Simple way to remove Iptables rules on Linux command line

Let’s assume that that you are playing with iptables and wish to remove rules which are no longer valid, required or incorrect. One way of accomplishing this task would be to save all rules using iptables-save command, open the output file, remove all rules and use iptables-restore to apply new rules. Another and perhaps easier way is to list all available rules along with rule line numbers. For example:

# iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    DROP       all  --  anywhere             10.0.0.0/8          
2    DOCKER     all  --  anywhere             anywhere            
3    ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
4    ACCEPT     all  --  anywhere             anywhere            
5    ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

Chain DOCKER (1 references)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  anywhere             172.17.0.3           tcp dpt:https
2    ACCEPT     tcp  --  anywhere             172.17.0.4           tcp dpt:http
3    ACCEPT     tcp  --  anywhere             172.17.0.5           tcp dpt:4000
4    ACCEPT     tcp  --  anywhere             172.17.0.7           tcp dpt:mysql
5    ACCEPT     tcp  --  anywhere             172.17.0.7           tcp dpt:http
6    ACCEPT     tcp  --  anywhere             172.17.0.6           tcp dpt:3142

Read more

Using Clonezilla: beginner and advanced approaches

Introduction and concepts

Every system administrator I know develops in time the habit of putting together a toolbox where, as time passes, many useful pieces of software get added up, as the recurrent need arises. Please do not imagine this in the most classical of the sense, as this is not about a carpenter’s toolkit, nor a mechanic’s toolbox. It usually is a CD portfolio with live CDs, installable most-used distributions, vendor-specific tools and whatever not. Of the (indispensable) live CDs, one usually sees in the aforementioned toolbox a disk cloning item. What does it do? It helps a tremendous amount when you need to save and restore a hard disk, operating system included, and by save I mean 1/1 copy with the possibility of restoring in a few minutes, despite the ever-increasing size of the hard drives offered by the market today, where the terabyte becomes more and more common.

Such software exists, and indeed it makes the lives of admins and users alike much easier and efficient. Unfortunately, companies tried to impose their own proprietary disk image formats, so that restoring could be possible only by using their tools. Fortunately, there is a FOSS solution that deals with this, offering a very efficient live CD and server for download, and that is Clonezilla, which we’ll talk about today. You are expected to have some knowledge on how disks work, networking and system administration. We will treat more advanced subjects a bit later on, but all you need to know if you are a beginner in those matters is right here.

Read more

Steganography on linux example

Steganography Made Easy in Linux

Introduction

Steganography is the art of hiding messages within other messages or data. Most commonly we see this utilized with pictures. This is probably encryption at its finest.
Mostly because it doesn’t look like usual garbled text that we are used to seeing with encryption. The changes made by Steganography are so slight the human eye cannot perceive them. Even trained cryptographers may have an encoded message inside a picture and be unaware of it. There is a very deep science to this. Usually this is done by flipping parity bits at the binary level. While it is great to learn how this works, sometimes it can be a very tedious job. Fortunately for us there is a tool that will take away most of the grunt work.

Read more

Backdrop content management framework Docker image deployment and usage

About

The trusted docker image of Backdrop content management framework “linuxconfig/backdrop” can be used to instantly deploy Backdrop on your docker hosts.

Configuration

The backdrop application runs on Debian GNU/Linux system featuring Apache web server, MariaDB ( MySQL ), database and PHP5. A new docker container based on “linuxconfig/backdrop” will expose port 80 which can be linked to the docker host port for an immediate backdrop blog access.

Configured MySQL users:passwords:

  • root:”empty password”
  • admin:”pass”

Configured MySQL databases:

  • backdrop

Exposed ports:

  • 80

Deployment

The below command will download and create a new docker container called backdrop and link local host system port 80 with container’s exposed port 80.

# docker run -d --name=backdrop -p 80:80 linuxconfig/backdrop

Read more

GlusterFS distributed storage configuration

Configuration of High-Availability Storage Server Using GlusterFS

March 12, 2013
by Lubos Rendek

Introduction

Whether you are administrating a small home network or an enterprise network for a large company the data storage is always a concern. It can be in terms of lack of disk space or inefficient backup solution. In both cases GlusterFS can be the right tool to fix your problem as it allows you to scale your resources horizontally as well as vertically. In this guide we will configure the distributed and replicated/mirror data storage. As the name suggests a GlusterFS’s distributed storage mode will allow you to evenly redistribute your data across multiple network nodes, while a replicated mode will make sure that all your data are mirrored across all network nodes.

What is GlusterFS

After reading the introduction you should have already a fair idea what GlusterFS is. You can think of it as an aggregation service for all your empty disk space across your whole network. It connects all nodes with GlusterFS installation over TCP or RDMA creating a single storage resource combining all available disk space into a single storage volume ( distributed mode ) or uses the maximum of available disk space on all notes to mirror your data ( replicated mode ). Therefore, each volume consist of multiple nodes, which in GlusterFS terminology are called bricks.

Preliminary Assumptions

Although GlusterFS can by installed and used on any Linux distribution, this article will primarily use Ubuntu Linux. However, you should be able to use this guide on any Linux Distribution like RedHat, Fedora, SuSe, etc. The only part which will be different will be the GlusterFS installation process.

Furthermore, this guide will use 3 example hostnames:

  • storage.server1 – GlusterFS storage server
  • storage.server2 – GlusterFS storage server
  • storage.client – GlusterFS storage client

Use DNS server or /etc/hosts file to define your hostnames and adjust your scenario to this guide.

Read more

Command-line programs for everyday use in Linux

Introduction

I must admit, I’m a command line geek. Whenever I have the chance, regardless of desktop environment or distribution, I open a terminal and start fiddling something. This does not mean everyone must be like me, of course. If you’re the person who is mouse and GUI-oriented, no problems. However, there are situations when all you have at your disposal for a while is the command line. One of those situations might be an upgrade of your kernel/graphics drivers that leave you high and dry until the bug is reported and the developers look at the issue. You have to send a very important e-mail or you have to check the evolution of prices of your favorite laptop. All the essential desktop tasks (with some exceptions, though) that you do on a GUI-enabled machine can be done on a CLI-only machine as well, so if you’re interested…

The tasks

The everyday tasks we will refer to are the ones we usually do in a usual day, be it a work day or a weekend. We need to check our mail, maybe watch something on Youtube (yes, it’s possible), chat with our friends or simply browse away from URL to URL. These are the kinds of things we are talking about in this article. By the way, another huge advantage of the CLI approach is (besides efficiency and low resources) uniformity. You don’t have to worry, if you use many Linux computers, that some of them won’t have your favorite desktop installed: these programs we will tell you about work everywhere, GUI available or not, as long as you have a terminal emulator installed, of course. Note that this article is comprised only of ideas and suggestions, and will not guide you step-by-step on how to use the presented applications.

Web browsing

It’s true, you can’t see images , but they are practical to have, way faster and even more secure, because some of them don’t even support Javascript unless you tweak their compile options. Ladies and gents, I give you links, elinks and lynx. You can install them on almost any distribution with the native package manager, or you can install them from source, and of course compilation will not take a lot, because there are no heavy dependencies. links also offers a command-line flag (-g from graphical) that, if compiled with the right options, will offer you a very simple but fast GUI browser.

On Debian, when I wanted to do ‘links -g’, I got “Graphics not enabled when compiling (use links2 instead for graphics mode)”. After installing it, typing

  $ links2 -g

Read more