The version 1.0 pyboard that I ordered from the Micro Python project arrived in the mail today. It’s amazingly small.
The board supports a REPL shell, accessible via the same USB cable that provides power, and has a number of LEDs, timers, a user-assignable switch, and an accelerometer framework. I’ll be putting together a review pretty shortly, but there are a million things going on, suddenly.
Stay tuned.
I’ve been getting something like a one-person DoS attack overnight, it seems — a single IP address hitting port 80 hundreds of times a minute, generating endless 404s, and chewing up noticeable bandwidth — so I had to add a rule to my iptables to block the IP address at fault. Here’s how to do it:
First, list your current iptable rules, with line numbers, for easy reference:
$ sudo iptables -L -n --line-numbers Chain INPUT (policy ACCEPT) num target prot opt source destination 1 fail2ban-SSH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 3 REJECT all -- 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 etc...
Add a new rule to block the offending IP address (“xxx.yyy.zzz.www”).
$ sudo iptables -I INPUT 1 -s xxx.yyy.zzz.www -j DROP
This will insert the new rule at position 1, just prior to the rule that accepts TCP incoming traffic on port 22 for SSH and passes it to fail2ban.
Save the updated table and restart the service.
$ sudo service iptables save $ sudo service iptables restart
$ sudo iptables -L -n --line-numbers Chain INPUT (policy ACCEPT) num target prot opt source destination 1 DROP all -- 200.85.152.75 0.0.0.0/0 2 fail2ban-SSH tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 REJECT all -- 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable 5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 etc...
Some suggestions for doing this that turn up on Google have used the “-A” (Add) flag rather than the “-I” (Insert) flag. This will not work in most cases, it would add the new rule to the end of the INPUT chain, after the rule that accepts (for instance) HTTP packets. If the banned IP address were attempting to access port 80, if would be ACCEPTed by that rule before it could get DROPped by the new rule.
The position of the rule is important: if it follows a rule which would accept the traffic otherwise, the new rule will have no effect. Placing it before the rules for general public traffic ensures that the annoyance in question can’t consume resources by trying to do things like load non-existent web pages. In fact, by checking first, the IP address is effectively firewalled from the server.
If you’re working on code, whether you’re doing it on your own or collaboratively, you really want to be using a version control/source code management system, and the one most widely used these days is Linus Torvalds’ program git.
Git can be a little difficult to get your head around, but luckily, there are a lot of excellent (and free!) resources available to get you up to speed.
First, there’s TryGit, a collaboration between Github and Code School. TryGit walks you through fifteen guided experiments that will introduce you to the basics of git.
When you’ve worked through that, Code School’s “Git Real” course is available for free, no sign-up or credit card needed.
Another great resource is Git Immersion, from EdgeCase, a web-based guided tutorial that you can download to your own desktop.
Atlassian also provides an extensive set of git tutorials.
Finally, the text of the entire book “Pro Git”, written by Scott Chacon and published by Apress, is available online for free.
There’s no good reason not to use git, and lots of excellent reasons to do so. Do yourself a favor, save yourself some headaches, and check it out.
(SEE WHAT I DID THERE?)
