Monday 20 October 2014

Upgrade Crunchbang from wheezy/waldorf to janice/jessie (stable to testing) simplified


Following jschueths's post Updating Crunchbang to the Next Release I decided to use SED to make everything easier, instead of making the changes one-by-one by hand.

We should probably make backups of the files we are modifying first:
$ sudo cp /etc/apt/sources.list /etc/apt/sources.list.waldrof
$ sudo cp /etc/apt/preferences /etc/apt/preferences.waldrof
Then one command to make all the modifications:
$ sudo sed -i 's/waldorf/janice/g;s/wheezy/jessie/g' /etc/apt/sources.list /etc/apt/preferences
Then as jschurths said:
$ sudo apt-get update
$ sudo apt-get --no-install-recommends dist-upgrade

Sunday 19 October 2014

Block incoming WAN (Internet) connections for SAMBA using iptables


 This is my idea on how one might keep WAN connections from hitting a SAMBA server:
iptables -m multiport -m comments -A INPUT -s 192.168.0.0/24 -p tcp --dports 137:139,445,43270,43273 -j ACCEPT --comment "Allow local connections to SAMBA - TCP"
iptables -m multiport -m comments -A INPUT -s 192.168.0.0/24 -p udp --dports 137:139,445,43270,43273 -j ACCEPT --comment "Allow local connections to SAMBA - UDP"


iptables -m multiport -m comments -A INPUT -p tcp --dports 137:139,445,43270,43273 -j DROP --comment "Block WAN connections to SAMBA - TCP"
iptables -m multiport -m comments -A INPUT -p udp --dports 137:139,445,43270,43273 -j DROP--comment "Block WAN connections to SAMBA - UDP"
 The ports *should* be right for SAMBA. The network address and range (192.168.0.0/24) might have to be changed to reflect you LAN (internal network)