Saturday, November 19, 2016

IPv6 Linux firewall script

Q. IPv4 by default protect internal host using RFC 1918 private IP address. But IPv6 offers direct global address which result into exposing all internal hosts as well. How do I create default IPv6 firewall to drop all incoming (except ping6 request) connection and only allow outgoing requests from Linux workstation?
A. You need to use Ip6tables command to create IPv6 firewall scripts. Ip6tables is used to set up, maintain, and inspect the tables of IPv6 packet filter rules in the Linux kernel.
A note about IPv6 private ips
IPv6 does not include private network features such as NAT. Because of the very large number of IPv6 addresses. However, FC00::/7 prefix used to identify Local IPv6 unicast addresses. All IPv6 users should be able to obtain IPv6 address space for use at their discretion and without artificial barriers between their network and the Internet.
Sample Restricted IPv6 Linux Firewall Script

#!/bin/bash
IPT6="/sbin/ip6tables"
PUBIF="eth1"
echo "Starting IPv6 firewall..."
$IPT6 -F
$IPT6 -X
$IPT6 -t mangle -F
$IPT6 -t mangle -X
#unlimited
$IPT6 -A INPUT -i lo -j ACCEPT
$IPT6 -A OUTPUT -o lo -j ACCEPT
# DROP all incomming traffic
$IPT6 -P INPUT DROP
$IPT6 -P OUTPUT DROP
$IPT6 -P FORWARD DROP
# Allow full outgoing connection but no incomming stuff
$IPT6 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT6 -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# allow incoming ICMP ping pong stuff
$IPT6 -A INPUT -p ipv6-icmp -j ACCEPT
$IPT6 -A OUTPUT -p ipv6-icmp -j ACCEPT
############# add your custom rules below ############
#$IPT6 -A INPUT -p tcp --destination-port 80 -j ACCEPT
#### no need to edit below ###
# log everything else
$IPT6 -A INPUT -j LOG
$IPT6 -A INPUT -j DROP

PXE boot communication flow

Sunday, October 23, 2016

Cool live patch available for Ubuntu 16.04 LTS

The cool live kernel patching is available in Ubuntu 16.04 LTS. No consecutive reboot required after patching the kernel.

Refer the link up: http://www.cyberciti.biz/faq/howto-live-patch-ubuntu-linux-server-kernel-without-rebooting/

Thursday, September 29, 2016

Linux Mint launches Mintbox Mini Pro PC with powerful specs - Linux mint 18 cinnamon

MintBox Mini ProOpen source distribution maker Linux Mint has launched Mintbox Mini Pro as an upgrade of its original Mintbox Mini. This new device packs powerful specifications and runs on Linux Mint 18 Cinnamon out of the box.

Compared to the first-generation Mintbox Mini, the newly launched Mintbox Mini Pro has an AMD A10 Micro-6700T chipset along with Radeon R6 graphics. The old system had 64GB of storage and 4GB of RAM, while the new PC comes with 120GB of SSD mSATA and 8GB of RAM. There are also some advanced connectivity options, such as dual-band Wi-Fi 802.11ac mini-PCIe, Bluetooth 4.0, dual Gbe Ethernet port and a serial port, and an all-metal black housing with better passive cooling.

The latest Linux Mint device has a total of two USB 3.0 and four USB 2.0 ports. There are also two HDMI ports and a microSD card slot as well as a 6-pin microSIM card slot.

Mintbox Mini Pro is available for $395 in the US market. This brings a $100 difference from the previous Mintbox Mini that went on sale for $295. By paying more bucks, you are getting a speedier and much-improved hardware to experience the world of Linux.

Wednesday, May 11, 2016

Airtel 4G in Ubuntu 16.04 LTS

Airtel 4G dongle in Ubuntu works good without installing its drivers.

It works via Mobile Broadband.
Choose country -> India
Choose service -> Airtel
Finish up the wizard.

Now Airtel 4G dongle works good in Ubuntu 16.04 LTS.

Sunday, May 8, 2016

Fix broken repository in Ubuntu

The below command is used to fix the broken repository in Ubuntu
$ sudo apt-get install -f

Ubuntu 16.04 LTS works excellent - HP 15-ac122tu notebook

Ubuntu 16.04 LTS desktop works excellent in HP 15-ac122tu notebook

It shows errors while installing Google chrome stable version. However, it works good. :) Use the below command to launch that.
 google-chrome-stable

pna@pna-HP-Notebook:~/Downloads$ sudo dpkg -i google-chrome-stable_current_amd64.deb
Selecting previously unselected package google-chrome-stable.
(Reading database ... 204527 files and directories currently installed.)
Preparing to unpack google-chrome-stable_current_amd64.deb ...
Unpacking google-chrome-stable (50.0.2661.94-1) ...
dpkg: dependency problems prevent configuration of google-chrome-stable:
 google-chrome-stable depends on libappindicator1; however:
  Package libappindicator1 is not installed.

dpkg: error processing package google-chrome-stable (--install):
 dependency problems - leaving unconfigured
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for gnome-menus (3.13.3-6ubuntu3) ...
Processing triggers for desktop-file-utils (0.22-1ubuntu5) ...
Processing triggers for bamfdaemon (0.5.3~bzr0+16.04.20160415-0ubuntu1) ...
Rebuilding /usr/share/applications/bamf-2.index...
Processing triggers for mime-support (3.59ubuntu1) ...
Errors were encountered while processing:
 google-chrome-stable