 |
| Dave Ackley |
Tuesday, July 26, 2016
Monday, July 25, 2016
CentOS: iptables
Command:
# cat ./set_firewall
Result:
#!/bin/bash
# Flush all the chains in filter (default) table.
iptables -F
# Attempt to delete every non-builtin chain in filter (default) table.
iptables -X
# Set the policy for INPUT chain to DROP target.
iptables -P INPUT DROP
# Set the policy for FORWARD chain to DROP target.
iptables -P FORWARD DROP
# Set the policy for OUTPUT chain to ACCEPT target.
iptables -P OUTPUT ACCEPT
# Append rules to INPUT chain.
# Protocol of the rule is icmp (Internet Control Message Protocol) which is the protocol for ping.
# Target is ACCEPT.
iptables -A INPUT -p icmp -j ACCEPT
# Append rules to INPUT chain.
# The rule is for Loopback network interface.
# Target is ACCEPT.
iptables -A INPUT -i lo -j ACCEPT
# Append rules to INPUT chain.
# The rule is for tcp protocol on port 80.
# Target is ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# Append rules to INPUT chain.
# The rule is for tcp protocol on port 22.
# Target is ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Append rules to INPUT chain.
# The rule for packets after session ESTABLISHED and RELATED packets.
# Target is ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Dump iptables rules to stdout
iptables-save
Command:
# ./set_firewall
Result:
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*nat
:PREROUTING ACCEPT [41489:3695453]
:INPUT ACCEPT [15:960]
:OUTPUT ACCEPT [628:160830]
:POSTROUTING ACCEPT [628:160830]
:OUTPUT_direct - [0:0]
:POSTROUTING_ZONES - [0:0]
:POSTROUTING_ZONES_SOURCE - [0:0]
:POSTROUTING_direct - [0:0]
:POST_public - [0:0]
:POST_public_allow - [0:0]
:POST_public_deny - [0:0]
:POST_public_log - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A POSTROUTING -j POSTROUTING_ZONES_SOURCE
-A POSTROUTING -j POSTROUTING_ZONES
-A POSTROUTING_ZONES -o enp0s3 -g POST_public
-A POSTROUTING_ZONES -g POST_public
-A POST_public -j POST_public_log
-A POST_public -j POST_public_deny
-A POST_public -j POST_public_allow
-A PREROUTING_ZONES -i enp0s3 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Tue May 24 23:44:34 2016
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*mangle
:PREROUTING ACCEPT [58667:5285859]
:INPUT ACCEPT [58666:5285283]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [28814:3788418]
:POSTROUTING ACCEPT [28814:3788418]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A PREROUTING_ZONES -i enp0s3 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Tue May 24 23:44:34 2016
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*security
:INPUT ACCEPT [17193:1591366]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [28814:3788418]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Tue May 24 23:44:34 2016
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*raw
:PREROUTING ACCEPT [58667:5285859]
:OUTPUT ACCEPT [28814:3788418]
:OUTPUT_direct - [0:0]
:PREROUTING_direct - [0:0]
-A PREROUTING -j PREROUTING_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Tue May 24 23:44:34 2016
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Tue May 24 23:44:34 2016
Command:
# iptables -L -v
Result:
Chain INPUT (policy DROP 4 packets, 128 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- any any anywhere anywhere
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
57 3900 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 29 packets, 7336 bytes)
pkts bytes target prot opt in out source destination
# cat ./set_firewall
Result:
#!/bin/bash
# Flush all the chains in filter (default) table.
iptables -F
# Attempt to delete every non-builtin chain in filter (default) table.
iptables -X
# Set the policy for INPUT chain to DROP target.
iptables -P INPUT DROP
# Set the policy for FORWARD chain to DROP target.
iptables -P FORWARD DROP
# Set the policy for OUTPUT chain to ACCEPT target.
iptables -P OUTPUT ACCEPT
# Append rules to INPUT chain.
# Protocol of the rule is icmp (Internet Control Message Protocol) which is the protocol for ping.
# Target is ACCEPT.
iptables -A INPUT -p icmp -j ACCEPT
# Append rules to INPUT chain.
# The rule is for Loopback network interface.
# Target is ACCEPT.
iptables -A INPUT -i lo -j ACCEPT
# Append rules to INPUT chain.
# The rule is for tcp protocol on port 80.
# Target is ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# Append rules to INPUT chain.
# The rule is for tcp protocol on port 22.
# Target is ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Append rules to INPUT chain.
# The rule for packets after session ESTABLISHED and RELATED packets.
# Target is ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Dump iptables rules to stdout
iptables-save
Command:
# ./set_firewall
Result:
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*nat
:PREROUTING ACCEPT [41489:3695453]
:INPUT ACCEPT [15:960]
:OUTPUT ACCEPT [628:160830]
:POSTROUTING ACCEPT [628:160830]
:OUTPUT_direct - [0:0]
:POSTROUTING_ZONES - [0:0]
:POSTROUTING_ZONES_SOURCE - [0:0]
:POSTROUTING_direct - [0:0]
:POST_public - [0:0]
:POST_public_allow - [0:0]
:POST_public_deny - [0:0]
:POST_public_log - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A POSTROUTING -j POSTROUTING_ZONES_SOURCE
-A POSTROUTING -j POSTROUTING_ZONES
-A POSTROUTING_ZONES -o enp0s3 -g POST_public
-A POSTROUTING_ZONES -g POST_public
-A POST_public -j POST_public_log
-A POST_public -j POST_public_deny
-A POST_public -j POST_public_allow
-A PREROUTING_ZONES -i enp0s3 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Tue May 24 23:44:34 2016
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*mangle
:PREROUTING ACCEPT [58667:5285859]
:INPUT ACCEPT [58666:5285283]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [28814:3788418]
:POSTROUTING ACCEPT [28814:3788418]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A PREROUTING_ZONES -i enp0s3 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Tue May 24 23:44:34 2016
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*security
:INPUT ACCEPT [17193:1591366]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [28814:3788418]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Tue May 24 23:44:34 2016
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*raw
:PREROUTING ACCEPT [58667:5285859]
:OUTPUT ACCEPT [28814:3788418]
:OUTPUT_direct - [0:0]
:PREROUTING_direct - [0:0]
-A PREROUTING -j PREROUTING_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Tue May 24 23:44:34 2016
# Generated by iptables-save v1.4.21 on Tue May 24 23:44:34 2016
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Tue May 24 23:44:34 2016
Command:
# iptables -L -v
Result:
Chain INPUT (policy DROP 4 packets, 128 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- any any anywhere anywhere
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
57 3900 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 29 packets, 7336 bytes)
pkts bytes target prot opt in out source destination
Sunday, July 24, 2016
Saturday, July 23, 2016
John Hunton: 5 and Penrose Tiling
 |
| John Hunton |
- We didn't see it because we didn't look for it.
- One of the ways in which, one of the most common ways in which patterns like this are found are by taking regular pattern, but in a much higher dimensional space, and then cutting through that space, at an irrational angle. And the irrationality of the way you've cut it will mean that you'll never get complete repetition.
- Dan Schlectman (ダニエル・シェヒトマン)
- Quasicrystal (準結晶)
Thursday, July 21, 2016
Alan Mandell: Most Important Exercise to Help Pinched Nerve and Neck Pain
 |
| Alan Mandell |
- Radiculopathy (神経根障害)
- Radicular pain (神経根痛)
Wednesday, July 20, 2016
Subscribe to:
Comments (Atom)