Linux Howto

Block IP by ufw or iptables and firewalld

Home
Schreibe einen Kommentar

A large number of suspicious requests is going on, protection is provided by ufw, iptables or firewalld. This tutorial show how to use the commands to reject an IP address on popular Linux software Firewalls.

Block IP by ufw or iptables and firewalld

Using ufw or iptables and firewalld

Fire up a terminal and log on to the server by using SSH and then complete the steps for firewalld in the first chapter. The second chapter shows the commands for UFW, and the third shows using iptables.

firewalld tool

firewalld is on RHEL 7, CentOS 7 and later, Fedora 18 and later.

To ensure that firewalld is running on your server, run the following command. If firewalld is not running, go to the iptables chapter.

$ sudo systemctl status firewalld

Run the following command to block the IP address and to add the rule to the permanent set:

$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='xxx.xxx.xxx.xxx' reject"

Run the following command to reload the firewalld rules:

$ sudo firewall-cmd --reload

Run the following command to list and verify the new rule:

$ sudo firewall-cmd --list-all

Run the following command to remove a blocked IP address.

$ sudo firewall-cmd --remove-rich-rule="rule family='ipv4' source address='xxx.xxx.xxx.xxx' reject"

Run the following command to verify the firewalld is running.

$ firewall-cmd --state

Uncomplicated Firewall (UFW)

ufw is available on Debian 6 and later, Ubuntu 8.04 LTS and later.

To ensure that ufw is running on your server, run the following command. If ufw is not running, go to the iptables chapter.

$ sudo systemctl status ufw

Run the following command to block the IP address:

$ sudo ufw deny from xxx.xxx.xxx.xxx to any

Run the following command to list and verify the new rule:

$ sudo ufw status

Run the following command to remove a blocked IP address.

$ sudo ufw delete 7

Run the following command to show numbered list of firewall rules.

$ ufw status numbered

iptables tool

iptables is commonly pre-installed on all Linux distributions.

Run the following command to block the IP address:

$ sudo iptables -I INPUT -s xxx.xxx.xxx.xxx -j DROP

Run the following command to save the settings. The settings persist after the server reboots.

$ sudo service iptables save

Run the following command to list and verify the new rule:

$ sudo iptables -vnL

Run the following command to delete a iptables chain.

$ sudo iptables -D INPUT 7

Run the following command to show numbered list of iptables chains.

$ sudo iptables -L --line-numbers

about ufw or iptables and firewalld

The firewall commands ufw, iptables and firewalld shown here for the corresponding kernel firewalls apply to the most common Linux operating systems.

Workaround

Visual Basic Script Windows Logon mit MsgBox Nachricht

Home
Schreibe einen Kommentar

Visual Basic Script Message-Box Pop-up Fenster

Visual Basic Script erzeugt ein Pop-up Fenster mit Information, durch die MsgBox-Funktion

IT-Administratoren haben die Möglichkeit, den Benutzern bei der Anmeldung am Arbeitsplatz Informationen anzeigen zu lassen.

Es eignet sich zu diesem zweck die Visual Basic Script MsgBox-Funktion. Dazu die folgenden 3 Zeilen in ein Editor (Notepad) einfügen und den Inhalt zum Beispiel als Datei „logon.bat“ speichern.

echo msgbox("Guten Morgen Mitarbeiter. Bitte Kaffee bei mir nehmen. Vielen Dank und ein schönen Tag"),vbInformation ,"Nachricht"> %temp%\msg.vbs
%temp%\msg.vbs
erase %temp%\msg.vbs

Der VB-Script erzeugt ein Pop-up Fenster mit Information, durch die MsgBox-Funktion. Die Datei msg.vbs wird im Pfad %temp% gespeichert, und nach der ausführung wieder gelöscht.

Der Benutzer kann das geöffnete Fenster mit Klick auf OK schliessen.

In der AD Benutzerverwaltung (dsa.msc) bei den Benutzern im Tab Profile bei Logon script den Dateinamen (logon.bat) eintragen.

AD User Manager Profile Logon script

Bei Windows Domäne die Datei unter \\server\netlogon speichern.

  Die Freigabe netlogon befindet sich auf dem Server unter %systemroot%\SYSVOL\sysvol\[domain]\scripts. Wird bereits ein Logon Script verwendet, können die Code Zeilen in diesen Script eingefügt werden.

Microsoft Visual Basic Scripting Edition

VBScript („Microsoft Visual Basic Scripting Edition“) is an Active Scripting language developed by Microsoft that is modeled on Visual Basic. It allows Microsoft Windows system administrators to generate powerful tools for managing computers without error handling and with subroutines and other advanced programming constructs. It can give the user complete control over many aspects of their computing environment.

VBScript uses the Component Object Model to access elements of the environment within which it is running; for example, the FileSystemObject (FSO) is used to create, read, update and delete files. VBScript has been installed by default in every desktop release of Microsoft Windows since Windows 98; in Windows Server since Windows NT 4.0 Option Pack; and optionally with Windows CE (depending on the device it is installed on).

A VBScript script must be executed within a host environment, of which there are several provided with Microsoft Windows, including: Windows Script Host (WSH), Internet Explorer (IE), and Internet Information Services (IIS). Additionally, the VBScript hosting environment is embeddable in other programs, through technologies such as the Microsoft Script Control (msscript.ocx).