How to Block an IP Address Using Firestarter

Firestarter is a GNOME program which offers a GUI interface to the IP Tables firewall.

If you have Firestarter configured to allow all IPs addresses to all ports or a particular port on your server, you can’t block a specific IP from accessing those ports using the GUI interface. However, Firestarter does allow you to manually specify IP Tables rules to either load up BEFORE or AFTER the Firestarter firewall rules by editing configuration files. On CentOS 5, the file to put the rules you want to load before Firestarter’s rules is /etc/firestarter/user-pre. For rules you want to load after Firestarter loads its firewall rules, edit the file /etc/firestarter/user-post. When you add your rules, instead of using the command “iptables” you need to use the variable name “$IPT” instead. To block an IP address from accessing any of your ports, you will need to add the IP Tables rule to the user-post file.

For example, say you want to block the IP address 123.11.112.1 from accessing your server on any port. The normal IPTables rules for this is:

iptables -I INPUT -s 123.11.112.1 -j DROP

To make this rule work with Firestarter, add the following line to the /etc/firestarter/user-post file:

$IPT -I INPUT -s 123.11.112.1 -j DROP

After you edit the user-pre or user-post files, you have to restart the Firestarter service to put them into effect. On CentOS 5 you can run the following terminal command to restart the Firestarter service:

service firestarter restart

Firewall Hole

How to Not Update a Package From a Specific Repository Using Yum

If you are using Yum to manage packages from multiple repositories it may be beneficial for you to not update a particular package against a specific repository in favor of another one. To do this, simply add the following line to the Yum configuration file for the repository you want to ignore:

exclude=packageName1 packageName2 packageName3

For example, say in CentOS 5 you wanted to not update the php-pecl-mailparse package against the Epel repository. You would edit the file /etc/yum.d/epel.repo and add the exclude line like so:

[epel]
name=Extra Packages for Enterprise Linux 5 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch                 
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basear$
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
exclude=php-pecl-mailparse

...

Terminal

How to Determine How Many Inodes the Current Directory is Using

Some web hosting providers have a limit on how many inodes you can use. Here is the shell command to display how many inodes the current directory you are in is using:

find . -printf "%i\n" | sort -u | wc -l

If you don’t have shell access to your web server, you can do the same thing with a PHP web page. Just place this web page in the directory that you want to know the number of inodes it is using and access the PHP web page from your web browser. The PHP code to put in the web page file is:

<?php
  echo "<b>";
  system('pwd');
  echo "</b>: ";
  system('find . | wc -l');
  echo " inodes<br />\n<b>";
  system('cd ~/public_html; pwd');
  echo "</b>: ";
  system('cd ~/public_html; find . | wc -l');
  echo " inodes<br />\n<b>";
  system('cd ~; pwd');
  echo "</b>: ";
  system('cd ~; find . | wc -l');
  echo " inodes";
?>

Terminal

Disable Anonymous Access to OpenLDAP

After you setup an OpenLDAP server, one of the first things you’ll want to do is disable anonymous access to it. This will prevent unauthenticated users from connecting to your OpenLDAP server and extracting information about your users and network resources from it.  To disable anonymous access to your OpenLDAP server, you need to edit the slapd.conf file which on CentOS 5 is located at /etc/openldap/slapd.conf. Open the slapd.conf file for editing and do the following:

Look for a line similar to this:

allow bind_v2 bind_anon_cred bind_anon_dn

Remove from that any of the items relating to anonymous access which will have “anon” in their names. So after editing the above line it will look like this:

allow bind_v2

Now add the following two lines to the slapd.conf file to explicitly deny anonymous binds and anonymous access to the directory information:

disallow bind_anon
require authc

Now save the slapd.conf file and restart the LDAP service to put the changes into effect. On CentOS 5 you can restart the OpenLDAP service by running the following command in the terminal:

service ldap restart
OpenLDAP logo