Howto: Reset iptables firewall

Recently, one of the customer trying to make some changes from the iptables and ended up the server couldn’t access through SSH.

In order to get it done, I have consider to reset the iptables firewall rules with the following command.

# iptables -P INPUT ACCEPT
# iptables -F
# iptables -A INPUT -i lo -j ACCEPT
# iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -p tcp –dport 22 -j ACCEPT
# iptables -P INPUT DROP
# iptables -P FORWARD DROP
# iptables -P OUTPUT ACCEPT
# iptables -L -v

cPanel: This version of the ClamAV engine is outdated.

If you have cPanel come with ClamAV, and if you got this warning when running clamscan,

LibClamAV Warning: ***********************************************************
LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***********************************************************

You may consider to upgrade your ClamAV version and it’s definition.

To upgrade the ClamAV,
1. Download the latest stable source from http://www.clamav.net/download/sources.
2. Extract the file, (I assume ClamAV 0.97.3 as current latest version)

tar -zxfv clamav-0.97.3.tar.gz

3. Compile the following command,

cd clamav-0.97.3
if [ -d "/usr/lib64" ]; then libdir="--libdir=/usr/lib64" ; fi ; ./configure --prefix=/usr $libdir --sysconfdir=/etc --disable-ipv6 --disable-zlib-vcheck
make
make install

To update the database definition,

freshclam

Howto: Block Facebook Video from your network

As a business owner or system administrator, you might want to safe the bandwidth usage from your office network. If you found out Facebook Video is the root cause as your staff might waste the bandwidth to stream the Facebook Video, you may block these URL from the LAN Network.

1. video.ak.fbcdn.net
2. video.l3.fbcdn.net

You need to update the URL as Facebook might add more domain.

Enable ICMP request through Windows Server 2008 firewall

With Windows Server 2008, the server firewall setting will be very different with Windows Server 2003 or earlier version.

As many people do not know how to enable or disable some port or IP as Windows Server 2008 do come with Windows Firewall with advance setting. You may actually run the following command from your command prompt.

1. Open command prompt (cmd).
2. Enter the following command,
netsh firewall set icmpsetting 8

Otherwise, you may use the following step.
1. Open Run command.
2. Run firewall.cpl and enter.
3. Select with Windows Firewall with additional security.
4. Enable “file and printer sharing (ICMP requestv4)”

Additional note, you may disable it by typing the following line.
netsh firewall set icmpsetting 8 disable

Disable Port Scanning on port 25 with McAfee

Last few day, I was working on client server and found out their ASP.Net script do not able to send out any email from IIS SMTP.

After further check, it is found out port 25 is blocked from McAfee AntiVirus.

1. Locate the McAfee icon in your taskbar. Double-click the icon to launch the application. You can also run the program by clicking “Start > All Programs > McAfee > McAfee VirusScan.”
2 Click “Virus Scan Enterprise > Virus Scan Console.” Double-click “Virus Protection.” Click the “Access Protection” tab.
3 Check “Prevent mass mailing worms from sending mail.” This will disable port 25. Click “Apply” to save your settings, then click “OK.”

iptables filter mac address

Mick Genie ever guide how to allow and block IP, port, etc from iptables, however there is another option which is to block or allow mac address.

MAC address stand for Media Access Control Address and it could be specifically for a network.

To block a mac address, simply run from shell.

iptables -A INPUT -m mac –mac-source 00:11:22:FF:33:EE -j DROP

iptables

Mick Genie ever posted iptables Handy Guide earlier. However there do not have clear guide on which function and it’s description.

Most of the Linux Operating System do come with iptables and it is used to control the packet traffic of a PC.

Iptables used to manage through chains and there are three type of chains
– INPUT : Control Incoming packet
– OUTPUT : Control Outgoing packet
– FORWARD : Control packet that are forward

In order to control the chain, you need some action,
– ACCEPT : To allow a packet
– DROP : To disallow the packet
– REJECT : The target packet will be stopped.
– RETURN : Go to another chain of table.

iptables

iptables handy guide

iptables used to setup, maintain and inspect the tables of IP packet filter rules through Linux Kernel. You can modify or manage the rules through the command from console or SSH.

To list the IPs that is being blocked, you may run the command as below.

iptables -L -n

You will get the list of the IP that is being listed from the Iptables Kernel rules as command above.

To block an IP using iptables,

iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP

where xxx.xxx.xxx.xxx is the actual IP

Continue reading iptables handy guide

How to install CSF

To install CSF from your server, you may use the following command.

mkdir /tmp/;cd /tmp/;wget http://www.configserver.com/free/csf.tgz;tar zxf csf.tgz;cd csf;sh install.sh;

Once you finished install, you can either edit the configuration file from WHM with step below.
WHM >> Plugins >> “Config Server Security and Firewall” option.

Continue reading How to install CSF