ipteables: Deleting Rules by Chain and Number

 How To List and Delete Iptables Firewall Rules | DigitalOcean

Deleting Rules by Chain and Number

The other way to delete iptables rules is by its chain and line number. To determine a rule’s line number, list the rules in the table format and add the --line-numbers option:

  • sudo iptables -L --line-numbers
 
[secondary_output Output]
Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
2    ACCEPT     all  --  anywhere             anywhere
3    DROP       all  --  anywhere             anywhere             ctstate INVALID
4    UDP        udp  --  anywhere             anywhere             ctstate NEW
5    TCP        tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN ctstate NEW
6    ICMP       icmp --  anywhere             anywhere             ctstate NEW
7    REJECT     udp  --  anywhere             anywhere             reject-with icmp-port-unreachable
8    REJECT     tcp  --  anywhere             anywhere             reject-with tcp-reset
9    REJECT     all  --  anywhere             anywhere             reject-with icmp-proto-unreachable
10   ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW,ESTABLISHED
...

This adds the line number to each rule row, indicated by the num header.

Once you know which rule you want to delete, note the chain and line number of the rule. Then run the iptables -D command followed by the chain and rule number.

For example, if we want to delete the input rule that drops invalid packets, we can see that it’s rule 3 of the INPUT chain. So we should run this command:

  • sudo iptables -D INPUT 3
 

Now that you know how to delete individual firewall rules, let’s go over how you can flush chains of rules.

IPTABLES and ports

 How to restrict MySQL port access (a2hosting.com)


ou can use iptables to create firewall rules that restrict access to port 3306. The advantage of this method is that you can selectively grant or deny access to port 3306 based on IP addresses or other criteria.

For example, to block external access to port 3306 completely, type the following command:

iptables -A INPUT -p tcp --dport 3306 -j DROP

Similarly, to grant access to a specific IP address and block all others, type the following commands. Replace xxx.xxx.xxx.xxx with the IP address for which you want to grant access:

iptables -A INPUT -p tcp --dport 3306 -s xxx.xxx.xxx.xxx -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP

You can grant MySQL access to additional IP addresses by inserting rules in the INPUT chain before the DROP rule. For example:

iptables -I INPUT 1 -p tcp --dport 3306 -s xxx.xxx.xxx.xxx -j ACCEPT

Task: Open port 3306

In most cases following simple rule opens TCP port 3306:

iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT

The following iptable rules allows incoming client request (open port 3306) for server IP address 202.54.1.20. Add rules to your iptables shell script:

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 3306 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

However in real life you do not wish give access to everyone. For example in a web hosting company, you need to gives access to MySQL database server from web server only. Following example allows MySQL database server access (202.54.1.20) from Apache web server (202.54.1.50) only:

iptables -A INPUT -p tcp -s 202.54.1.50 --sport 1024:65535 -d 202.54.1.20 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 3306 -d 202.54.1.50 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Please note if you follow above setup, then you need tell all your hosting customer to use 202.54.1.50 as MySQL host in PHP/Perl code. A better approach is to create following entry in /etc/hosts file or use fully qualified domain name (create dns entry) mysql.hostingservicecompany.com which points to 202.54.1.50 ip:
202.54.1.50 mysql

In shot MySQL database connection code from PHP hosted on our separate webserver would look like as follows:

// ** MySQL settings ** //
define('DB_NAME', 'YOUR-DATABASE-NAME');     // The name of the database
define('DB_USER', 'YOUR-USER-NAME');     // Your MySQL username
define('DB_PASSWORD', 'YOUR-PASSWORD''); // ...and password
define('DB_HOST', 'mysql');       // mysql i.e. 202.54.1.50
// ** rest of PHP code ** //

Task: Allow outgoing MySQL request on TCP port 3306

Even you can allow outgoing MySql client request (made via mysql command line client or perl/php script), from firewall host 202.54.1.20 as follows:

iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 1024:65535 -d 0/0 --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 3306 -d 202.54.1.20 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Apache2: 'AH01630: client denied by server configuration'

 Apache2: 'AH01630: client denied by server configuration' - Stack Overflow


<Location />
require all granted
</Location>

List Which Apache 2 Modules are Enabled on CentOS 7 - Test your Apache config before restarting

 List Which Apache 2 Modules are Enabled on CentOS 7 | Liquid Web


apachectl -M | sort

Test your Apache config before restarting.

apachectl configtest

Completely Remove Mysql and Install MariaDB 10

 How to Completely Remove Mysql and Install MariaDB 10 (linoxide.com)


1) Completely uninstall mysql

We first need to properly uninstall MySql with all its dependencies

# yum list installed | grep mysql
mysql-community-client.x86_64          5.6.37-2.el7                   @mysql56-community
mysql-community-common.x86_64          5.6.37-2.el7                   @mysql56-community
mysql-community-libs.x86_64            5.6.37-2.el7                   @mysql56-community
mysql-community-release.noarch         el7-5                          installed 
mysql-community-server.x86_64          5.6.37-2.el7                   @mysql56-community

To remove a package with it's dependencies , you need to install yum plugin called: remove-with-leaves. To install it type:

# yum install yum-plugin-remove-with-leaves

Now to remove a package with its dependencies: yum remove package_name --remove-leaves as below

# yum remove mysql-server --remove-leaves
Loaded plugins: fastestmirror, remove-with-leaves
Resolving Dependencies
--> Running transaction check
---> Package mysql-community-server.x86_64 0:5.6.37-2.el7 will be erased
--> Finished Dependency Resolution
removing libaio-0.3.109-13.el7.x86_64. It is not required by anything else.
removing mysql-community-client-5.6.37-2.el7.x86_64. It is not required by anything else.
removing mysql-community-libs-5.6.37-2.el7.x86_64. It is not required by anything else.
removing mysql-community-common-5.6.37-2.el7.x86_64. It is not required by anything else.
--> Running transaction check
---> Package libaio.x86_64 0:0.3.109-13.el7 will be erased
---> Package mysql-community-client.x86_64 0:5.6.37-2.el7 will be erased
---> Package mysql-community-common.x86_64 0:5.6.37-2.el7 will be erased
---> Package mysql-community-libs.x86_64 0:5.6.37-2.el7 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================
 Package                                   Arch                      Version                              Repository                             Size
======================================================================================================================================================
Removing:
 libaio                                    x86_64                    0.3.109-13.el7                       @base                                  38 k
 mysql-community-client                    x86_64                    5.6.37-2.el7                         @mysql56-community                     89 M
 mysql-community-common                    x86_64                    5.6.37-2.el7                         @mysql56-community                    2.1 M
 mysql-community-libs                      x86_64                    5.6.37-2.el7                         @mysql56-community                    9.2 M
 mysql-community-server                    x86_64                    5.6.37-2.el7                         @mysql56-community                    251 M

We also need to uninstall the mysql-community-release repo

# yum remove mysql-community-release-el7-5
Loaded plugins: fastestmirror, remove-with-leaves
Resolving Dependencies
--> Running transaction check
---> Package mysql-community-release.noarch 0:el7-5 will be erased
--> Finished Dependency Resolution

2) Remove MySQL Directory

Now we need to remove MySQL default data directory /var/lib/mysql from our system. If you don't see the directory in the default location, it means that it changed to some other place which you can find in /etc/my.cnf file with variable datadir.

In our case, we will delete the /var/lib/mysql directory from the system but you can prefer to rename it in order to keep a backup of the existing files. We will completely clean up our installation directory.

# rm -rf /var/lib/mysql/
# rm -rf /etc/my.cnf

3) Install MariaDB 10

To install MariaDB 10, we must add the repo on your server. We will create a MariaDB repo file under /etc/yum.repos.d/MariaDB.repo with the content below

[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.5.10(10.3)/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

now we can install our packages

# yum install MariaDB-server MariaDB-client
Loaded plugins: fastestmirror, remove-with-leaves
Loading mirror speeds from cached hostfile
 * base: mirrors.linode.com
 * epel: mirrors.kernel.org
 * extras: mirrors.linode.com
 * rpmforge: mirrors.evowise.com
 * updates: mirrors.linode.com
Resolving Dependencies
--> Running transaction check
---> Package MariaDB-client.x86_64 0:10.1.26-1.el7.centos will be installed
--> Processing Dependency: MariaDB-common for package: MariaDB-client-10.1.26-1.el7.centos.x86_64
---> Package MariaDB-server.x86_64 0:10.1.26-1.el7.centos will be installed
--> Processing Dependency: galera for package: MariaDB-server-10.1.26-1.el7.centos.x86_64
--> Running transaction check
---> Package MariaDB-common.x86_64 0:10.1.26-1.el7.centos will be installed
---> Package galera.x86_64 0:25.3.20-1.rhel7.el7.centos will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================
 Package                             Arch                        Version                                           Repository                    Size
======================================================================================================================================================
Installing:
 MariaDB-client                      x86_64                      10.1.26-1.el7.centos                              mariadb                       39 M
 MariaDB-server                      x86_64                      10.1.26-1.el7.centos                              mariadb                      103 M
Installing for dependencies:
 MariaDB-common                      x86_64                      10.1.26-1.el7.centos                              mariadb                      123 k
 galera                              x86_64                      25.3.20-1.rhel7.el7.centos                        mariadb                      8.0 M

Transaction Summary
======================================================================================================================================================
Install  2 Packages (+2 Dependent packages)

Total size: 150 M
Total download size: 150 M
Installed size: 647 M
Is this ok [y/d/N]: y
Downloading packages:
(1/3): MariaDB-10.1.26-centos7-x86_64-client.rpm                                                                               |  39 MB  00:00:02     
(2/3): galera-25.3.20-1.rhel7.el7.centos.x86_64.rpm                                                                            | 8.0 MB  00:00:01     
(3/3): MariaDB-10.1.26-centos7-x86_64-server.rpm                                                                               | 103 MB  00:00:12     
------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                  12 MB/s | 150 MB  00:00:12     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : MariaDB-common-10.1.26-1.el7.centos.x86_64                                                                                         1/4 
  Installing : MariaDB-client-10.1.26-1.el7.centos.x86_64                                                                                         2/4 
  Installing : galera-25.3.20-1.rhel7.el7.centos.x86_64                                                                                           3/4 
  Installing : MariaDB-server-10.1.26-1.el7.centos.x86_64  

You can check the status as below

# yum list installed | grep mariadb
MariaDB-client.x86_64             10.1.26-1.el7.centos   @mariadb               
MariaDB-common.x86_64             10.1.26-1.el7.centos   @mariadb               
MariaDB-server.x86_64             10.1.26-1.el7.centos   @mariadb               
MariaDB-shared.x86_64             10.1.26-1.el7.centos   @mariadb               

You can't have MySQL and MariaDB installed on the same server. So you need to do a complete uninstallation. You must notice that when having MariaDB installed, if you need to remove it in order to install MySQL, don't forget to remove the repo otherwise MySQL will be not able to be installed.

Specified key was too long; max key length is 767 bytes

 https://stackoverflow.com/questions/1814532/1071-specified-key-was-too-long-max-key-length-is-767-bytes


run this query before your query:

SET @@global.innodb_large_prefix = 1;

this will increase limit to 3072 bytes.


# mysql -u root -p --default-character-set=utf8 databasename
mysql> SET names 'utf8'
mysql> SOURCE bkp.sql

 javascript - Cannot delete property '1' of [object Array] - Stack Overflow


I've faced the same issue and according to this article the problem is that user array has non configurable properties. I suppose angular Inputs are set as non configurable. When you do: this.users = this.usersInput you simply pass the reference of input to this.users. The solution is to simply copy input array before splicing. In your case:

    this.users = [...this.usersInput];

Btw. do it in deleteUser method instead of afterViewInit with local variable. You do not need two class props referring to the same object.

How do I make `ls` show file sizes in megabytes?

 linux - How do I make `ls` show file sizes in megabytes? - Unix & Linux Stack Exchange


ls -l --block-size=M will give you a long format listing (needed to actually see the file size) and round file sizes up to the nearest MiB.


If you want MB (10^6 bytes) rather than MiB (2^20 bytes) units, use --block-size=MB instead.

If you don't want the M suffix attached to the file size, you can use something like --block-size=1M. Thanks Stéphane Chazelas for suggesting this.


If you simply want file sizes in "reasonable" units, rather than specifically megabytes, then you can use -lh to get a long format listing and human readable file size presentation. This will use units of file size to keep file sizes presented with about 1-3 digits (so you'll see file sizes like 6.1K151K7.1M15M1.5G and so on.


The --block-size parameter is described in the man page for ls; man ls and search for SIZE. It allows for units other than MB/MiB as well, and from the looks of it (I didn't try that) arbitrary block sizes as well (so you could see the file size as a number of 429-byte blocks if you want to).

Note that both --block-size and -h are GNU extensions on top of the Open Group's ls, so this may not work if you don't have a GNU userland (which most Linux installations do). The ls from GNU Coreutils 8.5 does support --block-size and -h as described above. Thanks to kojiro for pointing this out.

Do I need Content-Type: application/octet-stream for file download?

 http - Do I need Content-Type: application/octet-stream for file download? - Stack Overflow

Hence:

Content-Type: application/octet-stream
Content-Disposition: attachment; filename="picture.png"

Means "I don't know what the hell this is. Please save it as a file, preferably named picture.png".

Content-Type: image/png
Content-Disposition: attachment; filename="picture.png"

Means "This is a PNG image. Please save it as a file, preferably named picture.png".

Content-Type: image/png
Content-Disposition: inline; filename="picture.png"

Means "This is a PNG image. Please display it unless you don't know how to display PNG images. Otherwise, or if the user chooses to save it, we recommend the name picture.png for the file you save it as".

Of those browsers that recognise inline some would always use it, while others would use it if the user had selected "save link as" but not if they'd selected "save" while viewing (or at least IE used to be like that, it may have changed some years ago).

 Linux tar Command and How To Tar A Directory – POFTUT


Generally used to make multiple files and directories one file. We will tar a directory

$ tar cvf dymerge.tar dymerge 
dymerge/ 
dymerge/txt/ 
dymerge/txt/archive_formats.txt 
dymerge/txt/logo.txt
  • for compress but actually it is not compressed
  • for verbosity to see what happens
  • for archive file name
  • dymerge.tar is new tar file name
  • dymerge is the source directory name

Compress While Archiving

We can compress archived with with parameter. is used to gzip format

$ tar cvfz dymerge.tar.gz dymerge
  • is for gzip compression other options are default for our usage

To compress with bzip2 parameter should be provided.

List Files in Tar Archive

We can list files without opening the tar. parameter is used to list. But if the archive is gzip we should provide too. As we see tar.gz is extension for tarred and gzipped files.

$ tar tvfz dymerge.tar.gz
  • list files
  • archive is gzip format
List Files in Tar Archive
List Files in Tar Archive

If the archive is bzip2 we can use following command

$ tar tvfj dymerge.tar.gz

Extract Single File From Archive

With tar a single file can be extracted from archive. is the parameter to be used for this operation

$ tar xvfz  dymerge.tar.gz dymerge/surnames.txt 
dymerge/surnames.txt
  • dymerge.tar.gz is our archive that contains our single file
  • dymerge/surnames.txt is the file we want to extract

Extract Multiple Files From Archive with tar

We can extract multiple files with tar. We need too provide –wildcards parameter and related files for this. Here is used for globing

$ tar xvfz  dymerge.tar.gz --wildcards *.txt  
dymerge/txt/archive_formats.txt 
dymerge/txt/logo.txt 
dymerge/surnames.txt 
dymerge/vbscan/reports/forum.doom9.org/forum.doom9.org_report_2016-10-16_at_4.56.1.txt 
dymerge/vbscan/reports/hello.txt 
dymerge/vbscan/love.txt 
dymerge/vbscan/exploit/vbscandb.txt 
dymerge/dymerged.txt 
dymerge/names.txt
  • –wildcards is the parameter
  • *.txt is the file names we want to exract

Untar Command

We can create some alias to create new untar command like below.

$ export alias untar="tar dvf $1"
Untar Command
Untar Command

Adding File into Archive

After creating an archive we may need to update or add new files and folders to the existing archive. We can use r option to add new file or folder by specifying file and folder names at the end of the command like below. In this example we will add file named test.txtinto the existing archive named dymerge.tar.gz

$ tar rvfz  dymerge.tar.gz test.txt
  • We append test.txt file with option
  • We can add directories too

Estimate Archive Size

Before archiving a directory with tar command we can learn the size of the archive with the help of wc command. We will tar the directory in to the starndard output which will be redirected to the wc command. wc command will count the bytes and provide estimated size of the given archived file.

$ tar -cf - dymerge | wc -c 
573440

 

Linux tar Command and How To Tar A Directory Infografic

Linux tar Command and How To Tar A Directory Infografic


StaticImage

  import React , { useEffect , useRef } from "react" import { StaticImage } from "gatsby-plugin-image" impor...