIX/g' *htm*

[/example]

[reference]

[tags]Perl infile pattern substitution, Perl Coding School[/tags]

[/reference]

Date handling in Perl

[problem]

You want to convert epoch into readable date and time.

Maybe you have a log file, which is pumping out lines prefixed with the epoch?

[/problem]

[solution]

We use the perl function localtime to convert epoch into a date and time.

At the example tab is the code to convert that epoch, into a recognizable date and time.

localtime, can also return an array – take a look at the reference tag for more info.

[/solution]

[example]

We quite simply supply the epoch to localtime and print it.


$ perl -e 'print localtime(1145980815)."n";'
Wed Apr 26 00:00:15 2006

[/example]

[reference]

[tags]Perl Date handling, Perl Coding School[/tags]

[/reference]

Column handling in Perl

[problem]

During my first encounters with Perl many years ago, I asked how can I get a specific column.

It was so easy in AWK! 😉

[/problem]

[solution]

Well here it is in Perl – see example tab.

BTW you can always write an awkscript and run it through a2p – very good for learning Perl! 🙂

[/solution]

[example]

Show column 1:

perl -ane 'print $F[0]."n";'

Show column 2:

perl -ane 'print $F[1]."n";'

Show last column:

perl -ane 'print $F[$#F]."n";'

Show last but one column:

perl -ane 'print $F[($#F-1)]."n";'

So you just run your program, or cat your file, etc and pipe it through this code to get specific column.

[/example]

[reference]

[tags]Perl column handling, Awk to Perl, a2p, Perl Coding School[/tags]

[/reference]