Adam SMASH!

A couple of days ago I made a post extolling the virtues of using the route command to block IP addresses. While this works, there is an even more powerful firewall actually built right into linux. It’s called iptables.

Iptables is an extremely powerful firewall built into linux, and can be a bit daunting to use at first. There are lots of GUIs available for iptables, but I told myself I would figure out most of linux through the CLI (command line interface) since at some point my x-windows may fail to load for whatever reason and I may be forced into runlevel 3 to fix it. (runlevel 3 is pure CLI, no gui whatsoever. If you ever used a DOS based computer, it’s like that, but way more powerful. If you want to try it out, open up a terminal and type init 3, to get back to x-windows environment, type init 5)

At any rate, you can add ips to iptables and tell it what to do with them. If you type iptables -L (might need to be su) in terminal, then you will see your current firewall setup.

To add an IP address to be blocked, you will need to issue this command(again might need to be su):
iptables -I INPUT -s [address to be blocked] -j DROP

Here is a breakdown of the command. Iptables is broken down into 3 chains. INPUT, FORWARD, and OUTPUT. INPUT is the connections your PC receives, FORWARD is connections or packets that it forwards to another host or IP (if your pc was functioning as a firewall or router for your network) and OUTPUT is connections or packets leaving your PC to the outside world. In my above example, the -I INPUT flag is telling it to insert the following rule in the INPUT chain. the -s flag is to tell it the source IP address or host you are making the rule for. the -j flag stands for jump, and tells iptables what to do if the packet received matches the rule. In this case we want to DROP the packet, or stop it from being received.

So for instance, if I wanted to block IP 25.25.25.25 from connecting to my pc, then I would enter this command as su in the terminal:

iptables -I INPUT -s 25.25.25.25 -j DROP

That would enter a rule in my firewall to take any packet coming into my PC from 25.25.25.25 and drop refuse it.

I have also written a simple shell script that will do this for me so I don’t have to enter the whole command every time, I just named the scriopt ipblock and I can type ipblock 25.25.25.25 and it will automatically enter the rule in iptables.

Here is the script in case anyone might find it useful. I use the sudo command in my script, so if you don’t have sudo on your system for whatever reason, you can run it as su -c, but you will need root access to manipulate the iptables.

ipblock.sh

#!/bin/bash

#all this script does is add an offending IP address to IPTABLES for
#blocking.

sudo iptables -I INPUT -s $1 -j DROP

echo IP ADDRESS of $1 blocked.

Now just save that as ipblock, and execute a

chmod +x ipblock

to make it executable. Then you can execute it with ./ipblock [ip address], et voila, ip address blocked. You can verify by executing iptables -L from the terminal, which will list the rules in your iptables firewall.

EDIT: Almost forgot, you’ll need to save these changes or they go away on your next reboot, which is a huge pain. The best way to do this on Fedora Core 10 is with a service call to the iptables service. As root:

[Adam@Deepblue ~]$ service iptables save

iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

In using linux with an x-windows environment, you may eventually run into the problem of a file or two that simply will not disappear from your trash. This could be caused by all sorts of complications, such as the file is owned by root for whatever reason.

You can still get rid of these files by going to the Trash folder’s actual location on your hard drive. In Gnome (possibly KDE as well, but I use Gnome so I don’t know) when you delete an item, it actually moves it to a “Trash” folder on your hard drive. Sort of like the Recycle Bin in windows. You can go into this folder and remove the files here, when you can’t by trying to “Empty Trash”.

The folder’s location is ~/.local/share/Trash/. The ~ at the start of the path is your home folder, and could be replaced by /home/username should you choose, but the tilde (~) should work fine.

Open up a terminal window and type cd ~/.local/share/Trash/files. This will take you into the directory. If you do a directory listing in this directory, you will see two folders, files and info.

[Adam@Deepblue Trash]$ ls -la
total 16
drwx—— 4 Adam Adam 4096 2009-03-18 14:47 .
drwxr-xr-x 11 Adam Adam 4096 2009-04-29 12:03 ..
drwx—— 2 Adam Adam 4096 2009-05-26 10:56 files
drwx—— 2 Adam Adam 4096 2009-05-26 10:54 info
[Adam@Deepblue Trash]$


The files folder is pretty self explanatory, it contains the actual files that were moved to the trash. The info directory contains small files that hold information about the files in the files folder, such as date and time of deletion, and the original path of the file. This info is used in case you wish to restore something from the Trash, so it will know where to put it.

Essentially you will need to change into the files directory and delete the files in there, most likely as superuser, since if your account had the rights to delete them in the first place, you wouldn’t be in this directory trying to get rid of them. So if your username is enabled in the /etc/sudoers file, and you are already in the ~/.local/share/Trash folder, then you can sudo rm -rf files/*. If you are not in the sudoers file, but you have root access, you can do su -c rm -rf files/*. This will allow you to issue the one command as superuser, and will ask for the root password. I want to stress the importance of being SUPER sure you are in the right directory before issuing this command. rm -rf tells linux to remove (the rm part) all files recursively (the r flag, basically all files and directories contained within), and force it (the f flag. This will not ask ARE YOU SURE, it will simply do it and be done.) There will be no output from this command, it will just drop you back to a bash prompt. At which point you can issue an ls -la command to verify the files are gone, or just check your Trash Bin :) Should be empty now.

I run an FTP server using proftpd on my home PC, so that I can send files to it and receive from it while I am at work. Well I noticed in my secure log this morning, some apparent intrusion attempts, like so:

May 19 22:04:46 localhost proftpd[9701]: localhost.localdomain(::ffff:211.72.238.19[::ffff:211.72.238.19]) - USER administrator: no such user found from:ffff:211.72.238.19 [::ffff:211.72.238.19] to ::ffff:192.168.1.100:21

Well I looked around the intertubes for a way to block this IP, because it went on for like 2 hours, the guy tried every username he could imagine, or rather his script or program did. Well I found info about the route command. and this is a quick and dirty way to block IPs from connecting to your pc:

route add -host 211.72.238.19 reject

and if for whatever reason you want to remove the route, you would simply do this:

route del -host 211.72.238.19 reject

I’m not 100% sure this works because he hasn’t tried again, and if it does work, he’ll never show up in my log again. I’m looking out for him though.

When I first installed Linux, I was sitting at a desktop, and really had not a clue where to go or what to do to get software installed that I would like an be able to use.

that’s probably a common problem with Linux converts, they are used to Windows, where everything is more or less one-click and it’s done. Well Linux has some things that are that way, but the majority of it can only be accessed through some command-line interaction.

This is where I would like to recommend what they call “Perfect Desktop Guides”. It’s just what it sounds like, it’s a guide to getting a perfect desktop for your chosen flavor of linux. It may not necessarily be YOUR idea of perfect, but it is an excellent way to learn how to customize and further enhance your Linux OS to your liking, and you can apply the skills obtained by running thru a guide to practically any flavor of linux you move to at a later date.

The one I used for Fedora 10 was this one:

http://www.howtoforge.com/the-perfect-desktop-fedora-10

If you have a different version of Linux, then google for “Perfect Desktop Guide” and add your flavor of Linux, be it SUSE, Slackware, etc. there are perfect guides to pretty much all types of linux.

Enjoy!

I recently switched to the linux OS, Fedora Core 10 to be precise. I don’t think I’m ever going back to Windows as my main OS. I still have WinXP running in a VM on my PC, just for things I can’t seem to get working in Linux and that I have to have, but so far the only thing I’ve had to use it for is Logmein remoting. Can’t seem to get that working in Firefox in Linux for some reason.

I am not hating on Microsoft or Windows here, I’ve used Windows since I can remember, well, first DOS and then Windows, but it’s been Microsoft this whole time. I appreciate them giving me my PC training wheels, but at some point you realize it’s all a little restrixtive and that you don’t really know what’s going on behind the scenes of the Windows OS, since the source code it closed and nobody knows what’s in there really.

Enter Linux, fully open source kernel, fully open source modules, everything pretty much transparent. I love it so far. I really dig interacting with the terminal, it reminds me of when my first PC, a 286 only had DOS, there was no graphical interface, except in the cases where someone wrote and ANSI or ASCII-styled menu for their program. And there was no multi-tasking. The PC did one thing, then it did the next.

It’s kind of an elitist thing for me I guess, I am almost the only person I know who uses Linux. A couple coworkers play around with it I think (I work in a highly technical environment, computer support) but I am the only one that I personally know that uses Linux as my main OS. It’s a good thing, I enjoy having specialized knowledge. :)

I’ve spent the last month or so delving into the minutae of the OS and learning about terminal command and BASH Shell scripting etc. Anyone who knows me will tell you that I develop an infatuation with something and then I’m over it in a week. Luckily it was not this way with Linux.

I think I’ll try posting some hints and tips and tricks and stuff on here, see if they help anyone. Like I said I don’t have anyone I know that I can talk to about Linux, because nobody’s a superfreak for it like I am, so I gotta yak about it here I guess. :P

Oh in case anyone actually reads this blog and noticed all the old posts are gone, well I deleted them all. This blog has changed focus so damn many times I can’t keep track of what was going on. So I removed all the old posts to this site and I am starting all over. Welcome to the new deal!