Sunday, April 20, 2014

Blocking and unblocking an IP using iptables

Iptables is the Linux software firewall.

To block an IP (all ports), as root:

iptables -I INPUT -s ip-address -j DROP

To unblock an IP:

There are two steps. The iptables rule must be deleted by line number, so first you need to determine which rule you want to delete.
iptables -L -n --line-numbers

Next, delete the rule for the IP you want to unblock. This will delete rule number 3:
iptables -D INPUT 3

To clear all firewall rules, use the flush switch
iptables -F

Apache processes, process size, IP clients, and status

To help monitor apache performance, here are some useful command line recipes.

Show how many apache processes are running

ps aux | grep [h]ttpd | wc -l
The bracketed [h] prevents the grep process itself from being counted.

Show the average apache process size in MB

ps aux | grep [h]ttpd | awk '{print $6/1024;}' | awk '{avg += ($1 - avg) / NR;} END {print avg " MB";}'

Show the top 10 apache client IPs by number of sockets

/bin/netstat -ntp | /bin/awk '$4 ~/:(80|443)$/ {print $5}' | /bin/sed 's/.*ffff://' | /bin/cut -d: -f 1 | /bin/sort | /usr/bin/uniq -c | /bin/sort -nr | /usr/bin/head

Show full status

apachectl fullstatus