A good starting place is a set of rules similar to this one:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 5060 -j ACCEPT
iptables -A INPUT -p udp --dport 10000:20000 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
Archive for January, 2013
Asterisk & IPtables
Tuesday, January 22nd, 2013Asterisk modules
Tuesday, January 22nd, 2013My practice of manual loading of needed modules only.
Change ‘autoload=yes‘ to ‘autoload=no‘ in /etc/asterisk/modules.conf .
Restart Asterisk – Asterisk CLI> core restart now (remember that it will cancel all active calls).
Login into Asterisk console (root# asterisk -rvvvvvvv). Then load modules manually:
Asterisk CLI> module load app_dial.so
Asterisk CLI> module load app_playback.so
Asterisk CLI> module load chan_sip.so
Asterisk CLI> module load codec_alaw.so
Asterisk CLI> module load codec_gsm.so
Asterisk CLI> module load res_rtp_asterisk.so
Asterisk CLI> module load res_musiconhold.so
Asterisk CLI> module load func_dialplan.so
Asterisk CLI> module load pbx_config.so
Asterisk CLI> module load format_sln.so
Asterisk CLI> module load format_wav.so
Asterisk CLI> module load format_gsm.so
Asterisk CLI> module load app_record.so
A nice help for modules being used is ‘Asterisk CLI> module show‘ . This is mine:
Asterisk CLI> module show Module Description Use Count res_musiconhold.so Music On Hold Resource 0 app_dial.so Dialing Application 0 app_playback.so Sound File Playback Application 0 chan_sip.so Session Initiation Protocol (SIP) 0 codec_alaw.so A-law Coder/Decoder 0 codec_gsm.so GSM Coder/Decoder 0 res_rtp_asterisk.so Asterisk RTP Stack 0 func_dialplan.so Dialplan Context/Extension/Priority Chec 0 pbx_config.so Text Extension Configuration 0 format_sln.so Raw Signed Linear Audio support (SLN) 0 app_record.so Trivial Record Application 0 format_wav.so Microsoft WAV/WAV16 format (8kHz/16kHz S 0 format_gsm.so Raw GSM data 0 13 modules loaded Asterisk CLI>
If you need AEL, you have to load 2 modules (in shown sequence):
Asterisk CLI> module load res_ael_share.so
Asterisk CLI> module load pbx_ael.so
The best practice is to configure /etc/asterisk/modules.conf according to its syntax, to prevent manual loading of modules each time your Asterisk PBX starts.
Your installation may need other modules as well.
Show txt file without comments and empty lines
Sunday, January 20th, 2013The command is grep -vE '^#|^;|^$' /etc/openvpn/client.conf
This is the output:
client
dev tun
proto udp
remote 10.11.12.13 1194
topology subnet
nobind
persist-key
persist-tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client3.crt
key /etc/openvpn/client3.key
comp-lzo
verb 3
Printers control from the console
Saturday, January 19th, 2013A short list of helpful commands for printers’ control.
lpq – shows the default system printer (if set) and its printing queue;
lpstat -a – shows all printers, available in the system, their ‘working since’ time and type of connection (USB/local network, etc);
lpstat -p – shows all printers, available in the system, their ‘working since’ time and type of connection (USB/local network, etc);
lpstat -v – shows all printers, available in the system, their ‘working since’ time and type of connection (USB/local network, etc);
lpadmin -d printer_name – set the printer_name as default system printer;
lpadmin -x printer_name – deletes printer_name printer from the system;
cupsenable printer_name – turns the printer_name printer on on the OS level;
cupsdisable printer_name – turns the printer_name printer off;
cupsctl --share-printers – shares all printers in the system, making them available across the network; and run the next command =>
cupsctl 'BrowseLocalProtocols="all"' – use all protocols of network printing. If you use Linux machines only (both printing server and client), it’s better to type “ipp” instead of “all”. IPP means Internet Printing Protocol.
Shaping in Slackware
Thursday, January 17th, 2013An ‘iproute2’ package (description) must be installed. Let’s imagine that we use a default kernel in which ‘everything is included but the kitchen sink’. :)
FIRST. Create /etc/rc.d/rc.shaper with the following code:
#!/bin/bash
shaper_start() {
tc qdisc add dev eth1 root handle 1:0 htb default 254
tc class add dev eth1 parent 1:0 classid 1:1 htb rate 0.5mbit
tc class add dev eth1 parent 1:0 classid 1:2 htb rate 3.3mbit
tc class add dev eth1 parent 1:0 classid 1:254 htb rate 256kbit
tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.0.2 flowid 1:1
tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.0.3 flowid 1:2
}
shaper_stop() {
tc qdisc del dev eth1 root
}
shaper_restart() {
shaper_stop
sleep 1
shaper_start
}
case "$1" in
'start')
shaper_start
;;
'stop')
shaper_stop
;;
'restart')
shaper_restart
;;
*)
echo "usage $0 start|stop|restart"
SECOND. Make it executable: chmod +x /etc/rc.d/rc.shaper
THIRD. Add to /etc/rc.d/rc.inet2 these lines:
if [ -x /etc/rc.d/rc.shaper ]; then
/etc/rc.d/rc.shaper start
fi
Now type /etc/rc.d/rc.shaper start. After that your client with 192.168.0.2 IP address will have a 0.5 mbit/s bandwidth and 192.168.0.3 one will have 3.3 mbit/s. Any other IPs will have 256 kbit/s only, as it is set in the default shaping rule.
PostgreSQL Database Backup
Wednesday, January 16th, 2013For a single database mybase located on a server dbserver.local, from a user john :
pg_dump -h dbserver.local -U john mybase > backup_db_mybase.`date +%Y.%m.%d`.sql
This simple trick may do a great deal for you.
OpenBSD: security – periodic system security check
Sunday, January 13th, 2013While continuing learning OpenBSD at my spare time I’ve faced an interesting tool included in this OS.
security – periodic system security check.
Switching to English
Sunday, January 13th, 2013Since January 13, 2013 I will write all posts in English or both in English and Russian. It doesn’t matter that very few people visit my blog :P
И снова про обновление WordPress
Friday, January 11th, 2013Мануалов море, тем, кто привык всё делать в консоли, наиболее понятным будет вот этот: http://codex.wordpress.org/UNIX_Shell_Skills#Upgrading_WordPress_from_the_Shell
В нём только забыли напомнить сделать бэкап БД. И лишь уведомление “Необходимо обновить базу данных. Нажмите “Обновить” для обновления” насторожит внимательного :) А те, кто не только внимательны, но и разумны, делают бэкапы регулярно :)
Итак, если вы просто внимательны, то предварительно сохраняем резервную копию нашей базы (будет полагать, что мы используем MySQL, а имя базы нашего блога – wordpress):
mysqldump -u root -p wordpress > /some/path/to/backup/dir/wordpress_db_backup.sql
А вообще про создание/восстановление из бэкапа коротко и ясно написано здесь: http://www.thegeekstuff.com/2008/09/backup-and-restore-mysql-database-using-mysqldump/
Asterisk: запись продиктованного в телефон
Friday, January 11th, 2013Добавляем в диалплан
exten => *98,1,Answer()
exten => *98,n,Wait(2)
exten => *98,n,Record(/tmp/myrecord%d:wav)
exten => *98,n,Wait(1)
exten => *98,n,Playback(${RECORDED_FILE})
exten => *98,n,Wait(1)
exten => *98,n,Hangup()
Начинаем надиктовывать после сигнала (услышите его, набрав *98), когда сказали всё, что хотели, нажимаем # , после чего через секунду нам проиграют надиктованный голос.