use iptables to block ip range

To block 116.10.191.* addresses:

$ sudo iptables -A INPUT -s 116.10.191.0/24 -j DROP

To block 116.10.*.* addresses:

$ sudo iptables -A INPUT -s 116.10.0.0/16 -j DROP

To block 116.*.*.* addresses:

$ sudo iptables -A INPUT -s 116.0.0.0/8 -j DROP

But be careful what you block using this method. You don’t want to prevent legitmate traffic from reaching the host.

edit: as pointed out, iptables evaluates rules in sequential order. Rules higher in the ruleset are applied before rules lower in the ruleset. So if there’s a rule higher in your ruleset that allows said traffic, then appending (iptables -A) the DROP rule will not produce the intended blocking result. In this case, insert (iptables -I) the rule either:

  • as the first rule

sudo iptables -I ...

  • or before the allow rule

sudo iptables --line-numbers -vnL

say that shows rule number 3 allows ssh traffic and you want to block ssh for an ip range. -Itakes an argument of an integer that’s the location in your ruleset you want the new rule to be inserted

iptables -I 2 ...

Ubuntu Common Commands

Question Answer Note
Check IP ip addr show eth0 | grep inet | awk ‘{ print $2; }’ | sed ‘s/\/.*$//’
List block devices, check mount point lsblk
Disable password login /etc/ssh/sshd_config -> PubkeyAuthentication no service sshd restart
Back up as root su root

gksu deja-dup-preferences

gksu “deja-dup – -backup”

Extend LVM partition size 1. use GParted to extend LVM partition’s volume size (VG size)

2. use “vgdisplay” to find free PE size of LVM root partition

3. use “lvextend -l +PE_size /dev/name_vg/root“ to extend root’s logical volume size

4. “resize2fs /dev/name_vg/root”
pvs, vgs, lvs, pvdisplay, vgdisplay, lvdisplay, pvscan
Add cron job sudo su – crontab -e schedule e.g. schedule: 0 2 * * * /opt/gitlab/bin/gitlab-rake gitlab:backup:create CRON=1
Add sticky bit to disable/enable delete permission by others chmod +t /directory

chmod -t /directory

Remove a user from a group sudo deluser username group_name
Add a user to a group usermod -aG group_name username
Add a group groupad -g Group_ID Group_Name

check all the groups: cat /etc/group

To check special group grep ‘^sudo’ /etc/group
Add feature to support switch between ubuntu-desktop and gnome sudo apt-get install gnome-session-fallback
change ownership of  all files of directory: (-R is for all files) sudo chown -R $USER:$USER __directory__
Grant sudo to user user mod -aG sudo username
To enable a root user sudo passwd root
To disable the root account, type sudo passwd -dl root
Check memory and cpu status top free -m
Hash miss match apt-get clean

rm -rf /var/cache/apt/*

rm -rf /var/lib/apt/lists/*

apt-get update

Check ports status sudo netstat -lnp
Update network config sudo ip addr flush enp0s25

sudo systemctl restart networking.service
Edit /etc/network/interfaces
Run shell script in background e.g. nohup sudo xxxx.sh 
Run at bootup time put a script in the /etc/init.d/ directory  e.g. /etc/init.d/go.py
When using the command shell, prefixing a command with nohup prevents the command from being aborted automatically when you log out or exit the shell. nohup –help | –version nohup command [command-argument …]
Add an additional hard drive use gparted to create a new partition

sudo mkdir /newPartition

sudo nano /etc/fstab to add: /dev/sda6    /newPartition    ext4    defaults     0   0

sudo mount /newPartition

Install samba apt install samba

apt install system-config-samba touch /etc/libuser.conf system-config-samba

adduser username smbpasswd -a username

service smbd restart