If you would like to edit this file directly, use the following:

-A INPUT -p tcp -m tcp -s 192.168.15.16 --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp -s 192.168.15.254/26 --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp -s 0.0.0.0/0 --dport 22 -j DROP


Remember, IPtables like most hardware firewalls, uses stateful packet inspection. It will read the rules in order from top to bottom. This is why we put all the allowed networks first and then put in a blanket deny all (0.0.0.0/0). You can enter hosts into IPtables using any of the following formats:

IP address: ex. 192.168.15.16
DNS name: ex. skullbox.net
CIDR: ex. 192.168.15.254/26

That's it!

That being said, it may also be advantageous to put a policer statement in your switches to also rate limit ingress traffic. I have seen and experienced problems with networks that had zero restrictions on ingress traffic. If a server or group or servers suddenly requests data from outside the network, saturation quickly brings the network down or to a crawl. Unfortunately, because of the way TCP works, you must have bandwidth available (both ingress and egress) to complete connection requests.

If you ever transfer large files using your cable modem, you may notice slow web browsing while the transfer is running. Same concept applies. Now, saturation of Ingress bandwidth is usually only a problem on small networks. By small I mean networks with 100 Mbps or less of transport to the Internet.

Larger networks with 200+ Mbps usually run fine as requests in excess of 200 Mbps are rare. Speaking from experience, I had a group of Sonicwall CDP devices configured to collect backup data from remote networks. Manually activating the transfer requested over 70 Mbps of Ingress traffic. That combined with other requests from the network saturated the 100 Mbps pipe and some servers were reporting offline.

Placing a high rate limit on ingress traffic may be worth your while depending on what devices live on your network. In my case, it would have stopped the Sonicwalls from eating all the bandwidth. If you are using Juniper gear, rate limiting can be done in the ScreenOS GUI. In JunOS this is done by attaching a policer statement the interface. Cisco PIX/ASAs will also rate limit traffic. If you are using Cisco Catalysts make sure you have the "Enhanced" version of IOS. They require specific models like the 2950T. The standard 2950 will not do rate limiting. All layer 3 Cisco devices such as 3750s and 4548s will work fine right out of the box.

Growing up in Orlando, I saw this company go from a operating out of a normal office, to taking over the entire office park and surrounding buildings. It’s no secret Fullsail “University” has grown by leaps and bounds. The school itself is only accredited by the ACCAST, which grants accreditation to vocational schools. Colleges and universities do not recognize the ACCAST and therefore any credit hours earned WILL NOT transfer to a traditional 4-year degree program.

I have blocked Fullsail’s advertisements from my Adsense account and I will tell you why. Over the last few years I have learned more and more about this company. I will refer to it as a company for the rest of this post because the fact it is called a University is outrageous. In my opinion, the only thing that qualifies it as a “University” is the price (rumored to be 40k-55k total). In the last few years, I have meet and/or interacted with many people who attended Fullsail. The majority of whom I met never graduated from the place. Of the ones who did, most of them did not move on to be successful movie producers, recording artists, or anything close. In fact, most of them were given jobs as “recruiters” to work for the company. Sounds like a pyramid scheme to me…

Not to stereotype (I will admit when I do) but it seems that a lot of students I have seen had 2 things in common. The first is being “Gothic.” Fullsail had taken over an old strip mall close to an Ale House where I was eating. While leaving, I drove past the strip mall and must have see 50+ “students” all dressed in black. Some had black lipstick (both girls and guys ), colored hair, and a lot of piercing. The second thing they have in common is poor driving skills. Somehow, when I drive around that area, most of the people who are speeding, weaving through traffic, and cutting people off all have a Fullsail sticker on the back of their car.

So what makes this place so renowned? I have a hard time believing this place is that great considering the current and former attendees. Another thing that caught my attention was the fact Failsail themselves have control of fullsailsucks.com. I briefly looked into this and it seems that someone started the website and Fullsail sued them, therefore gaining control of the domain name. Not sure if that is true or not, but a Google search reveals many students who have come forward and shared their story. There have been several other websites exploiting Fullsail. Most of them have been shutdown, but there is a forum that requires registration to view it. While reading the reviews, most said it wasn’t what they expected. They didn’t get everything that was promised to them, and in the end they felt taken.

I don’t know the real story about this place… I have never attended Fullsail and never will. I can say that the reviews I read which portray negatively seem to outweigh the positive ones. I cannot help but think Fullsail is painting a Picasso for the incoming students, then handing them a Xerox when they graduate.

I am bringing this up because twice this month previous customers have inquried about returning for service. Both customers asked if we still had copies of their files. As a provider, you can’t help but feel bad when a customer requests to cancel service.

Usually you delete all the files and use the server for something else or for a different customer. We started compressing customer files and storing them on tapes for a period of 12 months. When customer cancel (at least in our case) they do so becuase they either found a cheaper provider, were bought out or obsorbed by another company, or simply closed up shop. I have run into all 3 over the last few years, but it seems most of them return because we provided such good service. As sad as it sounds, sometimes customers need to see that the grass isn’t always greener on the other side.

If you are a service provider, you may want to take the extra 10 minutes to archive your customer data. It really makes you look like a rockstar when you can turn up a returning customer with their old data.

Password protecting directories is not new. The next step up would be firewall policies. You may allow only RDP access to specific IP addresses. However, you may need something between. For example, most ticket systems today are web-based. This makes it easier for admins to work remotely. However, these ticket systems contain the most important company data. Passwords, client names, IP addresses, etc are all documented in tickets.

Most ticket systems have a customer portal that allows customers to view their tickets. Then their is the admin or staff side. Let us say your ticket software is installed at the address: support.yourcompany.com. Customers can go to that URL to submit and view tickets. The staff will usually login via the URL: support.yourcompany.com/staff or support.yourcompany.com/admin. That’s fine, but personally, I’d feel a little better if this was restricted to prevent joe blow from seeing a login prompt. Remember, you cannot completely lock this URL down at the firewall because customers still need access to it. You can however use an old fashioned .htaccess file with an ACL inside.

Code:

The example above would need to be placed on your webserver in the /staff and /admin folders of your URL. Anyone visiting those URLs from hosts other than the ones listed in the .htaccess file will receive an error message.

Every now and then you’ll find yourself in a bind where you need to delete files older than a certain date. This isn’t a bid deal in small numbers, but when faced with a directory containing 120,000+ files it can be overwhelming. Not to worry! The following command will do this for you. You will simply need to adjust the date depending on what you want to do. Here is the command:

Code:

That will list all files from May of the current year and delete them. Remember, Linux will not show the year of the file if it is the current year. You can use this command 12 times (once per month) and delete all files from every month. The following will list all files from 2008 and delete them:

Code:

Be careful using these commands as their is no way to “undelete” files in Linux. You would need to restore from a backup.

Recently, ebay created a “policy” of holding payments for select auctions from sellers with feedback under 100. This has now been shifted to all auctions of select “high risk” items. These items include electronics and gift cards. I gathered all this information over the phone from several paypal employees. Previously, I called in and had the hold removed. They now claim the only way to remove the hold and release fund into your paypal is one of 3 ways:

• Wait 21 days
• wait until the buyer leaves positive feedback
• ship the item yourself and provide tracking to paypal

I explained there are several reasons why this policy is ing outrageous! By selling an item on ebay, I had to pay a $20 fee. I then paid $14 to ship it, and a $7 paypal fee. A total cost to me of $41. All this before I actually see any money from selling an item. I explained that I sent the item via priority mail. So, I am required to pay more money for the use of tracking or wait the 21 days to release my funds without any interest. Paypal has now made itself an escrow service. This ing pisses me off!

I have to write about this because it drives (no pun intended) me insane! Here are the top 3 reasons why I think people drive like morons in the state of Florida.

• Rain
• Lack of efficient roads
• Cell phone usage

I’ll start with the first thing, rain. The only thing I hate more than the heat in Florida in the damn rain! It seems to pour everyday for a few hours right before I need to go somewhere. To make matter worse, it seems as if everyone on the road feels their car tires are made of glass and they have to drive 20 mph less than the posted speed limit. Heaven forbid there an accident in the rain! That will result in everyone driving 20 mph under the speed limit and slow down another 40 mph to look at a car with a dented bumper. It makes my blood boil!

Moving on, lack of efficient roads also contributes to people driving like morons. For whatever reason, the city of Orlando has deemed it necessary to do construction on all major roads at the same time. Interstate 4 (I-4), Colonial Dr. (SR 50), and Semoran Blvd. (SR 436) all have some type of major construction that decreases the speed limit and narrows the roadways. This is reason number 2 people drive like morons.

Number 3, cell phones! This is probably everywhere, but seems to be worse by UCF and other school where students and other young people feel the need to send 1010258021385 text messages a day. You cannot send that many messages without taking time from your local commute. In the interest of contributing to the decay of modern society (and bothering other people because someone receives the stupid message they sent), they feel the need to text while they drive. Everyone knows millions of accidents per year are caused by people talking on their damn phones. Texting has made it even worse!

That’s it I’m done!