Linux

A simple firewall-cmd cheatsheet

Posted on

Get Default Zone
Get Active Zones
List Zone Services
Add a permanent port into a zone
Remove a permanent port from a zone
Firewall-cmd reload

I tested this using CentOS 7 with firewalld service running.

Get Default Zone

To know the default zone, use this command

firewall-cmd --get-default-zone

Get Active Zones

firewall-cmd --get-active-zones

List Zone Services

To check services, ports and settings on a specific zone, use this command

firewall-cmd --zone=public --list-all

Add a permanent port into a zone

Adding a permanent TCP/UDP port in a specific zone. Example: opening MongoDB port

firewall-cmd --permanent --zone=public --add-port=27017/tcp
firewall-cmd --permanent --zone=public --add-port=27017/udp

Remove a permanent port from a zone

firewall-cmd --permanent --zone=public --remove-port=27017/tcp
firewall-cmd --permanent --zone=public --remove-port=27017/udp

Firewall-cmd reload

To reflect your firewall changes. You have to reload the firewall using the following command

firewall-cmd --reload
General

Use Cloudflare as Dynamic DNS

Posted on

I would like to share how I use Cloudflare as Dynamic DNS. I am using Dynamic DNS service from No-IP for three years until a colleague of mine mentioned about Cloudflare’s really fast global DNS. Initially, I thought that Cloudflare was just a CDN and an Internet company that protects websites from Distributed Denial-of-Service (DDoS) attack, upon further investigation I found out that Cloudflare also provides a DNS service with a REST-API for you to update your DNS records.

I migrated most of my domain to CloudFlare DNS and then uses their API to update my domain’s DNS records once my ISP changed the IP address.

To know my router’s IP address I use the service of ipinfo.io. You may use other provider or other technique to know your router’s public IP address.

Source code available at https://github.com/mrprintedwall/cloudflare-as-dynamic-dns

$nano updateip.sh
#!/bin/bash

IP=$(curl -s "https://ipinfo.io/ip")
echo "THIS IS IP $IP"
touch dynip.txt
OLD_IP=$(cat dynip.txt)
echo "OLD IP: $OLD_IP"

curlUpdate(){
curl -X PUT "https://api.cloudflare.com/client/v4/zones/$1/dns_records/$2" \
-H "X-Auth-Email: [email protected]" -H "X-Auth-Key: YOUR_CLOUDFLARE_API_KEY" \
-H "Content-Type: application/json" \
--data "{\"type\":\"A\",\"name\":\"$4\",\"content\":\"$3\",\"proxied\":$5}"
}

if [ "$IP" != "$OLD_IP" ]; then
    echo "Changing IP"
    echo $IP > dynip.txt
    curlUpdate "ZONE_ID" "ID_OF_DNS_RECORD" "$IP" "johnpili.com" "true"
    curlUpdate "ZONE_ID" "ID_OF_DNS_RECORD" "$IP" "www.johnpili.com" "true"
    curlUpdate "ZONE_ID" "ID_OF_DNS_RECORD" "$IP" "ssh.johnpili.com" "false"
    #curlUpdate "ZONE_ID" "ID_OF_DNS_RECORD" "$IP" "domain1.com" "true"
    #curlUpdate "ZONE_ID" "ID_OF_DNS_RECORD" "$IP" "www.domain1.com" "true"
    #curlUpdate "ZONE_ID" "ID_OF_DNS_RECORD" "$IP" "domain2.com" "true"
    #curlUpdate "ZONE_ID" "ID_OF_DNS_RECORD" "$IP" "www.domain2.com" "true"
fi

You can then setup your CRON to run the script on a specified interval or schedule.

Disclaimer

Cloudflare’s DNS REST API is owned by Cloudflare and subject to Cloudflare’s terms and conditions.

Tutorials

Configure Tomcat To Run on Linux Startup

Posted on
Auto-start Apache Tomcat on Linux

If you are using the core version of Apache Tomcat and would like auto-start it on Linux here are the simple steps. I assume that you already have a running Apache Tomcat and know how to navigate to the terminal and have necessary system permission to proceed with this tutorial. Depending on the distribution that you are using you may need to find a specific location for the configuration or init.d folder.

1. Start by creating startup script into folder /etc/init.d/ or /etc/rc.d depending on what Linux distribution you are using.

$sudo vi tomcat

2. Enter the following scripts inside tomcat file

#!/bin/bash
# 
# tomcat
#
# chkconfig: 35
# description: Start up the Tomcat servlet engine.
# processname: tomcat

# /etc/init.d/tomcat


RETVAL=$?
CATALINA_HOME="/opt/apache-tomcat-8.5.30"

case "$1" in
 start)
        if [ -f $CATALINA_HOME/bin/startup.sh ];
          then
    echo $"Starting Tomcat"
            $CATALINA_HOME/bin/startup.sh
        fi
;;
 stop)
        if [ -f $CATALINA_HOME/bin/shutdown.sh ];
          then
    echo $"Stopping Tomcat"
            $CATALINA_HOME/bin/shutdown.sh
        fi
;;
 *)
 echo $"Usage: $0 {start|stop}"
exit 1
;;
esac

exit $RETVAL

NOTE
You will need to set the CATALINA_HOME and point it to the location where you deploy your Apache Tomcat.

Example:

CATALINA_HOME="/opt/apache-tomcat-8.5.30"

3. In this tutorial, we will create a symbolic link in Runlevel 3

$cd /etc/init.d/rc5.d/
$sudo ln -s ../init.d/tomcat S01tomcat
$sudo ln -s ../init.d/tomcat K01tomcat

In case you’re wondering, what S or K means: S is to start the application and K stands for to kill or shutdown the application. The number denotes the order. There are a lot of articles already available on the Internet about Linux Runlevel. You can check out Linux Runlevels Explained and Understanding init scripts

Distribution Notes

SLES 11 SP4
In SLES11, once you created the files tomcat1 and tomcat2 inside init.d folder you don’t need to create the symbolic link manually. Instead, execute the following command

$chkconfig --set tomcat1 on
$chkconfig --set tomcat2 on

To verify type the following code

$chkconfig

The output should look like this.

runlevel services via chkconfig