How to block network traffic by country on Linux

As a system admin who maintains production Linux servers, there are circumstances where you need to selectively block or allow network traffic based on geographic locations. For example, you are experiencing denial-of-service attacks mostly originating from IP addresses registered with a particular country. In other cases, you want to block SSH logins from unknown foreign […]
Continue reading…

 

How to access a Linux server behind NAT via reverse SSH tunnel

You are running a Linux server at home, which is behind a NAT router or restrictive firewall. Now you want to SSH to the home server while you are away from home. How would you set that up? SSH port forwarding will certainly be an option. However, port forwarding can become tricky if you are […]
Continue reading…

 

How to share a directory with Samba on Fedora or CentOS

Nowadays sharing data across different computers is not something new at home or many work places. Riding on this trend, modern operating systems make it easy to share and exchange data transparently across computers via network file systems. If your work environment involves a mix of Microsoft Windows and Linux computers, one way to share […]
Continue reading…

 

How to block unwanted IP addresses on Linux efficiently

You may want to block IP addresses on your Linux box under various circumstances. For example, as an end user you may want to protect yourself from known spyware or tracker IP addresses. Or when you are running P2P software, you may want to filter out connections from networks associated with anti-P2P activity. If you […]
Continue reading…

 

How to configure firewall via command line on Linux

If you are looking to configure firewall on Linux, consider CSF (ConfigServer Security & Firewall). CSF is an easy-to-use, yet versatile firewall configuration tool written in Perl. Using CSF, you can easily configure advanced firewall rules such as stateful packet inspection and intrusion detection filters via its command-line interface or CSF configuration file. CSF is […]
Continue reading…

 

How to create an HTTP tunnel on Linux with httptunnel

HTTP-encapsulated tunnels are useful when you want to use games, IM clients, or P2P sharing applications across restrictive firewalls or proxies which tend to block pretty much everything except well known traffic such as HTTP traffic. httptunnel is GNU/GPL-licensed free software that allows you to create a bi-directional tunnel encapsulated by HTTP, between client and […]
Continue reading…

 

How to run iptables automatically after reboot on Debian

If you have customized iptables rules, and would like to load the customized iptables rules persistently across reboots on Debian, you can leverage if-up.d scripts that are located in /etc/network/if-up.d. On Debian, any script that is marked as executable and placed in /etc/network/if-up.d gets executed when a network interface is brought up. In order to […]
Continue reading…