21
February
February
18
February
February
Continuing the story about Fire and Ice festival (Tule ja jää pidu), I would like to show some photos about very beautiful ice sculptures, which has been demonstrated on Vabaduse Square (Vabaduse väljak). There were represented 12 figures of animals based on the eastern (Chinese) Zodiac:
Main view on Vabaduse Square (Vabaduse väljak):
In the same evening I walked in Old Town (Vanalinn) and made some pictures:
27
January
January
During Fire and Ice festival, that held in Tallinn, I was on the first part, or, more precisely, on first three events, which were “fire sculptures”. The idea is very simple. Team of few people, using narrow planks in different length, make some object. After on that planks attached hay or straw. But some teams used the ropes for a very original ideas. All events began, when was a dark, near 6 PM. Sculptures ignited one after another. That was incredible!
15th January 2011. Stadium behind Mustamäe culture centre Kaja (Mustamäe kultuurikeskus Kaja).
16th January 2011. Admiraliteedi inlet (Admiraliteedi bassein).
22nd January 2011. Schnelli pond (Shnelli tiigi ääres).
[ad#Google Adsense]
12
December
December
[ad#Google Adsense]
22
June
June
chmod +x iptables.sh
# chkconfig --list iptables iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# service iptables save
#!/bin/bash # External interface EXTIF=eth0 # Internal interface INTIF=eth1 # Loop device/localhost LPDIF=lo LPDIP=127.0.0.1 LPDMSK=255.0.0.0 LPDNET="$LPDIP/$LPDMSK" # Text tools variables IPT='/sbin/iptables' IFC='/sbin/ifconfig' G='/bin/grep' SED='/bin/sed' # Deny then accept: this keeps holes from opening up # while we close ports and such $IPT -P INPUT DROP $IPT -P OUTPUT DROP $IPT -P FORWARD DROP # Flush all existing chains and erase personal chains CHAINS=`cat /proc/net/ip_tables_names 2>/dev/null` for i in $CHAINS; do $IPT -t $i -F done for i in $CHAINS; do $IPT -t $i -X done # Setting up external interface environment variables EXTIP="`$IFC $EXTIF|$G addr:|$SED 's/.*addr:\([^ ]*\) .*/\1/'`" #EXTBC="`$IFC $EXTIF|$G Bcast:|$SED 's/.*Bcast:\([^ ]*\) .*/\1/'`" EXTMSK="`$IFC $EXTIF|$G Mask:|$SED 's/.*Mask:\([^ ]*\)/\1/'`" EXTNET="$EXTIP/$EXTMSK" #echo "EXTIP=$EXTIP EXTBC=$EXTBC EXTMSK=$EXTMSK EXTNET=$EXTNET" echo "EXTIP=$EXTIP EXTMSK=$EXTMSK EXTNET=$EXTNET" # Setting up environment variables for internal interface one INTIP="`$IFC $INTIF|$G addr:|$SED 's/.*addr:\([^ ]*\) .*/\1/'`" #INTBC="`$IFC $INTIF|$G Bcast:|$SED 's/.*Bcast:\([^ ]*\) .*/\1/'`" INTMSK="`$IFC $INTIF|$G Mask:|$SED 's/.*Mask:\([^ ]*\)/\1/'`" INTNET="$INTIP/$INTMSK" #echo "INTIP1=$INTIP INTBC=$INTBC INTMSK1=$INTMSK1 INTNET1=$INTNET1" echo "INTIP=$INTIP INTMSK=$INTMSK INTNET=$INTNET" # We are now going to create a few custom chains that will result in # logging of dropped packets. This will enable us to avoid having to # enter a log command prior to every drop we wish to log. The # first will be first log drops the other will log rejects. # Do not complain if chain already exists (so restart is clean) $IPT -N DROPl 2> /dev/null $IPT -A DROPl -j LOG --log-prefix 'DROPl:' $IPT -A DROPl -j DROP $IPT -N REJECTl 2> /dev/null $IPT -A REJECTl -j LOG --log-prefix 'REJECTl:' $IPT -A REJECTl -j REJECT # Now we are going to accept all traffic from our loopback device # if the IP matches any of our interfaces. $IPT -A INPUT -i $LPDIF -s $LPDIP -j ACCEPT $IPT -A INPUT -i $LPDIF -s $EXTIP -j ACCEPT $IPT -A INPUT -i $LPDIF -s $INTIP -j ACCEPT $IPT -A OUTPUT -o $LPDIF -s $LPDIP -j ACCEPT $IPT -A OUTPUT -o $LPDIF -s $EXTIP -j ACCEPT $IPT -A OUTPUT -o $LPDIF -s $INTIP -j ACCEPT # Block WAN access to internal network # This also stops nefarious crackers from using our network as a # launching point to attack other people # iptables translation: # "if input going into our external interface does not originate from our isp assigned # ip address, drop it like a hot potato $IPT -A INPUT -i $EXTIF -d ! $EXTIP -j DROPl # Now we will block internal addresses originating from anything but our # predefined interface.....just remember that if you jack your # your laptop or another pc into one of these NIC's directly, you'll need # to ensure that they either have the same ip or that you add a line explicitly # for that IP as well # Interface one/internal net one $IPT -A INPUT -i $INTIF -s ! $INTNET -j DROPl $IPT -A OUTPUT -o $INTIF -d ! $INTNET -j DROPl $IPT -A FORWARD -i $INTIF -s ! $INTNET -j DROPl $IPT -A FORWARD -o $INTIF -d ! $INTNET -j DROPl # An additional Egress check $IPT -A OUTPUT -o $EXTIF -s ! $EXTNET -j DROPl # Allow access from internal network to Internet $IPT -A OUTPUT -o $EXTIF -s $EXTIP -m state --state NEW -j ACCEPT $IPT -A FORWARD -i $INTIF -s $INTNET -m state --state NEW -j ACCEPT $IPT -A OUTPUT -o $INTIF -s $INTNET -m state --state NEW -j ACCEPT $IPT -A INPUT -i $INTIF -s $INTNET -m state --state NEW -j ACCEPT # Allow ping from outside ICMPPORT="0 8 3 11" for i in $ICMPPORT do $IPT -A INPUT -i $EXTIF -p icmp --icmp-type $i -m state --state NEW -j ACCEPT done # Allow access to services on gateway #TCP ports #80 HTTP #443 HTTPS #53 DNS #20:21 FTP data+active #45000:50000 FTP passive ports #25 SMTP #123 Time #81 ISPConfig #6890:6999 rTorrent TCPPORT="80 443 53 20:21 45000:50000 25 123 81 6890:6999" echo -n "FW: Allow access to services on gateway (TCP):" for i in $TCPPORT do echo -n "$i " $IPT -A INPUT -i $EXTIF -p tcp --dport $i --syn -m state --state NEW -j ACCEPT done echo "" #UDP ports #53 DNS #123 Time #6890:6999 rTorrent #33434:33534 traceroute UDPPORT="53 123 6890:6999 33434:33534" echo -n "FW: Allow access to services on gateway (UDP):" for i in $UDPPORT do echo -n "$i " $IPT -A INPUT -i $EXTIF -p udp --dport $i -m state --state NEW -j ACCEPT done echo "" #Block brute force ssh attack $IPT -N SSHSCAN #WHITE_LIST_IP="xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy" #for i in $WHITE_LIST_IP #do # $IPT -A INPUT -i $EXTIF -p tcp --dport 22 -s $i -j ACCEPT #done $IPT -A INPUT -i $EXTIF -p tcp --dport 22 -m state --state NEW -j SSHSCAN $IPT -A SSHSCAN -m recent --set --name SSH $IPT -A SSHSCAN -m recent --update --seconds 3600 --hitcount 4 --name SSH -j LOG --log-level info --log-prefix "SSH SCAN blocked: " $IPT -A SSHSCAN -m recent --update --seconds 3600 --hitcount 4 --name SSH -j DROP $IPT -A INPUT -i $EXTIF -p tcp --dport 22 -m state --state NEW -j ACCEPT #Block brute force imap attack #dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user xxx $IPT -N IMAPSCAN $IPT -A INPUT -i $EXTIF -p tcp --dport 143 -m state --state NEW -j IMAPSCAN $IPT -A INPUT -i $EXTIF -p tcp --dport 993 -m state --state NEW -j IMAPSCAN $IPT -A IMAPSCAN -m recent --set --name IMAP $IPT -A IMAPSCAN -m recent --update --seconds 900 --hitcount 4 --name IMAP -j LOG --log-level info --log-prefix "IMAP SCAN blocked: " $IPT -A IMAPSCAN -m recent --update --seconds 900 --hitcount 4 --name IMAP -j DROP $IPT -A INPUT -i $EXTIF -p tcp --dport 143 -m state --state NEW -j ACCEPT $IPT -A INPUT -i $EXTIF -p tcp --dport 993 -m state --state NEW -j ACCEPT #Port forwarding $IPT -t nat -A PREROUTING -i $EXTIF -d $EXTIP -p tcp --dport 8080 -j DNAT --to 192.0.1.2:8080 $IPT -A FORWARD -i $EXTIF -d 192.0.1.2 -p tcp --dport 8080 -j ACCEPT #NAT $IPT -t nat -A PREROUTING -j ACCEPT $IPT -t nat -A POSTROUTING -o $EXTIF -s $INTNET -j MASQUERADE $IPT -t nat -A POSTROUTING -j ACCEPT $IPT -t nat -A OUTPUT -j ACCEPT #Other stuff $IPT -A INPUT -p tcp --dport auth --syn -m state --state NEW -j ACCEPT $IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $IPT -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # Block and log what me may have forgot $IPT -A INPUT -j DROPl $IPT -A OUTPUT -j REJECTl $IPT -A FORWARD -j DROPl
http://www.petrich.me/files/scripts/iptables.sh
28
May
May
xmlrpc-c-1.14.8-1.el5.i386.rpm xmlrpc-c-apps-1.14.8-1.el5.i386.rpm libtorrent-0.12.6-1.el5.i386.rpm rtorrent-0.8.6-4.el5.i386.rpm
/home/rtorrent/.rtorrent.rc
man rtorrent
# yum install mod_scgi
scgi_port = localhost:5000
SCGIMount /RPC2 127.0.0.1:5000
<Directory /var/www/.../rutorrent>
AllowOverride All
</Directory>
AuthType Basic AuthName "access to rutorrent" AuthUserFile /etc/httpd/conf/htpasswd Require valid-user
# cd /etc/httpd/conf # htpasswd -c htpasswd rtorrent
# service httpd reload
# yum install screen
man screen
screen -S rtorrent
screen -S rtorrent -d -m rtorrent
screen -r
screen -x rtorrent
screen -ls
http://www.petrich.me/web/files/scripts/rtorrent
# cd /etc/init.d # wget http://www.petrich.me/files/scripts/rtorrent # chmod +x rtorrent
# chkconfig rtorrent on
17
May
May
07
March
March
27
February
February
Several days ago (21.02.2010) I have decided to drive to the south of Estonia to look at Sangaste Manor. That was long way, but pictures was great. You can look at them:
Also, on the way to home, Alex decided to sing his favorite song and I have took that with my iPhone:
28
January
January
Русский
English
Recent Comments