Standard

Iptables Debian wheezy

By On In Unix/Linux 2 min read

Overview

The method described here has three steps:

  1. Install the iptables-persistent package.
  2. Place the required rulesets in the /etc/iptables directory.
  3. Start the iptables-persistent service.

The second and third steps can be repeated whenever there is a need to change one or both of the rulesets.

Install the iptables-persistent package

On recent Debian-based systems the iptables configuration can be made persistent using the iptables-persistent package:

apt-get install iptables-persistent

This package first became available in Debian (Squeeze) and Ubuntu (Lucid).

Place the required rulesets in the /etc/iptables directory

Recent versions of iptables-persistent have two configuration files:

  • /etc/init.d/rules.v4 for the IPv4 ruleset, and
  • /etc/init.d/rules.v6 for the IPv6 ruleset.

These pathnames are correct from version 0.5 of iptables-persistent onwards, corresponding to Debian (Wheezy) and Ubuntu (Oneiric). Prior to that, the IPv4 ruleset was located at /etc/init.d/rules (no suffix). IPv6 support was unavailable prior to version 0.0.20101230, corresponding to Debian (Wheezy) and Ubuntu (Natty).

The ruleset files should be in a format suitable for use by the iptables-restore or ip6tables-restore command as appropriate. Here is an example for configuring the IPv4 filter table:

# Generated by iptables-save v1.4.8 on Thu Jan 12 21:54:29 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [27:3068]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Thu Jan 12 21:54:29 2012

]The required format of this file does not appear to be well-documented, although a partial description can be found in the Iptables Tutorial. Fortunately there are alternatives to writing it from scratch:

  • Recent versions of iptables-persistent offer to create the files from the current live configuration when the package is installed. You can arrange for this offer to be repeated using the dpkg-reconfigure command.
  • You can achieve the same effect more directly using the iptables-save and ip6tables-save commands, for example:
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6

Start the iptables-persistent service

The iptables-persistent must be started or restarted for it to have an effect on the live configuration. In practice it should rarely be necessary to request this explicitly:

  • If the rulesets were constructed from the current live configuration then there is no immediate need for iptables-persistent to do anything, because the stored and live configurations are already in agreement.
  • The iptables-persistent service automatically starts when the system is rebooted.

You will need to explicitly start the service if you provide the rulesets by some other means:

service iptables-persistent start

Note that the versions of this package included with Squeeze, Lucid and Maverick respond only to start and not to restartreload orforce-reload. This has since been fixed.

more
Standard

install node.js centos 6

By On In Unix/Linux 2 min read 
#yum -y update
#yum -y groupinstall "Development Tools"
#yum -y install screen

Node.js Installation

#cd /usr/src
#wget http://nodejs.org/dist/v0.10.4/node-v0.10.4.tar.gz
#tar zxf node-v0.10.4.tar.gz
#cd node-v0.10.4
./configure
make
make install

#cd /home/anario/
#touch app.js

var http = require('http');
http.createServer(function (req, res) {
res.writeHead(200, {'Content-Type': 'text/plain'});
res.end('Hello Anario\n');
}) .listen(8124, '0.0.0.0');
console.log ('Server running at http://server:8124');

#node app.js
#npm install forever -g
#forever start app.js | [forever stop app.js]

Set up an init.d Script for Forever

#!/bin/bash
#
# Service script for a Node.js application running under Forever.
#
# This is suitable for Fedora, Red Hat, CentOS and similar distributions.
# It will not work on Ubuntu or other Debian-style distributions!
#
# There is some perhaps unnecessary complexity going on in the relationship between
# Forever and the server process. See: https://github.com/indexzero/forever
#
# 1) Forever starts its own watchdog process, and keeps its own configuration data
# in /var/run/forever.
#
# 2) If the process dies, Forever will restart it: if it fails but continues to run,
# it won't be restarted.
#
# 3) If the process is stopped via this script, the pidfile is left in place; this
# helps when issues happen with failed stop attempts.
#
# 4) Which means the check for running/not running is complex, and involves parsing
# of the Forever list output.
#
# chkconfig: 345 80 20
# description: my application description
# processname: my_application_name
# pidfile: /var/run/my_application_name.pid
# logfile: /var/log/my_application_name.log
#

# Source function library.
. /etc/init.d/functions

NAME=node
SOURCE_DIR=/home/anario/
SOURCE_FILE=app.js

user=root
pidfile=/var/run/$NAME.pid
logfile=/var/log/$NAME.log
forever_dir=/var/run/forever

node=node
forever=/usr/local/bin/forever
sed=sed

export PATH=$PATH:/usr/local/bin/node:/usr/local/bin/forever
export NODE_PATH=$NODE_PATH:/usr/local/lib/node_modules

start() {
 echo "Starting $NAME node instance: "

 if [ "$foreverid" == "" ]; then
 # Create the log and pid files, making sure that
 # the target use has access to them
 touch $logfile
 chown $user $logfile

 touch $pidfile
 chown $user $pidfile

 # Launch the application
 daemon --user=root \
 $forever start -p $forever_dir --pidFile $pidfile -l $logfile \
 -a -d $SOURCE_DIR/$SOURCE_FILE
 RETVAL=$?
 else
 echo "Instance already running"
 RETVAL=0
 fi
}

stop() {
 echo -n "Shutting down $NAME node instance : "

$forever stopall
 RETVAL=$?
}

if [ -f $pidfile ]; then
 read pid < $pidfile
else
 pid=""
fi

if [ "$pid" != "" ]; then
 # Gnarly sed usage to obtain the foreverid.
 sed1="/$pid\]/p"
 sed2="s/.*\[\([0-9]\+\)\].*\s$pid\.*/\1/g"
 foreverid=`$forever list -p $forever_dir | $sed -n $sed1 | $sed $sed2`
else
 foreverid=""
fi

case "$1" in
 start)
 start
 ;;
 stop)
 stop
 ;;
 status)
 status -p ${pidfile}
 ;;
 *)
 echo "Usage: {start|stop|status}"
 exit 1
 ;;
esac
exit $RETVAL

/etc/init.d/node start

more