How to setup and use iptables

What’s iptables?
Iptables is the current Linux firewall and routing service. It controls incoming and outgoing network

How to stop/start/restart iptables?
Basically just like any other Linux service:

# service iptables start
# service iptables stop
# service iptables restart

How to check if iptables is currently running?
Simply call service status and take a look at the result:

# service iptables status
Firewall is stopped.

If you run “service iptables status” and get “Firewall is stopped.” that means that iptables are not running and you should start it with “sertvice iptables start”. If you get some tables with bunch of geek stuff that means that iptables are running.

How to automatically start iptables service on Linux boot?
To enable iptables starting on boot run

# chkconfig iptables on

or run code below to disable it

# chkconfig iptables off

How to block IP address using iptables?
This will block IP from accessing your server. Be careful not to block your IP address.
In command below replace “” with correct IP address.

# iptables -A INPUT -s -j DROP

After blocking the IP address (adding it to the iptable rules) you must restart iptables calling:

# service iptables restart

How to unblock IP address using iptables?
Similar to blocking, just use ACCEPT instead of DROP:

# iptables -A INPUT -s -j ACCEPT

And after allowing that IP you must also restart iptables:

# service iptables restart

You can also flush your iptables rules by using:

# iptables -F

This will remove all custom added rules.

How to see current rules?
Simply by running following command:

# iptables -L

How to save iptable rules?
Rules created with the iptables command are stored in memory. If the system is restarted before saving the iptables rule set, all rules are lost. For rules to persist through a system reboot, they need to be saved. To save rules, type the following command:

# iptables-save > /etc/iptables.rules

How to load iptable rules?
To load previously saved rules execute:

# iptables--restore < /etc/iptables.rules

How to load iptable rules on Linux boot?
There are few ways and can be different on different Linux distributions. This should work on CentOS. To load rules on system boot make file /etc/init.d/iptableslr

# vi /etc/init.d/iptableslr

and add these two lines to it:

/sbin/iptables-restore < /etc/iptables.rules

The file needs to be executable so change the permissions:

# chmod +x /etc/init.d/iptables
Tags: service iptables status, how to check if iptables is enabled

Security by obscurity

This simple guide will help you secure your server in indirect way by hiding software versions from possible attackers. This can help you prevent many automated attacks and attacks based on software version number. If a hacker want’s to probe your system for hole he’ll start from collecting all version numbers from your running services. This guide will teach you setup common services not to give away their version numbers. This is called Security by obscurity and it’s not something to rely on but it can lower chances of getting your system hacked.

Apache (Web Server)
Let’s start with Apache first. It’s config file should at path


Open that with an editor of choice. I allways suggest Midnihgt Commander but you can use ant other editor like pico or vi. In Midnignt Commander open file for editing by pressing F4 while the file is selected.

Locate those two lines and set it as follows. If you cant find them – add them.

ServerSignature Off
ServerTokens Prod

Server Signature will remove the identification of Apache version from error pages, and ServerTokens will identify Apache as “apache” without version number or OS information. Save the file and restart the Apache.

service httpd restart

Named (DNS Server)
Next we will disable named from giving away his version. Open named config file at path


Search for line

query-source address * port 53;

Add a line right below it with add (if it doesn’t exist)

version "Named";

Save and restart named using

service named restart

Exim (Email Server)
Next we will disable the version numbers in Exim. If you are not running Exim there is no need to do this section. Exim config is at path


and if it could not be located, it probably means that you do not use Exim. Search for

smtp_banner = "${primary_hostname

This is the welcome message for the email server. You can put anything in here. Here’s a sample message

smtp_banner = "${primary_hostname} MailServer \n\We do not authorize the use of this system to transport unsolicited, \n\and/or bulk e-mail."

Save the config and restart Exim.

service exim restart

Remeber this is just security though obscurity and you still need to keep the server updated! This is just going to stop some people from finding your server in the first place by automated scanning. It will not help at all if somebody is trying to actually hack the server.

Continue Reading

How to install Midnight Commander?

Whats Midnight Commander?
Midnight Commander is Shell application (visual file manager) for SSH like Norton Commander, that older geeks may remember from the time of DOS, or like Total Commander, the most advanced Shell application today.

Why do I need Midnight Commander?
Midnight Commander will help you move more easily trough server files/folders, edit config files, copy/move/delete files/folders/whole directory trees, pack and unpack archives, search for files, run commands in subshell… You can also use MC to connect to other server’s FTP and copy files from/to other servers. (can be useful when migrating from one server to another)

How to install Midnight Commander?
If you have yum installed on server all you need to do is execute one command and it will install Midnight Commander and all it’s dependencies

yum install mc

If you don’t have yum on server – you’ll have to download it and compile it by hand.

tar -zxvf mc-4.6.1.tar.gz.tar
cd mc-4.6./1
make install

How to start Midnight Commander?
Simply enter mc and press enter in SSH

mc (and press Enter)

and you should see it running and looking like on the picture below.

Midnight Commander

Continue Reading

Tags: yum install mc, install midnight commander, install mc, how to install midnight commander, midnight commander install, midnight commander linux, midnight commander fedora, yum install midnight commander, linux install mc, yum midnight commander, wget mc, how to install mc, wget midnight commander, midnight commander linux install, linux mc install, mc install, midnight commander installieren, linux midnight commander, fedora install mc, install midnight commander linux, install mc linux, how to install midnight commander linux, install mc on linux, fedora midnight commander, fedora mc install, yum mc, linux install midnight commander, midnight commander, linux midnight commander install, midnight commander wget, fedora isntall mc, redhat install mc, fedora install midnight commander, midnight commander installieren linux, midnight commander linux installieren

How to block Google Ads on Windows computer?

If you (like me) hate ads and malicious sites there is a simple solution for all your problems. While most plugins just hide displaying of ads, while they are being requested and and loaded into your browser or blocks ads only in one browser, this hack totally blocks ads from even loading on whole computer. For this sample I’ve used Google AdSense text and picture ads and Yahoo ads but you can use any ad network. It’s good idea to block ads on your computer when you work a lot on your website so you cant make any accidental clicks since clicking on ads on your own site can get your account closed and get you accused of click fraud.

The whole process is easy as one, two, three!

1. Before you go you will need text editor. Notepad is fine but if you’re Geek pro you should use Notepad++. Start your text editor. If you are on Windows 7 or Vista start program as Administrator (Right click on editor icon and select “Run as Administrator”).

2. Now locate “hosts” file. (File has no extension only filename “hosts”).You can locate it at
– Windows 9x, ME at C:\WINDOWS
– Windows NT (and some 2K) at C:\WINNT\system32\drivers\etc
– Windows 2K, XP, 2003, Vista, 7 at C:\WINDOWS\system32\drivers\etc

3. Add following lines to the bottom of the file

Go to the first blank line at the bottom of the file and copy/paste these few lines or write your own. Make sure you leave no blank lines before this entry. That’s it. Just save the file and test it out. Some systems might require reboot. If you’ve followed the instructions carefully you should never see Google AdSense ads again, and this will work under all browsers and on all accounts on computer.

How does this stuff works? Well, instead of getting ads form where they are located (eg. Google servers), the ads are requested from (localhost) your computer and since you don’t have those – it displays nothing. It is perfectly safe to use.

This way you can also easily block malicious sites, annoying ads or ad networks, specific sites from your kids or block Facebook access. I have found two sites that have full databases of harmful sites and you can just copy/paste their hosts file for maximum protection: and and if you’re really geekish you can download Hostess, a specialized host file editor.

Tags: pagead googledoubleclicks com, block google adsense via hosts file, how to stop ad doubleclick net, Block all pagead googledoubleclicks com results, pagead googledoubleclicks, how to block ads on windows 7, how to block google ads, block ad doubleclick net, googletagservices block, download hosts file that block google adds, block all google ads with hosts file, tpc googlesyndication block

Hello world!

Hello fellow geeks or geek wannabes ūüôā
This is post number one and according to geek tradition it simply must start with standard

Hello World!

Okay, now once we got that out of the way (and are now for sure that it’s working), I want to discuss what is this blog all about.¬†Well, I’m self thought PHP/MySQL developer and Linux System administrator. Except that I do fairly good with lots of other coding tools (like Java, Visaul Basic…), but I really like web developmental the most and this is why I’m going to write mostly about that. I have split the blog in few areas:

  • Just Sayin’ – in here I’ll post about various stuff that come up on my mind and that don’t fit in any other category
  • Server Administration – in here I’ll try to write tutorials, guides and tips that can be useful to any admin (beginner¬†or expert)
  • Web¬†Development¬†– I’ll write in here about various stuff including but not limited to: php, javascript, Ajax, jQuery, Prototype, Smarty, Code¬†Igniter…
  • WordPress¬†– is one of my¬†favorite¬†web¬†development¬†tools. It’s easy to use and customize and I love working with it, so I’ll devote a whole category just to it.

Make sure you bookmark the site so you can find it later more easily or subscribe to our feed to keep updated. I don’t need to mention that you need to press CTRL+D to add site to bookmarks, right? Your Geek too! Geeks know this kind of stuff!

Thanks for visiting my blog.