RHEL 7 / CentOS 7 Disable Firewalld and use iptables

Firewalld is bit complicated so it is better to continue with  iptables.

Here I am describing, how to disable Firewalld and use iptables.

1. Disable Firewalld Service.

[root@rhel-centos7-tejas-barot-linux ~]# systemctl mask firewalld

2. Stop Firewalld Service.

[root@rhel-centos7-tejas-barot-linux ~]# systemctl stop firewalld

3. Install iptables service related packages.

[root@rhel-centos7-tejas-barot-linux ~]# yum -y install iptables-services

4. Make sure service starts at boot:

[root@rhel-centos7-tejas-barot-linux ~]# systemctl enable iptables

# If you do not want ip6tables, You can skip following command.

[root@rhel-centos7-tejas-barot-linux ~]# systemctl enable ip6tables

5. Now, Finally Let’s start the iptables services.

[root@rhel-centos7-tejas-barot-linux ~]# systemctl start iptables

# If you do not want ip6tables, You can skip following command.

[root@rhel-centos7-tejas-barot-linux ~]# systemctl start ip6tables

Firewalld Service is now disabled and stop, You can use iptables.


JETPACK Troubleshooting Tips

Troubleshooting Tips

Are you having trouble with Jetpack or one of its components? If so, here are a few key steps that can help you solve the problem.

  1. Check if the error you received is listed on this page. If it is, you can follow the instructions there to solve the issue.
  2. Disable all other plugins, then try connecting or using Jetpack. If Jetpack starts connecting or working properly, turn your plugins back on one-by-one until you start seeing the error again. Then note the plugin that caused this error and get in touch with us. Sometimes Jetpack and other plugins are incompatible; just let us know and we’ll see what we can do.
  3. If you are having a display issue, or the plugin step above doesn’t help, try activating Twenty Fifteen or Twenty Sixteen (one of the default WordPress themes) as your theme. Then try again. If your action starts working, something in your theme is likely broken and you should get in touch with your theme’s author. Be sure to let them know the troubleshooting steps that you have tried.
  4. Check your XMLRPC file. You can do this by going to your web site URL and adding “/xmlrpc.php” to the end (without the quotes). When it loads in your browser, you should see “XML-RPC server accepts POST requests only.” on a line by itself.
    • If you see this message, but it is not on a line by itself, a theme or plugin is displaying extra characters when it shouldn’t. See points 2 and 3 above for debugging steps.
    • If you get an 404 Error Not Found message, contact your web host. They may have security in place that is blocking XML-RPC.
  5. Do you use an SSL certificate on your site? Try adding the following to your site’s wp-config.php file:
    define( 'JETPACK_SIGNATURE__HTTPS_PORT', 80 );

    This works on hosts that have SSL terminate on a reverse proxy and the server itself is still listening on port 80 or something similar.

    Alternatively, you could add this to your wp-config.php file (please not both!):

    $_SERVER['SERVER_PORT'] = 443;

    This sets the server port to 443 for the whole site.

  6. If you’ve installed an SSL certificate on your domain and if WordPress.com can’t access your site via HTTPS, start by checking the status of your domain’s SSL certificate. If you can’t fix the SSL issues on your site, try adding the following to your site’s wp-config.php file to bypass the HTTPS check during the connection:
    define( 'JETPACK_CLIENT__HTTPS', 'NEVER' );
  7. Check the Known Issues list and make sure you aren’t using a plugin or theme listed there.
  8. If you were using Development Mode, check your wp-config.php file and make sure that define('JETPACK_DEV_DEBUG', true); is no longer present.

Create ftp user from backend (ssh) in cpanel server

Normally all the cpanel servers would have pureftp running by default, you need to change it to proftpd inorder to make it working. You can switch it using the following command

server [~]# /scripts/setupftpserver proftpd

Now we need to create a new ftp user with the required home directory. You can use the following command to create a ftp user ftpuser@domain.com

/usr/local/cpanel/bin/proftpd_passwd <sys user> -a <vuser>:<passwd>:<uid>:<gid>:<owner>:<home_dir>:<shell>

server [~]# /usr/local/cpanel/bin/proftpd_passwd cpanelusername -a

server [~]# /usr/local/cpanel/bin/ftpupdate

To delete an ftp accounts, run the command.
/usr/local/cpanel/bin/proftpd_passwd -d


Postfix limit incoming or receiving email rate

Postfix (smtpd daemon) can enforce a number of limits on incoming email. This will stop email flooding attacks.

A bot connects to your Postfix email server and sends garbage commands or spam, attempting to crash your server. You can limit:

=> The length of lines in a message and so on

=> The size of messages

=> The number of recipients for a single delivery

Try following directives in your postfix main.cf config file:
smtpd_error_sleep_time – The SMTP server response delay after a client has made more than $smtpd_soft_error_limit errors, and fewer than smtpd_hard_error_limit errors, without delivering mail.
smtpd_soft_error_limit : The number of errors a remote SMTP client is allowed to make without delivering mail before the Postfix SMTP server slows down all its responses.
smtpd_hard_error_limit : The maximal number of errors a remote SMTP client is allowed to make without delivering mail. The Postfix SMTP server disconnects when the limit is exceeded.

Open config file
# vi main.cf

Append following directives:
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

Save and restart/reload postfix configuration
# /etc/init.d/postfix restart

Postfix waits one second before each error such as HELO command not provided or FQDN hostname does not exists etc After 10 such errors postfix will start to increase delay. If error limits touches 20 Postfix will disconnect client.

You can see this in action from /var/log/maillog file:


server1 postfix/anvil[28470]: statistics: max connection rate 1/60s
for (smtp:) at Feb 18 11:21:45
Feb 18 11:25:05 server1 postfix/anvil[28470]: statistics: max connection
count 1 for (smtp:) at Feb 18 11:21:45
571]: disconnect from unknown[]


Managing an ext4 File System

yum install e4fsprogs
The e4fsprogs package contains renamed static binaries from the equivalent upstream e2fsprogs release. This has been done to ensure stability of the e2fsprogs core utilities with all the changes for ext4 included. The most important of these utilities are:
  • mke4fs — A utility used to create an ext4 file system.
  • mkfs.ext4 — Another command used to create an ext4 file system.
  • e4fsck — A utility used to repair inconsistencies of an ext4 file system.
  • tune4fs — A utility used to modify ext4 file system attributes.
  • resize4fs — A utility used to resize an ext4 file system.
  • e4label — A utility used to display or modify the label of the ext4 file system.
  • dumpe4fs — A utility used to display the super block and blocks group information for the ext4 file system.
  • debuge4fs — An interactive file system debugger, used to examine ext4 file systems, manually repair corrupted file systems and create test cases for e4fsck.
The following sections walk you through the steps for creating and tuning ext4 partitions.

Connecting to a PPTP VPN from an OpenVZ VPS

PPTP allows you to implement your own VPN. PPTP (A Point-To-Point Tunneling Protocol ) is less secure than OpenVPN.

To enable PPP in the vps, first you need to enable PPP modules in the host node.

Login to the host node

modprobe ppp_mppe
modprobe ppp_deflate
modprobe zlib_deflate
modprobe ppp_async
modprobe ppp_generic
modprobe slhc
modprobe crc_ccitt
Now you can see the below result, if you run
lsmod | grep ppp
ppp_mppe                6182  0
ppp_deflate             4176  0
zlib_deflate           21629  1 ppp_deflate
ppp_async               7866  0
crc_ccitt               1725  1 ppp_async
ppp_generic            25763  3 ppp_mppe,ppp_deflate,ppp_async
slhc                    5813  1 ppp_generic
Second, you have to tweak the VPS’s conf file:
vzctl stop [VEnumber]
vzctl set [VEnumber] --features ppp:on --save
vzctl start [VEnumber]
vzctl set [VEnumber] --devices c:108:0:rw --save
vzctl exec [VEnumber] mknod /dev/ppp c 108 0
vzctl exec [VEnumber] chmod 600 /dev/ppp

After that, you might need to uncomment the require-mppe-128 or mppe required,stateless line in /etc/ppp/options.pptp (depending on the VPN server). You may also need to manually create a static route to the network, with route add -net netmask ppp0.

You can check /var/log/messages for details about negotiation errors.