DevReview.net

Q. How do I filter larger number of subnets and IPs using OpenBSD’s pf firewall under FreeBSD 7.x server? How do I log all dropped packets from such ips? How do I block upto 10000 IPs or subnet without any performance penalty?

A. You can easily filter large number of IPs or subnets using pf firewall. PF provides tables to hold large number of IPv4 and IPv6 address. Lookups against a table are very fast and consume less memory and processor time. Tables are created in pf.conf file. Tables can also be populated from text files containing a list of IP addresses and networks.

How do I configure tables to drop large number of IPs?

Open pf.conf file, enter:
# vi /etc/pf.conf
Add following code:
table <blockedips> persist file "/etc/pf.blocked.ip.conf"
ext_if="em1" # interface connected to internet
Add following code to drop and log all ips / subnet listed in /etc/pf.blocked.ip.conf, file
block drop in log (all) quick on $ext_if from <blockedips> to any
Save and close the file. Now create file /etc/pf.blocked.ip.conf file using vi text editor, enter:
vi /etc/pf.blocked.ip.conf
Sample output:

192.168.1.0/24
202.54.1.5
# 202.54.4.5

The file /etc/pf.blocked.ip.conf should contain a list of IP addresses and/or CIDR network blocks, one per line. Any line beginning with # is treated as a comment and ignored by pf. To load new rules, simply type:
# pfctl -nf /etc/pf.conf
# pfctl -f /etc/pf.conf

How do I view all IP address listed in tables?

Type the following command
# pfctl -t blockedips -T show
Sample output:

   58.65.232.0/21
   58.83.12.0/22
   64.28.176.0/20
   64.255.128.0/19
   66.231.64.0/20
   67.213.128.0/20
   69.8.176.0/20

How do I add subnet called 91.196.232.0/22 on the fly?

Use pfctl command itself, to add CIDR or IP on fly, enter:
# pfctl -t blockedips -T add 202.54.11.11
# pfctl -t blockedips -T add 91.196.232.0/22

How do I delete subnet called 91.196.232.0/22 on the fly?

Type the command as follows:
# pfctl -t blockedips -T delete 91.196.232.0/22
Please note that all changes made using pfct are dynamic. You need to update your file on disk to save the changes.

How do I see statistics for each IP / CIDR?

The -v option can display statistics for each table entry (IP/CIDR), enter:
# pfctl -t blockedips -T show -v
Sample output:

   216.243.240.0/20
        Cleared:     Thu Jul 10 03:01:01 2008
        In/Block:    [ Packets: 0                  Bytes: 0                  ]
        In/Pass:     [ Packets: 0                  Bytes: 0                  ]
        Out/Block:   [ Packets: 0                  Bytes: 0                  ]
        Out/Pass:    [ Packets: 0                  Bytes: 0                  ]
   216.255.176.0/20
        Cleared:     Thu Jul 10 03:01:01 2008
        In/Block:    [ Packets: 0                  Bytes: 0                  ]
        In/Pass:     [ Packets: 0                  Bytes: 0                  ]
        Out/Block:   [ Packets: 0                  Bytes: 0                  ]
        Out/Pass:    [ Packets: 0                  Bytes: 0                  ]

How do I view log of dropped IP from default /var/log/pflog file?

Use tcpdump command to read a log file:
# tcpdump -n -e -ttt -r /var/log/pflog
# tcpdump -n -e -ttt -r /var/log/pflog port 80
# tcpdump -n -e -ttt -r /var/log/pflog and host 202.33.1.2
You can also view log in real time, enter:
# tcpdump -n -e -ttt -i pflog0
# tcpdump -n -e -ttt -i pflog0 port 80
# tcpdump -n -e -ttt -i pflog0 host 202.33.1.2

Article copy pasted from here: http://www.cyberciti.biz/faq/opebsd-pf-firewall-block-subnets-ip-address/

Installing mod_wsgi
Example of http.conf:
LoadModule wsgi_module        libexec/apache22/mod_wsgi.so

Example


ServerName python.dev
ServerAdmin webmaster@python.dev
DocumentRoot "/usr/local/www/apache22/data/sites/python.dev"

Example of index.py

def application(environ, start_response):
status = '200 OK'
output = 'Hee ello 34 World!'

return [output]


restart apache & check http://python.dev

How to install samba on freebsd if its intsalled on vmware from host machine where installed windows

1. Install samba via ports, make install clean
Lets assume that username is “hockey”

2. put in rc.conf

nmbd_enable="YES"

smbd_enable="YES"

Read the rest of this entry »

First of all remove old not needed resources from svn and local copy.

On top level use command:

\application
    \files
    \tmp

> svn st
M  files
?  tmp

> svn propedit svn:ignore ./

> svn proplist
Properties on '.':
  svn:ignore

> svn propget svn:ignore
tmp

how to delete svn:ignore?
1. just use "svn propedit" again and remove what should be removed
or totally remove properties from dir:
2. svn propdel svn:ignore ./ 

end.

SSH (Secure Shell) can be set up with public/private key pairs so that you don’t have to type the password each time. Because SSH is the transport for other services such as SCP (secure copy), SFTP (secure file transfer), and other services (CVS, etc), this can be very convenient and save you a lot of typing.

SSH Version 2

On the local machine, type the BOLD part. The non-bold part is what you might see as output or prompt.

• Step 1:
  % ssh-keygen -t dsa
  Generating public/private dsa key pair.
  Enter file in which to save the key (~/.ssh/id_dsa): (just type return)
  Enter passphrase (empty for no passphrase): (just type return)
  Enter same passphrase again: (just type return)
  Your identification has been saved in ~/.ssh/id_dsa
  Your public key has been saved in ~/.ssh/id_dsa.pub
  The key fingerprint is:
  Some really long string
  %
• Step 2:
  Then, paste the content of the local ~/.ssh/id_dsa.pub file into the file ~/.ssh/authorized_keys on the remote host.

Read the rest of this entry »

Maven’s Objectives

Maven’s primary goal is to allow a developer to comprehend the complete state of a development effort in the shortest period of time. In order to attain this goal there are several areas of concern that Maven attempts to deal with:

• Making the build process easy
• Providing a uniform build system
• Providing quality project information
• Providing guidelines for best practices development
• Allowing transparent migration to new features

Read the rest of this entry »

Statistics
People on Facebook

* More than 500 million active users
* 50% of our active users log on to Facebook in any given day
* Average user has 130 friends
* People spend over 700 billion minutes per month on Facebook

Activity on Facebook

* There are over 900 million objects that people interact with (pages, groups, events and community pages)
* Average user is connected to 80 community pages, groups and events
* Average user creates 90 pieces of content each month
* More than 30 billion pieces of content (web links, news stories, blog posts, notes, photo albums, etc.) shared each month.

Read the rest of this entry »

<html>
<body>
<input type=”text” name=”q” id=”qTop”  value=”2″ >
<input type=”text” name=”q” id=”q”     value=”3″ >
<script>
var el = document.getElementById(‘q’);
alert(el.value);
alert(el.id);
</script>
</body>
</html>

So, guess what?
Exactly, this one will output: 2, qTop instead of 3,q

Known Microsoft issue aroung getElementById fixed in IE8.

1. download tar.gz from atlassian site
2. create new user for ex.: “wiki” (better with .cshrc)
3. add “setenv JAVA_HOME /usr/local/jdk1.6.0″ to .cshrc
4. check with echo $JAVA_HOME
5. create new dir in /home/wiki/confluence-data

6. set home directory for confluence
confluence.home = /home/wiki/confluence-data
in [common]/confluence/WEB-INF/classes/confluence-init.properties

7. change port for server (usually 8080 is busy)
<Connector className=”org.apache.coyote.tomcat4.CoyoteConnector” port=”8090″ minProcessors=”5″ …

6. start bin/.startup.sh
7. check sockstat -4
8. open http://192.168.81.128:8090
9. config other option via jira via web interface
[10. choose embedded storage for testing purposes]

done

1. stop mysql-server if running

/usr/local/etc/rc.d/mysql-server stop

2. update /etc/my.cfg with adding new config

default-storage_engine = InnoDB

and uncomment next lines

# Uncomment the following if you are using InnoDB tables
#innodb_data_home_dir = /var/db/mysql/
#innodb_data_file_path = ibdata1:10M:autoextend
#innodb_log_group_home_dir = /var/db/mysql/
# You can set .._buffer_pool_size up to 50 – 80 %
# of RAM but beware of setting memory usage too high
#innodb_buffer_pool_size = 16M
#innodb_additional_mem_pool_size = 2M
# Set .._log_file_size to 25 % of buffer pool size
#innodb_log_file_size = 5M
#innodb_log_buffer_size = 8M
#innodb_flush_log_at_trx_commit = 1
#innodb_lock_wait_timeout = 50

3. start mysql-server again

/usr/local/etc/rc.d/mysql-server start

4. check engine property, after logged into mysql>

show variables like “%engine%”;

done