Example of Iptable rules to keep your Linux server safe

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 23 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 81 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 587 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp --dport 8009 -j ACCEPT
iptables -A INPUT -p tcp --dport 8089 -j ACCEPT
iptables -A INPUT -p tcp --dport 8443 -j ACCEPT
iptables -A INPUT -p tcp --dport 8081 -j ACCEPT
iptables -A INPUT -p tcp --dport 81 -j ACCEPT
iptables -A INPUT -p tcp --dport 11211 -j ACCEPT
iptables -A INPUT -p udp --dport 11211 -j ACCEPT
iptables -A INPUT -p tcp --dport 50000 -j ACCEPT
iptables -A INPUT -p tcp --dport 50001 -j ACCEPT
iptables -A INPUT -p tcp --dport 60000 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j RETURN

You can use -I and with a number to add a rule to the top of the list (highest priority). For example:


iptables -I INPUT 1 -p tcp --sport 80 -j ACCEPT
iptables -I INPUT 1 -p tcp --sport 8080 -j ACCEPT
iptables -I OUTPUT 1 -p tcp --dport 8080 -j ACCEPT
iptables -I OUTPUT 1 -p tcp --dport 80 -j ACCEPT
iptables -I OUTPUT 1 -p tcp --sport 8080 -j ACCEPT
iptables -I OUTPUT 1 -p tcp --sport 80 -j ACCEPT

Refuse all other requests depends on your network settings

iptables -A INPUT -i eth0 -j REJECT
iptables -A INPUT -i venet0 -j REJECT

Save and restart Iptables to active the firewall.

/etc/init.d/iptables save
/etc/init.d/iptables restart

Simple! Isnt it?

Read More

How to secure Memcached and ensure its security

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

To allow only the IP addresses that you know to connect to Memcached service, create the iptable rules like these and save it:

iptables -I INPUT -p tcp --dport 11211 -s IPADDRESS -j ACCEPT
iptables -I INPUT -p tcp --dport 11211 -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 11211 -j DROP
iptables-save

You can test it by running telnet from other servers to see if it is activated:
for example

telnet IPADDRESS 11211

To check status and then quit:

stats
quit

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Make sure you configure MemCached to listen to the IP address of the server it is on, for example:
In Debian:

/etc/memcached.conf

or in CentOS:

/etc/sysconfig/memcached

You will find the line like this:

-l 0.0.0.0

0.0.0.0 means it listens to any ip address on the server.
Change it to 127.0.0.1 if you only wants connections from the local server itself.

Read More

FhHRx

如何实现提交后页面加载中loading锁定页面Ajax通过Jquery

 

将下列代码加入CSS中

.modal {
display: none;
position: fixed;
z-index: 1000;
top: 0;
left: 0;
height: 100%;
width: 100%;
background: rgba( 255, 255, 255, .8 )
url('http://xxxxx/xxxxx.gif')
50% 50%
no-repeat;
}
/* loading时候页面锁定 */
body.loading {
overflow: hidden;
}
/* loading时候页面锁定,显示modal部分 */
body.loading .modal {
display: block;
}

注意将url(‘http://xxxxx/xxxxx.gif’)中的链接换成你要选用的加载中的动画gif图片,例如下面的这张:
FhHRx

最后, 通过body的加载和删除loading class来控制loading的gif动画锁定。
比如将
$body = $("body");$body.addClass("loading");
放置在发送请求之前。 并将
$body = $("body");$body.removeClass("loading");
放置在接受到请求之后。

也可以尝试以下演示:

$body = $("body");
$(document).on({
ajaxStart: function() { $body.addClass("loading"); },
ajaxStop: function() { $body.removeClass("loading"); }
});

Read More