Keyword:
test,stress
1)Orabm:an Open Source suite to test CPU Performance under a CPU-intensive Oracle workload.
http://www.linxcel.co.uk/orabm/orabm.tar
2)Orastess!:a tool to generate a multi-session, multi-instance, multi-mode workload from a single command line.
http://www.linxcel.co.uk/orabm/orastress.zip
2008年8月26日星期二
2008年8月22日星期五
The Linux Boot Process
Keywords
loading GRUB initrd init
Booting Process
1.GRUB booting
Stage 1 is what is present in the main boot record and merely loads the next stage.Stage 1.5 is also quite sall, but is able to understand filesystems.Depending what filesystem contains the Stage 2 loader, a different stage 1.5 is used and is even optional in some circumstances.
Stage 2 is the meat of the loader and contains many features and options that can be explored. Because GRUB understands partitions and filesystem,it can load a kernel that it wasn't told about previously.
2.Follow up booting Kernel(kernel and initrd)
kernel: base booting code,all kinds of hardware driver in initrd(boot loader initalized RAM disk).If booting not appointed initrd.img file,booting failed:"Kernel panic:VFS: Unable to mount root fs on 08:06". initrd.img is guzip -9 zip and ramdisk file. gunzip initrd.img ,You can see /bin/nash command and init script. nash(not a sheel)?nash is a very simple script interpretor designed to be as small as possible. init file is booting script.It's command see man nash.Line mkrootdev /dev/root,root is a GRUB root=,mount filesystem root.Next process init process can read /etc/inittab ,wreate syslog ...... See screen Outcome:Switching to new root. kernel booting end.
3.init
It's run under the kernel.This program is always process 1.The kernel can be told which program to use as init by passing the "init=" boot parameter. If this paramenter is not specified, then the kernel will try to execute '/sbin/init','/etc/init','/bin/init' or '/bin/sh' in that order.
The init program read it's configuration from the '/etc/inittab'.
4.Runlevel Scripts
Read '/etc/inittab'.The inittab file describes which processes are started at bootup and during normal operation (e.g./etc/init.d/boot, /etc/init.d/rc, gettys...). Init(8) distinguishes multiple runlevels, each of which can have its own set of processes that are started. Valid runlevels are 0-6 plus A, B, and C for ondemand entries.
loading GRUB initrd init
Booting Process
1.GRUB booting
+-----------------------+
| +---------+ |---------------+
| | V V V
+|+++++++++++++++++++++|++++++++++++++++++++++++++++++++
= ===================== ================================
| | ha1 | | hda2 |
| | | stage2/Linux
| | stage1.5/Boot sector of second partition
| Dos/Boot sector of first partition
GRUB stage1/LILO/MBR
Stage 1 is what is present in the main boot record and merely loads the next stage.Stage 1.5 is also quite sall, but is able to understand filesystems.Depending what filesystem contains the Stage 2 loader, a different stage 1.5 is used and is even optional in some circumstances.
Stage 2 is the meat of the loader and contains many features and options that can be explored. Because GRUB understands partitions and filesystem,it can load a kernel that it wasn't told about previously.
2.Follow up booting Kernel(kernel and initrd)
kernel
+->setup
+->switch to Protected Mode(PM)
+->decompress_kernel()
+->start_kernel() <- PID 0
+->kernel_thread()
+->init <- PID 1
kernel: base booting code,all kinds of hardware driver in initrd(boot loader initalized RAM disk).If booting not appointed initrd.img file,booting failed:"Kernel panic:VFS: Unable to mount root fs on 08:06". initrd.img is guzip -9 zip and ramdisk file. gunzip initrd.img ,You can see /bin/nash command and init script. nash(not a sheel)?nash is a very simple script interpretor designed to be as small as possible. init file is booting script.It's command see man nash.Line mkrootdev /dev/root,root is a GRUB root=,mount filesystem root.Next process init process can read /etc/inittab ,wreate syslog ...... See screen Outcome:Switching to new root. kernel booting end.
3.init
It's run under the kernel.This program is always process 1.The kernel can be told which program to use as init by passing the "init=" boot parameter. If this paramenter is not specified, then the kernel will try to execute '/sbin/init','/etc/init','/bin/init' or '/bin/sh' in that order.
The init program read it's configuration from the '/etc/inittab'.
4.Runlevel Scripts
Read '/etc/inittab'.The inittab file describes which processes are started at bootup and during normal operation (e.g./etc/init.d/boot, /etc/init.d/rc, gettys...). Init(8) distinguishes multiple runlevels, each of which can have its own set of processes that are started. Valid runlevels are 0-6 plus A, B, and C for ondemand entries.
2008年8月20日星期三
Linux Booting: init (/sbin/init) failed !!!: 2
Title:
Linux booting fail (init failed!!!:2) rescue.
Keywords:
init sh rpm faile
Problem:
exec of init (/sbin/init) failed !!!: 2
umount /initrd/dev failed: 2
Kernel panic - not syncing: Attempted to kill init!
I entered the rescue mode and attempted
chroot /mnt/sysimage
It spitted an error
"chroot : cannot execute /bin/sh: Accessing a corrupted shared library."
Solution:
On a working machine:
# ldd /sbin/init
/usr/lib/libcwait.so (0x00eba000)
libsepol.so.1 => /lib/libsepol.so.1 (0x005f9000)
libselinux.so.1 => /lib/libselinux.so.1 (0x00a11000)
libc.so.6 => /lib/tls/libc.so.6 (0x004cd000)
/lib/ld-linux.so.2 (0x004b0000)
# ldd /bin/sh
/usr/lib/libcwait.so (0x00b6d000)
libtermcap.so.2 => /lib/libtermcap.so.2 (0x00831000)
libdl.so.2 => /lib/libdl.so.2 (0x0061e000)
libc.so.6 => /lib/tls/libc.so.6 (0x004cd000)
/lib/ld-linux.so.2 (0x004b0000)
S1:
If working machine and fail machine kernel version same,you can:
#rsync -ave ssh root@WorkingMachineIP:/usr/lib /mnt/sysimage/usr/.
#rsync -ave ssh root@WorkingMachineIP:/lib /mnt/sysimage/.
snyc command and exit reboot machine,check other error.
S2:
You shoud try to check these package :
# rpm -V --root /mnt/sysimage libtermcap glibc
and be ready to resinstall them if required
# rpm -ivh --force --root /mnt/sysimage /yoursource/libtermcap-*.rpm /yoursource/glibc-*.rpm
Then you should be able to make your chroot
In anyway identify all your corrupted files using
# rpm -Va
And reinstall the corrupted packages
Linux booting fail (init failed!!!:2) rescue.
Keywords:
init sh rpm faile
Problem:
exec of init (/sbin/init) failed !!!: 2
umount /initrd/dev failed: 2
Kernel panic - not syncing: Attempted to kill init!
I entered the rescue mode and attempted
chroot /mnt/sysimage
It spitted an error
"chroot : cannot execute /bin/sh: Accessing a corrupted shared library."
Solution:
On a working machine:
# ldd /sbin/init
/usr/lib/libcwait.so (0x00eba000)
libsepol.so.1 => /lib/libsepol.so.1 (0x005f9000)
libselinux.so.1 => /lib/libselinux.so.1 (0x00a11000)
libc.so.6 => /lib/tls/libc.so.6 (0x004cd000)
/lib/ld-linux.so.2 (0x004b0000)
# ldd /bin/sh
/usr/lib/libcwait.so (0x00b6d000)
libtermcap.so.2 => /lib/libtermcap.so.2 (0x00831000)
libdl.so.2 => /lib/libdl.so.2 (0x0061e000)
libc.so.6 => /lib/tls/libc.so.6 (0x004cd000)
/lib/ld-linux.so.2 (0x004b0000)
S1:
If working machine and fail machine kernel version same,you can:
#rsync -ave ssh root@WorkingMachineIP:/usr/lib /mnt/sysimage/usr/.
#rsync -ave ssh root@WorkingMachineIP:/lib /mnt/sysimage/.
snyc command and exit reboot machine,check other error.
S2:
You shoud try to check these package :
# rpm -V --root /mnt/sysimage libtermcap glibc
and be ready to resinstall them if required
# rpm -ivh --force --root /mnt/sysimage /yoursource/libtermcap-*.rpm /yoursource/glibc-*.rpm
Then you should be able to make your chroot
In anyway identify all your corrupted files using
# rpm -Va
And reinstall the corrupted packages
2008年1月8日星期二
Split file
Title:
Split file
Problem:
A big file can't burners to DVD-R/W
Keywords:
split cut
Solution:
user split command.
eg:
1.split -C 1M split_file split
2.split -l 1000 split_file split
3.split -b 4G split_file split
4.cut split* unit_file
Reference: man split.
Split file
Problem:
A big file can't burners to DVD-R/W
Keywords:
split cut
Solution:
user split command.
eg:
1.split -C 1M split_file split
2.split -l 1000 split_file split
3.split -b 4G split_file split
4.cut split* unit_file
Reference: man split.
2007年6月19日星期二
suse boot fsck error
Mounting shared memory FS on /dev/shm
Checking root file system...
fsck 1.38 (30-Jun-2005)
/dev/shm/root has gone 343 days without being checked,check forced.
Mem-info:root: ============== \54.7%
...
0 pages swap cacked
Out of Memeory:Killed process 5733 (fsck.ext3).
/dev/shm/root: e2fsck canceled.
fsck.ext3 /dev/shm/root failed (status 0x20). Run manually! failed
.....
/etc/init.d/kbd:line 129:/usr/sbin/hwinfo:No such file or directory
Stop Unicede mode
fsck failed. Please repair manually an reboot. The root
file system is currently mounted read-only.To remount it
read-write do:
bash# mount -n -o remount,rw /
Attention: Only CONTROL-D will reboot the system in this maintanance mode. shutdonw or reboot will not work.
Solution:
1.rm /frocefsck file.
2.Use suse boot CD rescue system, e2fsck -p /
Checking root file system...
fsck 1.38 (30-Jun-2005)
/dev/shm/root has gone 343 days without being checked,check forced.
Mem-info:root: ============== \54.7%
...
0 pages swap cacked
Out of Memeory:Killed process 5733 (fsck.ext3).
/dev/shm/root: e2fsck canceled.
fsck.ext3 /dev/shm/root failed (status 0x20). Run manually! failed
.....
/etc/init.d/kbd:line 129:/usr/sbin/hwinfo:No such file or directory
Stop Unicede mode
fsck failed. Please repair manually an reboot. The root
file system is currently mounted read-only.To remount it
read-write do:
bash# mount -n -o remount,rw /
Attention: Only CONTROL-D will reboot the system in this maintanance mode. shutdonw or reboot will not work.
Solution:
1.rm /frocefsck file.
2.Use suse boot CD rescue system, e2fsck -p /
2007年5月24日星期四
Oracle 学习笔记之一
手工建库
oracle@suse:~> export ORACLE_BASE=/opt/oracle
oracle@suse:~> export ORACLE_HOME=/opt/oracle/ora920
oracle@suse:~> export ORACLE_SID=test
oracle@suse:~> export ORACLE_TERM=xterm
oracle@suse:~> export LANG=zh_CN.GB18030
oracle@suse:~> NLS_LANG=AMERICAN_AMERICA.ZHS16GBK; export NLS_LANG
oracle@suse:~> DATA_HOME=/data; export DATA_HOME
oracle@suse:~> orapwd file=$ORACLE_HOME/dbs/orapw$ORACLE_SID entries=10 password=test123
create folder
oracle@suse:~> mkdir -p $ORACLE_BASE/admin/$ORACLE_SID/{bdump,cdump,udump,pfile,create,logs}
oracle@suse:~> ls $ORACLE_BASE/admin/$ORACLE_SID
cdump create bdump logs pfile udump
oracle@suse:~>mkdir -p $DATA_HOME/test/archive
oracle@suse:~> vi $ORACLE_BASE/admin/$ORACLE_SID/pfile/init$ORACLE_SID.ora
*.background_dump_dest='/opt/oracle/admin/test/bdump'
*.compatible='9.2.0.0.0'
*.control_files='/data/test/control01.ctl','/data/test/control02.ctl','/data/test/control03.ctl'
*.core_dump_dest='/opt/oracle/admin/test/cdump'
*.cursor_sharing='SIMILAR'
*.db_block_size=8192
*.db_cache_size=218103808
*.db_domain=''
*.db_file_multiblock_read_count=16
*.db_keep_cache_size=318767104
*.db_name='test'
*.db_recycle_cache_size=486539264
*.db_writer_processes=4
*.disk_asynch_io=true
*.dml_locks=10000
*.enqueue_resources=10000
*.fast_start_mttr_target=300
*.filesystemio_options='asynch'
*.global_names=FALSE
*.hash_area_size=10485760
*.hash_join_enabled=TRUE
*.instance_name='test'
*.java_pool_size=52428800
*.job_queue_processes=10
*.large_pool_size=52428800
######################Archive mode###############
*.log_archive_dest_1='location=/data/test/archive'
*.log_archive_dest_2='service=DBSTANDBY reopen=300'
*.log_archive_format='arch_%t_%s.arc'
*.log_archive_start=TRUE
##############################################
*.log_buffer=1048576
*.log_checkpoints_to_alert=TRUE
*.open_cursors=2000
*.open_links=30
*.parallel_adaptive_multi_user=true
*.parallel_automatic_tuning=true
*.parallel_max_servers=8
*.parallel_min_servers=4
*.pga_aggregate_target=524288000
*.processes=500
*.query_rewrite_enabled='FALSE'
*.remote_login_passwordfile='EXCLUSIVE'
*.session_cached_cursors=300
*.sga_max_size=1782579200
*.shared_pool_size=486539264
*.star_transformation_enabled='FALSE'
*.timed_statistics=TRUE
*.undo_management='AUTO'
*.undo_retention=1800
*.undo_tablespace='UNDOTBS1'
*.user_dump_dest='/opt/oracle/admin/test/udump'
*.utl_file_dir='/opt/oracle/admin/test/logs'
*.workarea_size_policy='auto'
oracle@suse:~>sqplplus "/ as sysdba"
SQL>startup pfile='$ORACLE_BASE/admin/$ORACLE_SID/pfile/init$ORACLE_SID.ora' nomount
启动有问题请查看bdump,udump下的trc信息。
vi $ORACLE_BASE/admin/$ORACLE_SID/creadte/createdb.sql
CREATE DATABASE test
LOGFILE
GROUP 1 ('$DATA_HOME/test/log01_01.log') SIZE 50M,
GROUP 2 ('$DATA_HOME/test/log02_01.log') SIZE 50M,
GROUP 3 ('$DATA_HOME/test/log03_01.log') SIZE 50M,
GROUP 4 ('$DATA_HOME/test/log04_01.log') SIZE 50M,
GROUP 5 ('$DATA_HOME/test/log05_01.log') SIZE 50M
DATAFILE '$DATA_HOME/test/system01.dbf' SIZE 300M AUTOEXTEND ON NEXT 10M MAXSIZE 32767M
extent management local
DEFAULT TEMPORARY TABLESPACE temp TEMPFILE '$DATA_HOME/test/temp01.dbf' SIZE 1000M
AUTOEXTEND ON NEXT 10M MAXSIZE 32767M
UNDO TABLESPACE UNDOTBS1 datafile '$DATA_HOME/test/undotbs01.dbf' SIZE 2000M AUTOEXTEND ON NEXT 10M
MAXSIZE 32767M
CHARACTER SET ZHS16GBK
NATIONAL CHARACTER SET AL16UTF16;
SQL>@/u01/oracle/admin/sid/create/createdb.sql
SQL>@$ORACLE_HOME/rdbms/admin/catalog.sql
SQL>@$ORACLE_HOME/rdbms/admin/catproc.sql
SQL>@$ORACLE_HOME/rdbms/admin/catclust.sql
SQL> alter user system identified by systempwd;
SQL> conn system/systempwd;
SQL>@?/sqlplus/admin/pupbld.sql(以system身份登陆)
SQL>conn / as sysdba;
SQL>create spfile from pfile='$ORACLE_BASE/admin/$ORACLE_SID/pfile/init$ORACLE_SID.ora' ;
*****pfile中有Archive mode可省以下操作
SQL>alter system set log_archive_format='arch_%t_%s.arc' scope=spfile;
SQL>alter system set log_archive_dest_1='location=/data/sid/archive';
SQL>alter system set log_archive_start=true scope=spfile;
*****
SQL>shutdown immediate;
SQL> conn / as sysdba;
SQL>startup mount;
SQL>alter database archivelog/noarchivelog;
SQL>alter system archive log start;
SQL>alter database open;
SQL>alter system archive log current;
# LISTENER.ORA Network Configuration File: /u01/oracle/ora920/network/admin/listener.ora
# Generated by Oracle configuration tools.
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = primaryDB )(PORT = 1521))
)
)
)
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = test)
(ORACLE_HOME = /u01/oracle/ora920)
(SID_NAME = test)
)
)
oracle@suse:~> export ORACLE_BASE=/opt/oracle
oracle@suse:~> export ORACLE_HOME=/opt/oracle/ora920
oracle@suse:~> export ORACLE_SID=test
oracle@suse:~> export ORACLE_TERM=xterm
oracle@suse:~> export LANG=zh_CN.GB18030
oracle@suse:~> NLS_LANG=AMERICAN_AMERICA.ZHS16GBK; export NLS_LANG
oracle@suse:~> DATA_HOME=/data; export DATA_HOME
oracle@suse:~> orapwd file=$ORACLE_HOME/dbs/orapw$ORACLE_SID entries=10 password=test123
create folder
oracle@suse:~> mkdir -p $ORACLE_BASE/admin/$ORACLE_SID/{bdump,cdump,udump,pfile,create,logs}
oracle@suse:~> ls $ORACLE_BASE/admin/$ORACLE_SID
cdump create bdump logs pfile udump
oracle@suse:~>mkdir -p $DATA_HOME/test/archive
oracle@suse:~> vi $ORACLE_BASE/admin/$ORACLE_SID/pfile/init$ORACLE_SID.ora
*.background_dump_dest='/opt/oracle/admin/test/bdump'
*.compatible='9.2.0.0.0'
*.control_files='/data/test/control01.ctl','/data/test/control02.ctl','/data/test/control03.ctl'
*.core_dump_dest='/opt/oracle/admin/test/cdump'
*.cursor_sharing='SIMILAR'
*.db_block_size=8192
*.db_cache_size=218103808
*.db_domain=''
*.db_file_multiblock_read_count=16
*.db_keep_cache_size=318767104
*.db_name='test'
*.db_recycle_cache_size=486539264
*.db_writer_processes=4
*.disk_asynch_io=true
*.dml_locks=10000
*.enqueue_resources=10000
*.fast_start_mttr_target=300
*.filesystemio_options='asynch'
*.global_names=FALSE
*.hash_area_size=10485760
*.hash_join_enabled=TRUE
*.instance_name='test'
*.java_pool_size=52428800
*.job_queue_processes=10
*.large_pool_size=52428800
######################Archive mode###############
*.log_archive_dest_1='location=/data/test/archive'
*.log_archive_dest_2='service=DBSTANDBY reopen=300'
*.log_archive_format='arch_%t_%s.arc'
*.log_archive_start=TRUE
##############################################
*.log_buffer=1048576
*.log_checkpoints_to_alert=TRUE
*.open_cursors=2000
*.open_links=30
*.parallel_adaptive_multi_user=true
*.parallel_automatic_tuning=true
*.parallel_max_servers=8
*.parallel_min_servers=4
*.pga_aggregate_target=524288000
*.processes=500
*.query_rewrite_enabled='FALSE'
*.remote_login_passwordfile='EXCLUSIVE'
*.session_cached_cursors=300
*.sga_max_size=1782579200
*.shared_pool_size=486539264
*.star_transformation_enabled='FALSE'
*.timed_statistics=TRUE
*.undo_management='AUTO'
*.undo_retention=1800
*.undo_tablespace='UNDOTBS1'
*.user_dump_dest='/opt/oracle/admin/test/udump'
*.utl_file_dir='/opt/oracle/admin/test/logs'
*.workarea_size_policy='auto'
oracle@suse:~>sqplplus "/ as sysdba"
SQL>startup pfile='$ORACLE_BASE/admin/$ORACLE_SID/pfile/init$ORACLE_SID.ora' nomount
启动有问题请查看bdump,udump下的trc信息。
vi $ORACLE_BASE/admin/$ORACLE_SID/creadte/createdb.sql
CREATE DATABASE test
LOGFILE
GROUP 1 ('$DATA_HOME/test/log01_01.log') SIZE 50M,
GROUP 2 ('$DATA_HOME/test/log02_01.log') SIZE 50M,
GROUP 3 ('$DATA_HOME/test/log03_01.log') SIZE 50M,
GROUP 4 ('$DATA_HOME/test/log04_01.log') SIZE 50M,
GROUP 5 ('$DATA_HOME/test/log05_01.log') SIZE 50M
DATAFILE '$DATA_HOME/test/system01.dbf' SIZE 300M AUTOEXTEND ON NEXT 10M MAXSIZE 32767M
extent management local
DEFAULT TEMPORARY TABLESPACE temp TEMPFILE '$DATA_HOME/test/temp01.dbf' SIZE 1000M
AUTOEXTEND ON NEXT 10M MAXSIZE 32767M
UNDO TABLESPACE UNDOTBS1 datafile '$DATA_HOME/test/undotbs01.dbf' SIZE 2000M AUTOEXTEND ON NEXT 10M
MAXSIZE 32767M
CHARACTER SET ZHS16GBK
NATIONAL CHARACTER SET AL16UTF16;
SQL>@/u01/oracle/admin/sid/create/createdb.sql
SQL>@$ORACLE_HOME/rdbms/admin/catalog.sql
SQL>@$ORACLE_HOME/rdbms/admin/catproc.sql
SQL>@$ORACLE_HOME/rdbms/admin/catclust.sql
SQL> alter user system identified by systempwd;
SQL> conn system/systempwd;
SQL>@?/sqlplus/admin/pupbld.sql(以system身份登陆)
SQL>conn / as sysdba;
SQL>create spfile from pfile='$ORACLE_BASE/admin/$ORACLE_SID/pfile/init$ORACLE_SID.ora' ;
*****pfile中有Archive mode可省以下操作
SQL>alter system set log_archive_format='arch_%t_%s.arc' scope=spfile;
SQL>alter system set log_archive_dest_1='location=/data/sid/archive';
SQL>alter system set log_archive_start=true scope=spfile;
*****
SQL>shutdown immediate;
SQL> conn / as sysdba;
SQL>startup mount;
SQL>alter database archivelog/noarchivelog;
SQL>alter system archive log start;
SQL>alter database open;
SQL>alter system archive log current;
# LISTENER.ORA Network Configuration File: /u01/oracle/ora920/network/admin/listener.ora
# Generated by Oracle configuration tools.
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = primaryDB )(PORT = 1521))
)
)
)
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(GLOBAL_DBNAME = test)
(ORACLE_HOME = /u01/oracle/ora920)
(SID_NAME = test)
)
)
2007年5月17日星期四
iptables 防火墙实例
Deyou.Yang (yangdeyou@gmail.com) System Management
18 May 2007
脚本
#!/bin/sh
#
# A simple firewall initialization script
#
PASSLIST=~/conf/passlist.txt
STOPLIST=~/conf/stoplist.txt
ALLOWPORT=“22 80 443”
#Dorp all existing filter rules
iptables -F
#First, run through $PASSLIST, acceptin all traffic from
#the hosts and networks contained therein.
for x in `grep -v ^# $PASSLIST | awk '{print $1}'`; do
echo "Permitting $x..."
iptables -A INPUT -t filter -s $x -j ACCEPT
done
#Now run through $STOPLIST, dropping all traffic from the
#hosts and networks contained therein.
for x in `grep -v ^# $STOPLIST |awk '{print $1}'`; do
echo "Stoping $x..."
iptables -A INPUT -t filter -s $x -j DROP
done
#Next, the permitted ports:What will we accept from
#hosts not appearing on the stoplist?
for port in $ALLOWPORT; do
echo "Accepting port $port ...."
iptables -A INPUT -t filter -p tcp --dport $port -j ACCEPT
done
#Finally, unless it's mentioned above, and it's an inbound
#startup request, just drop it.
iptables -A INPUT -t filter -p tcp --syn -j DROP
受限列表
~/conf/stoplist.txt
1.2.3.4 # Portscanned on 8/12/07
7.8.9.0/24 # who knows what evil lurks therein
t1000.unix-center.net #
信任列表
~/conf/passlist.txt
11.22.33.44 # My workstation
208.201.239.0/26 # the local network
查看iptables列表
iptables -L
iptables -L -n
18 May 2007
脚本
#!/bin/sh
#
# A simple firewall initialization script
#
PASSLIST=~/conf/passlist.txt
STOPLIST=~/conf/stoplist.txt
ALLOWPORT=“22 80 443”
#Dorp all existing filter rules
iptables -F
#First, run through $PASSLIST, acceptin all traffic from
#the hosts and networks contained therein.
for x in `grep -v ^# $PASSLIST | awk '{print $1}'`; do
echo "Permitting $x..."
iptables -A INPUT -t filter -s $x -j ACCEPT
done
#Now run through $STOPLIST, dropping all traffic from the
#hosts and networks contained therein.
for x in `grep -v ^# $STOPLIST |awk '{print $1}'`; do
echo "Stoping $x..."
iptables -A INPUT -t filter -s $x -j DROP
done
#Next, the permitted ports:What will we accept from
#hosts not appearing on the stoplist?
for port in $ALLOWPORT; do
echo "Accepting port $port ...."
iptables -A INPUT -t filter -p tcp --dport $port -j ACCEPT
done
#Finally, unless it's mentioned above, and it's an inbound
#startup request, just drop it.
iptables -A INPUT -t filter -p tcp --syn -j DROP
受限列表
~/conf/stoplist.txt
1.2.3.4 # Portscanned on 8/12/07
7.8.9.0/24 # who knows what evil lurks therein
t1000.unix-center.net #
信任列表
~/conf/passlist.txt
11.22.33.44 # My workstation
208.201.239.0/26 # the local network
查看iptables列表
iptables -L
iptables -L -n
订阅:
评论 (Atom)
