The Road to Elysium

May 27, 2009

Easy reloading of Varnish

Filed under: Snippets — jorge @ 09:23

A co-worker of mine made a nice little script to make reloading of the default VCL that Varnish uses a bit easier. Not wanting to telnet or use varnishadm manually, this script does the trick. This was taken from http://kristian.blog.linpro.no/2009/02/18/easy-reloading-of-varnish-vcl/:

#!/bin/bash
# Reload a varnish config
# Author: Kristian Lyngstol
 
FILE="/etc/varnish/default.vcl"
 
# Hostname and management port
# (defined in /etc/default/varnish or on startup)
HOSTPORT="localhost:6082"
NOW=`date +%s`
 
error()
{
    echo 1>&2 "Failed to reload $FILE."
    exit 1
}
 
varnishadm -T $HOSTPORT vcl.load reload$NOW $FILE || error
varnishadm -T $HOSTPORT vcl.use reload$NOW || error
echo Current configs:
varnishadm -T $HOSTPORT vcl.list

May 25, 2009

flac to mp3

Filed under: Snippets — jorge @ 15:28 
$ for file in *.flac; do $(flac -cd "$file" | lame -h - "${file%.flac}.mp3"); done

November 27, 2008

Nifty firewall

Filed under: Snippets — jorge @ 15:17 
#!/bin/bash
 
IPTABLES='/sbin/iptables'
 
 
# Clear out any existing firewall rules, and any chains that might have
# been created. Then set the default policies.
 
$IPTABLES -F
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -F -t mangle
$IPTABLES -F -t nat
$IPTABLES -X
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
 
 
# Begin setting up the rulesets. First define some rule chains to handle
# exception conditions. These chains will receive packets that we aren't
# willing to pass. Limiters on logging are used so as to not to swamp the
# firewall in a DOS scenario.
#
# silent       - Just dop the packet
# tcpflags     - Log packets with bad flags, most likely an attack
# firewalled   - Log packets that that we refuse, possibly from an attack
 
$IPTABLES -N silent
$IPTABLES -A silent -j DROP
 
$IPTABLES -N tcpflags
$IPTABLES -A tcpflags -m limit --limit 15/minute -j LOG --log-level 4 --log-prefix '** TCP-Flags ** -- '
$IPTABLES -A tcpflags -j DROP
 
$IPTABLES -N firewalled
$IPTABLES -A firewalled -m limit --limit 15/minute -j LOG --log-level 4 --log-prefix '** Firewalled ** -- '
$IPTABLES -A firewalled -j DROP
 
 
# These are all TCP flag combinations that should never, ever, occur in the
# wild. All of these are illegal combinations that are used to attack a box
# in various ways.
 
$IPTABLES -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j tcpflags
$IPTABLES -A INPUT -p tcp --tcp-flags ALL ALL -j tcpflags
$IPTABLES -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j tcpflags
$IPTABLES -A INPUT -p tcp --tcp-flags ALL NONE -j tcpflags
$IPTABLES -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j tcpflags
$IPTABLES -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j tcpflags
 
 
# Allow selected ICMP types and drop the rest.
 
$IPTABLES -A INPUT -p icmp --icmp-type 0 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 11 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 8 -m limit --limit 1/second -j ACCEPT
$IPTABLES -A INPUT -p icmp -j firewalled
 
 
# The loopback interface is inheritly trustworthy. Don't disable it or
# a number of things will break.
 
$IPTABLES -A INPUT -i lo -j ACCEPT
 
 
# Now allow Internet hosts access to those services we provide. Note that
# enabling inbound FTP 20 & 21 tcp will also require allowing ports
# 1024-65534/tcp. Which in itself is good enough reason not to allow FTP
# connections and to only allow ssh/scp/sftp.
 
## SSH
 
# localhost
$IPTABLES -A INPUT -p tcp --dport 22 -s 127.0.0.1 -j ACCEPT
 
# example.com
$IPTABLES -A INPUT -p tcp --dport 22 -s 208.77.188.166 -j ACCEPT
 
# oidentd
$IPTABLES -A INPUT -p tcp --dport 113 -j ACCEPT
 
 
## HTTP access from anywhere
 
$IPTABLES -A INPUT -p tcp -s 0/0 --dport 80 -j ACCEPT
 
 
# Allow packets that are part of an established connection to pass
# through the firewall. This is required for normal Internet activity
# by inside clients.
 
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
 
# Anything not already matched gets firewalled and logged.
 
$IPTABLES -A INPUT -j firewalled

October 28, 2008

Remove comments and empty lines with grep

Filed under: Snippets — jorge @ 12:39 
$ grep -v -e ^# -e ^$ file.txt

August 22, 2008

Acer Aspire One Screen Resolution Script

Filed under: Snippets — jorge @ 10:56 
#!/bin/bash
#
## Script to extend your Acer Aspire One (AA1) desktop
## Jorge Barrera Grandon <jorge@atlantiscrew.net>
#
#
## Press Fn-F5 on your AA1 till both monitors are 
## active then run this script. Usage is like so:
## ./dual_desktop.sh <resolution> <position of the AA1>
##
## Example: ./dual_desktop.sh 800x600 left
 
XRANDR=`which xrandr`
 
if [ "$1" = "1280x1024" ] || [ "$1" = "1024x768" ] || [ "$1" = "800x600" ] && [ "$2" = "left" ] || [ "$2" = "right" ]; then
 
    echo "Setting resolution to $1 and alignment to $2."
    $XRANDR -s $1
    $XRANDR --output LVDS --$2-of VGA --auto
 
else
    $XRANDR -s 1280x1024 
    $XRANDR --output LVDS --left-of VGA --auto
    echo "No or invalid resolution given - setting resolution to 1280x1024 and alignment to left."
 
fi
« Newer PostsOlder Posts »

Powered by WordPress