If you meet this error when trying to connect to a server via ssh, you probably think there was a network error causing this. Maybe the ip configuration is not correct on the target server. But you can indeed ping…
If you meet this error when trying to connect to a server via ssh, you probably think there was a network error causing this. Maybe the ip configuration is not correct on the target server. But you can indeed ping…
Recently, I got iptables settings that seem to harden server.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 |
iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere INPUT_direct all -- anywhere anywhere INPUT_ZONES_SOURCE all -- anywhere anywhere INPUT_ZONES all -- anywhere anywhere DROP all -- anywhere anywhere ctstate INVALID REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere FORWARD_direct all -- anywhere anywhere FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere FORWARD_IN_ZONES all -- anywhere anywhere FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere FORWARD_OUT_ZONES all -- anywhere anywhere DROP all -- anywhere anywhere ctstate INVALID REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination OUTPUT_direct all -- anywhere anywhere Chain FORWARD_IN_ZONES (1 references) target prot opt source destination FWDI_public all -- anywhere anywhere [goto] FWDI_public all -- anywhere anywhere [goto] Chain FORWARD_IN_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_OUT_ZONES (1 references) target prot opt source destination FWDO_public all -- anywhere anywhere [goto] FWDO_public all -- anywhere anywhere [goto] Chain FORWARD_OUT_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_direct (1 references) target prot opt source destination Chain FWDI_public (2 references) target prot opt source destination FWDI_public_log all -- anywhere anywhere FWDI_public_deny all -- anywhere anywhere FWDI_public_allow all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere Chain FWDI_public_allow (1 references) target prot opt source destination Chain FWDI_public_deny (1 references) target prot opt source destination Chain FWDI_public_log (1 references) target prot opt source destination Chain FWDO_public (2 references) target prot opt source destination FWDO_public_log all -- anywhere anywhere FWDO_public_deny all -- anywhere anywhere FWDO_public_allow all -- anywhere anywhere Chain FWDO_public_allow (1 references) target prot opt source destination Chain FWDO_public_deny (1 references) target prot opt source destination Chain FWDO_public_log (1 references) target prot opt source destination Chain INPUT_ZONES (1 references) target prot opt source destination IN_public all -- anywhere anywhere [goto] IN_public all -- anywhere anywhere [goto] Chain INPUT_ZONES_SOURCE (1 references) target prot opt source destination Chain INPUT_direct (1 references) target prot opt source destination Chain IN_public (2 references) target prot opt source destination IN_public_log all -- anywhere anywhere IN_public_deny all -- anywhere anywhere IN_public_allow all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere Chain IN_public_allow (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW Chain IN_public_deny (1 references) target prot opt source destination Chain IN_public_log (1 references) target prot opt source destination Chain OUTPUT_direct (1 references) target prot opt source destination |
This comes from a newly-provisioned vps. The iptables block all ports of the server except the ssh port(22). If you change the ssh port from the default 22…
You may see on a web page a video that is hosted by wistia.com. I mean the web page is not one of wistia.com pages but the video is indeed served by wistia by embedded code. How to download it?…
Interestingly, the owner:group of /var/www/domainhostseotool.com/public_html is apache:apache and the mode is 755 . The owner:group of /var/www/domainhostseotool.com/public_html/.htaccess is also apache:apache and the mode is 644. Why does it complain the file is not readable and/or the directory is not executable?…
I’ve been wondering why every major release of CentOS breaks yum on older release. For example, after CentOS 6 is EOL, you cannot use yum on CentOS6; after CentOS 7 EOL, you cannot use yum to install a software on…
If you search “how to install Windows 10 on USB” on google, google will return all results about how to install Windows 10 from USB. Yes, google becomes more and more stupid since chatgpt becomes popular. I know how to…
I have an old computer installed with Windows 10 on an MBR HDD. Now I got a new Dell PC. I move the MBR HDD to the new PC but it is not bootable. I turn off the secure boot…
I’m not telling you how to use the following command to clone a drive to another drive: dd if=/dev/sda of=/dev/sdb bs=32M status=progress I’m warning you about the possible risk of doing this. The risk is not that it did not…
After installing and activating the License Manager for WooCommerce wordpress plugin, you need to import the serial numbers to sell. You need to copy the SNs in a .txt file(one sn per line), then head into wordpress admin panel/WooCommerce/License Keys…
go to https://learn.microsoft.com/en-us/windows-hardware/get-started/adk-install#download-the-adk-101261001-may-2024 to download and install windows adk and Windows PE addon for the adk right-click on the shortcut “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits\Windows ADK\Deployment and Imaging Tools Environment” and select run as administrator in the command prompt, run “copype amd64…