Properly escaping a double quote in CSV 
Wednesday, May 6, 2015, 08:59 PM - - PHP Notes
Posted by Administrator
Amazing trick. This is one of the first thing to try if your CSV spreadsheet is not rendering how you expect.

Original Question:
======================================================
I have a line like this in my CSV:

"Samsung U600 24"","10000003409","1","10000003427"

Quote next to 24 is used to express inches, while the quote just next to that quote closes the field. I'm reading the line with fgetcsv but the parser makes a mistake and reads the value as:

Samsung U600 24",10000003409"

I tried putting a backslash before the inches quote, but then I just get a backslash in the name:

Samsung U600 24\"

Is there a way to properly escape this in the CSV, so that the value would be Samsung U600 24" , or do I have to regex it in the processor?
======================================================


Answer:
======================================================
Use 2 quotes:

"Samsung U600 24"""
======================================================

http://stackoverflow.com/questions/1780 ... ote-in-csv

[ view entry ] ( 1507 views )   |  print article
HTML 5: Drawing an image from a data URL to a canvas  
Friday, April 10, 2015, 06:32 PM - - Misc. Notes
Posted by Administrator
http://jsfiddle.net/m4msmtdk/9/

if it's not fun why do it ? -ben & jerry ice cream


<canvas id="myCanvasNotYours"></canvas>

<script>

var myCanvas = document.getElementById('myCanvasNotYours');
var ctx = myCanvas.getContext('2d');
var img = new Image;
img.onload = function(){
  //alert(img.width);
  myCanvas.width = img.width
  myCanvas.height = img.height
  ctx.drawImage(img,0,-20); // Or at whatever offset you like
};
img.src = 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAkIAAADICAYAAAAEE46XAAAgAElEQVR4Xu2dT4xcxbWHf3cHUiAxrDKDFMAgzEsQRLKHtwnmT8DsxsOKh97z2MoKexAmQkpshDBCtoNEwFZssiJ4nAi8YsY7IJh4yCaMLQFyCEbYBCTGWRHzJxLs6uncmTbt7r7d93bf232r6iup5bHn3rrnfKfa/etTp6oS0SAAAQhAAAIQgECkBJJI/cZtCEAAAhCAAAQgIIQQgwACEIAABCAAgWgJIISiDT2OQwACEIAABCCAEGIMQAACEIAABCAQLQGEULShx3EIQAACEIAABBBCjAEIQAACEIAABKIlgBCKNvQ4DgEIQAACEIAAQogxAAEIQAACEIBAtAQQQtGGHschAAEIQAACEEAIMQYgAAEIQAACEIiWAEIo2tDjOAQgAAEIQAACCCHGAAQgAAEIQAAC0RJACEUbehyHAAQgAAEIQAAhxBiAAAQgAAEIQCBaAgihaEOP4xCAAAQgAAEIIIQYAxCAAAQgAAEIREsAIRRt6HEcAhCAAAQgAAGEEGMAAhCAAAQgAIFoCSCEog09jkNg2ATc1ZJ+JOkWST+QZH+3V6M1//1dSV+0WHh85e8rv0sWhu0Bz4MABMIjgBAKL6Z4BIEaEEhFz/oV0WPC5/aKjPpEkgkjex2XEEcVcaZbCARLACEUbGhxLJuAsw9oa3k+nBtZiPekpDVDAeQLBJxleCYlbVzhan8fVbOY2euolJhAokEAAhDIJIAQYnAETiDNTNgHtIkey0w0T8UU9d2EUFP2QSaOLCMRaUvFz7SkzSts68jB4jMvaX/csapjaLAJAvUggBCqRxywolQCqfhpfEAPInzyWNX4oLVpmaN5bvD/GmfC0sSPZX98apYlOiQlsz4Zja0QgEC1BBBC1fKl96EScJb1eSLnlFdVlln2wV42LRPQVNqF7M/2frNql3xPbmyNdOnl0viaZfxXjEurxr/7+cpxpf8nfbQo1xygb7+Wlj5Y/pczi9L5Jen8v5av7aNZXPatZIkCilEfJLgFAhDo+z8S0EGgRgScTXk9N2IB1InHoWVR5HOmKBVAD0syAVSo7ufatXImeMZvlFZPSA2RU+bAMcFkosjE0VkTSMXEEYKozGDQFwQ8JdDvNypP3cXssAikH9KWAbIP6VytkZW4buK7y5uzEvavzdmHpdPSN19JH58c6EuDTZ+ZKJr1q07F2fTirrwZoFU/lPvJXdK6+6Sr1gzEK1csO1302Wm5s29LJ+alcx/mtsHi84iUWCaPBgEIREYAIRRZwMNxN80CvdirSNeEj304W2Zi9a2DfUB/viR37rR05m3JBFKf4sgE0ZP1FkT5M2x1ED9ZY/qbr+ROHZNeO5A7U2Q1RFvqHZtw3sF4AoG6EEAI1SUS2FGAgLNCXZsKy5yqsQ/o2zZJE1NpTUol49w+aM+ckE690de0jH3omiBqLM8v4H+VlzrLsFkWqGuzaa8NM9L1E9Ww7fX8or8/dUxuYTaXeLXpsl1Ssr/oM7geAhDwk0AlHxB+osBqPwikIsgyQR3b2A3LH9A33TX8D2ibljnxyvK0zLf/yf38mgiidJpxrledlW8CqHWQWFbPMkQnj/aMj8VlKqyCdz/e4VgJgWETQAgNmzjPG4BAdxF0z1a5e2d6fsAN8Pz8t1oGwjJFOT5wG52OcFomnQr7S7cM29pJudumB5tazE+v+itNEM3vld5/s+t4sdohE0Nsylh9SHgCBEZGACE0MvQ8uBgBZ3vWWMairVkW6P699fyQtumzhcPSibncdSpDriHqPs1oU4zG1pcpsGJjanmZ/pEdXWNjU2VWSG1xoUEAAgESQAgFGNTwXEo3SHynU8bCMhVTO6qrAyqT5eLc8rRMjiXeK8u6kyfLfH57X/5k2KrkYGL11QPSX//UNTtkRdSIoSoDQd8QGBEBhNCIwPPYIgSciSCbvrmomQh6YG89psKKeGNZCBNEOVad2dSMfQBXUFCdLYIsC7TlYD0zbEU4F73W4vLiTNf6LsRQUahcDwEPCCCEPAhS3CY6W8FkK5mCEEHNTlgd0fyeXBki29/GpmdKOtcs3YHbaoLamhVD/+KAHxm2Kt4Xlh06ON11DyJbUVZxpq4Kz+gTAhDIIoAQYmzUmEDnKTGrCdo2G86Hdc4ps5KWdXefZvQxw1bFAH5ph1yXQncyQ1VAp08IjIgAQmhE4HlsHgLOiqMvOtjTNkjcejjMaZtXD8i9/nzPqT7LDtkHcZ9nZIU1zZhnFPV7DWKoX3LcBwG/CCCE/IpXRNammYt/tjo8+Su59dM9xYK3nGxZ98s7etYPmQgyMVTwSIhwpxmrCvjCrNzRpzuON4vBHSytr4o8/UJgeAQQQsNjzZMKEXC2QsfOurrQbErs0blwRVCzrznrhwpkh9K9gqzo/KIWE9NCw6/p4i6ZOhND1/SfnStiUbrh5c0r577ZlwRrVuvVq5mNjX2QrOj+S8RbL2T8PjYCCKHYIu6Fv52zQVt+JzeKHaNHhSznsu6cm/45K46+6IPTphkffyOcWqsq49RlmmxeSqbKfXY6/k30WLxMwNor8ziZPp9tosgEktm/0Gcf3AaBIAgghIIIY2hOODtN3s4Su9BsSffjx+LIBrVGM8emf3ZLlwLezqvEQp9mLPtdcWCTXMaWB7aib99gz3OTK/VwJn4aGZ/Buix2t2UXTRTNFruNqyHgPwGEkP8xDNADZ7VBF30Y3L9bbmIqTiFkAbbs0Es7ex4JYdOJ9qHcUkjdng2yZfIzh+Pl2c+bxmLwzFTmdgc/LTbllE51NcTPRQsC+rGtxHts7Ng42l/edg0lWkdXEKiAAEKoAqh0OQiBzrUsu/8mV9Up8oNYO+x7rXbIiqm7HOpq0x2WHVqpC+k8zfjgIblQj82oMiaWnfv95o4C8riU3NH72en4fngl+1P2dFfvxxe7YsjHvRQzjqshUBYBhFBZJOmnJALt02I/vjPd5I+xukLYVpbZDsjnPsxk0rSqrJ0nBdKDDdUuxdPdpiet8N+mfNt2SM9rjWXxrhiX7GVt9UTvO88vSf9eSjOKWjrdczViVoc27ffkcIrCe/vEFRAomwAfLmUTpb8BCTgr4lzf3Ens02JZQOf2yPU+H0ubW3lSGzTgEJX0zJRcByHaYRWZMwFku6MXqvsxsbp6nXTdrdLYGunK8fK+CHx2Wu7s28vC6Oxirp3NDViFx70MHg96gMAgBBBCg9Dj3goIONfa6WN/livzg6ACo0fWpe1KPb+361RZm23wHDxcXabILHOySyomgGwF30/ukm76uTTslZHmy4k5qctO2s3AtkvJ/sEJ0gME6kMAIVSfWGCJ2uuDYl4tlndA2Df8Izu6TpVd6Mo+cPcslpddyGtjiNdlLKm3rJBlT3pOgVks1m2U1t1Xj53SrRj81DHJDgQ+/6+uY+SQlGwJMab4FCcBhFCcca+p1+0norO6KV+ocq4qEzzz8cxzlTF/6ufFsnHWr8VgYkqq6ypI82vhsNTjuBfEUJ5BwjVeEEAIeRGmWIxsPwLinq1y986Qwcg7AnqcjyV45iWZ77qc58Olna2dlNswU269Tz4r+7sqx3EviKH+0HJXzQgghGoWkLjNcbapm+2tcqFRKF18RFjd0JHHOotHhFBxnt3uyJMV8k0AtfrbQ1yv1ESVy5XeIDBMAgihYdLmWT0ItK8YY7+b/gZN1n5DCKH+eHa7KysrZFNgG3fWo/5nUK+7HD5rXdvhs7bakwYBLwkghLwMW6hGOzsU9KIiU4RQ/7G2IurnN11cw4IQ6p9n1p02hbT77u8ycFYEvWGbtH46rCndLplGKw63nbVbdjQvnzU9QqAKAgihKqjSZ58E2pfOP/uPPrvitpRA6+aLCKFqBkZj+sg2/3xgT7gH2XapiWKKrJqhRa9DIIAQGgJkHpGXAEIoL6ki11kdy8Hp5eX1CKEi5PJfa9k328V52HsA5bewvCtfmJF7/822bFeHzSTLeyY9QaBKAgihKunSd0ECCKGCwHJf3lheP75GYhVebmxc2IGAZRl/O9Vx2wCyQowYLwkghLwMW6hGI4SqjqxlLq5aE1btStXM6L+dQMYU2RdSsgpeEPCNAELIt4gFbS9CKOjw4lwwBLpsGzAlJbYNBg0C3hBACHkTqhgMRQjFEGV8DINAxqG/s1JiB/3SIOANAYSQN6GKwVCEUAxRxscwCNg067P3tU2zfiIl14ThIV7EQgAhFEukvfDTvSvp5mZTOSndi8BhZKQEnrpLrsMBrddIie0tRIOAFwQQQl6EKRYj2Vk6lkjjZxgEMpbSUycURnij8QIhFE2ofXAUIeRDlLARAg0CGavHWEbPEPGKAELIq3CFbiynz4ceYfwLi4CdaffiQ211QvulZHtYnuJNyAQQQiFH1zvf2oXQz/5Xbmon+954F0oMjoLAR4tyv9/c9v5ckJLbowCAk0EQQAgFEcZQnHD2n+dfmr2xE7xnDiOEQokwfoRFACEUVjxj9QYhFGvka+m3s5Pn7QT6C23VmNzjbyCEahkujIqeAEIo+iEQBACEUBBhDMkJ9hIKKZr4EjYBhFDY8Y3FO4RQLJH2xs/2vYQePCR3/QRZIW9CiKHREEAIRRPqoB1FCAUdXh+dc4ckTTdbPvkrufXTCCEfo4nNYRNACIUd31i8QwjFEmlv/HS27Pa5ZnN/fKfcLw4ghLwJIYZGQ4B9hKIJddCOIoSCDq+PzrWvHKNg2sc4YnMMBF7aIXfyaNuXFDZUjCH4AfmIEAoomOG40l4wzZlj4UQXT8IhcGCT3Mcn24TQHVJyPBwv8SR0Agih0CPspX/tR23cv1tuYorpMS/DidHBEth5q9y3X7e9Lzl0NdiIh+kYQijMuHruVfsO02sn5R7YixDyPLCYHxCBz07LPXtf23vySyn5QUBu4koEBBBCEQTZPxfb64QuuUxuz9sIIf9iicWhEliYlTv6dNt78qiUbAzVZ/wKkwBCKMy4BuBVe53QL1+Ru2oNYiiA4OJCAARemJF7/8229+MjUrIvAPdwISICCKGIgu2Xq25e0mSzzRzA6lcEsTZsAhn1QT+VknfD9hzvQiOAEAotosH44zZLerHZHZbRBxNcHPGcwKljci8+1JYN+lRKrvbcNcyPkABCKMKg++Gys4LL8622sozej+hhZdgEMvYPmpUS+wJDg4BXBBBCXoUrFmOdFVva7tJt3y45biOWMYCfdSXwzVdyT90tdVg2PyUlNqVNg4BXBBBCXoUrdGPT1WJPSLI/O7axNXKPvkLBdOgjAf/qS2BxTu7IYyybr2+EsKwoAYRQUWJcXxEBZxkgO2css13yPbnbNkn3ziCEKgoC3UKgJ4GD03JnT7S9B/dLSdf3b8+OuQACIyKAEBoReB7bIOBuWSmKtj8zm60Yu3dGuvRyRBBjBwKjIvD5ktzuuzu+B1ktNqqg8NyBCSCEBkZIB/0TcA9L2iUpcyfaa9fK/c9e6cpxBFD/nLkTAuUQyCiSfk9Kun6RKefp9AKBaggghKrhSq9dCaQrwmxpfOYOtGM3yE3ukK6fQAAxmCBQBwJWJP3Yf3d8P26RkkN1sBEbINAPAYRQP9S4ZwACzlaCzUnq+A3S6oA2bJPWTyOABoDMrRAoncCrB+Ref569g0oHS4cjJ4AQGnkIYjIgrQf6S9ZUmGWB7t8rcYxGTGMCX30g0GXJ/JNSYtPbNAh4SwAh5G3ofDM8XRpvmaCO9UAcn+FbPLE3JgIZ2aAvl/f6Sr6IiQW+hkcAIRReTGvoUftxGQ0jbSpsywFqgWoYNEyCQEqAbBADIXQCCKHQIzxy/9Jdoi0T1NaYCht5cDAAAj0JzO2R++ufOm2gSDaoJzwu8IIAQsiLMPlqZHZNkImgbbPsC+RrZLE7DgJd9g2iNiiOIRCFlwihKMI8CifT1WHvdKoJ+vGdcg/sQQSNIio8EwJFCPxhRu7vb5INKsKMa/0jgBDyL2YeWJzuE2Srw9qWyK+dlHtgL0vjPQgiJkZO4KNFud9v7vheJRsU+dgIzX2EUGgRrYU/zkRQ28GpTIfVIjgYAYFcBJ76udz5c+wblAsWF3lNACHkdfjqaLyzgxftANWL2qofyj06x3RYHSOGTRBoJZCxXN4um5KSeYhBICQCCKGQojlyX9K6oH+2mmFL5LceZqPEkYcHAyCQg4AVSP/2Punbr9uyQQtS0pbpzdEll0Cg1gQQQrUOj2/GdZ4Se/CQHGeG+RZL7I2VwMFpubMnOGE+1vjH6DdCKMaoV+Jz500T2TG6Eth0CoFKCCzOyR15rKMI2i8lNu1Ng0BwBBBCwYV0VA45mxKzqbELjbqgUcWC50KgOIEuO0h/urwClKM0ilPlDh8IIIR8iFLtbeycDWJKrPaBw0AIXCCQsWeQ/X5eSqZABYFQCSCEQo3sUP1qzwaxX9BQA8DDIDAQgS57BjX6fVfSFimxP2kQCIoAQiiocI7CmfRUeds36KJGNmgUseCZEOifwKljci/vkL79T+aGp3bK/CNScqj/p3AnBOpHACFUv5h4ZpGzPUUmm42+dq3czGF2j/YskJgLgfSk+RdmpI9Pdn3/bpeS/eCCQCgEEEKhRHIkfqRHaZwnGzQS+DwUApURWJiVO/p0VzF0SEq2VGYAHUNgiAQQQkOEHd6j3EZJc81+2Uqxx4+RDQov1ngUG4HPTssd2SGd+zDz/Xx8ZadpmzKjQcBbAgghb0NXB8Od1QpMN1vCvkF1iAs2QKAcAjZVNrdXOnk0UwxZ8fQdLK0vhze9jIYAQmg03AN5qnun9YT5Lb+Tu+kuMkKBBBg3IJASmNsj99c/IYYYDmESQAiFGdcheeVc64N2/03u0ssRQkMKAI+BwNAIdNl12mwgMzS0SPCgsgkghMomGk1/7cvmx25IT5hnTEUzBnA0NgJWN/T8pswl9my8GNuACMRfPrQCCeTw3WgXQiybH34UeCIEhk2ghxh6Ukp2DdsmngeBQQgghAahF/W9zv6ze6IZAUIo6gGB8xERsM0XX3woM/trxdO2oowGAS8IIIS8CFMdjWwXQvdslbt3hqmxOkYLmyBQNoEuNUO2nP6nUvJJ2c+kPwhUQQAhVAXVKPpECEURZpyEQBcCrx6Qe/35jl9+jkvJHcCDgA8EEEI+RKmWNrrtkp5rNo09hGoZKIyCQKUEXpiRe//NjmJoSkrsCB4aBGpNACFU6/DU2TiKpescHWyDwLAI2KaLz0xJ5//VJoZsasymyNh5eljB4Dl9EUAI9YWNmySEEKMAAhBYJtCleJpVZAyS2hNACNU+RHU1sPOBq8/+o672YhcEIFAlgYwpsk+k5Joqn0vfEBiUAEJoUIJR3+9sN9mbmxE8eEju+glWjkU9LHA+SgKfL8ntvptaoSiD77nTCCHPAzha890+SQ8328AS+tFGhKdDYJQEXtoh1+GA1qNSsnGUdvFsCHQjgBBifAxAwNl/bnPNHawak3v8DTJCA0DlVgh4S8B2nX72vo7v/1UUTXsb1uANRwgFH+KqHXS2IuT7zU/hBPqqmdM/BOpL4JkpuXMftokhdpuub8iitwwhFP0QGBRA+/TY6nVy22bJCg1Klvsh4COBjE0WWT3mYzAjsRkhFEmgq3PTXS3pn639UzRdHXF6hkCdCWQspadOqM5Bi9w2hFDkA6Ac990hSdPNfVmt0KOvSJdeTmaoHMb0AgE/CGSsHluQktv98AArYyOAEIot4pX4626R9E5r16wgqwQ2nUKg9gR++V9tJiKEah+1eA1ECMUb+5I9bz+E1R7AFFnJmOkOAh4QQAh5ECRMvEAAIcRgKJGAs7OFftTc4SWXyW2dla5awxRZiaDpCgK1JZCxhJ6MUG0jhmEIIcZAiQTazx+zzk0MPf5n6oVKBE1XEKgtgcU5uSOPtX3xQQjVNmIYhhBiDJRMwG2X9Fxrp2Nr5Lb8TrpynMxQycDpDgK1IpCxuzTL52sVJYxpJoAQYjxUQKB9FVkjM8Q0WQW46RICNSHwzVdyT90tffs1GyrWJCSYkYMAQigHJC7ph0D7gawNMWSZIQ5m7Ycp90Cg3gQWZuWOPt0mgj6VEttvjAaBWhJACNUyLCEY5X4g6Xjr6fQNzzZsk9uwjWmyECKNDxAwArZ/0G/v65gNYlqMIVJrAgihWofHd+O6iyHqhnyPL/ZD4DsCf5iR+/ubbV9uvpR0NQeuMlLqTAAhVOfoBGFbKoZs5+nJTu7YirIN26T1m8gOBRFunIiSwMs75U7Md3wPPyIl+6KEgtPeEEAIeRMq3w3tXEDd8MqyQ5O/pnbI9yhjf3wEuogglszHNxy89Bgh5GXYfDXabZZk3w6/n+XBT+6Um9zBMntfI4zd8RCwFWIv75Q6TIcZBKbE4hkK3nuKEPI+hL45kJ5WP59VRN3wZt1GuXu2IYh8iy72xkHgo0W5Izul8+c6ToeZCLpdSt6NgwZe+k4AIeR7BL2131lm6OFe5luG6GebmDLrxYnfQ2AYBCwL9NpB6a0/Ztb0mQjaLCX2ZYcGAS8IIIS8CFOoRqan1psgWt/Lw9Xr5G6blm66k6LqXqz4PQTKJmAC6K0/SguHOy6PbzyOTFDZ4OlvKAQQQkPBzEO6E3AbVwTRRQe2drrHVpnddJdkWSIOcmVcQaBaArY30Mn5ngLIjHhvJRPEdFi1IaH3CggghCqASpf9EEiX2ds5ZfbKLKZu7nnVmNzElLR2I7VE/RDnHghkEbAaIBNAGUviW2/bL2kXewUxnnwlgBDyNXLB2p0KIltdZoKoZ4aogcFEkWWKVt/K9FmwQwPHKiXw2Wm5k3PSqWOZRdCtz/90JQtkO8jTIOAtAYSQt6GLwfB0ub0JopuLemtF1qsnJHsxhVaUHtfHQuDMCbm/v1FI/BgaqwWy2r59ZIFiGSlh+4kQCju+gXjnbl/JElktUa5ps2bHra5ofI103YQ0dqN03Vrp0sspug5kcOBGAQImfJY+kM4uZu7/06u32eUvJ8kXvS7k9xDwhQBCyJdIYecKgTRLZIKo45EdeTHZVJoJoyvGl7NGl1xG5igvO67zg4CJnn8vSec+kM6ckM6d7lv82xSYHZNDBsiP0GNlQQIIoYLAuLwuBC7UEpko6rn8Pq/VdtTHFWPS+I3SqvFlobRqjGLsvPy4brgEbFXX+XOSCZ7zS9KZxZWfO290WNS4o8ubnyYmgmgQCJYAQijY0MbkWCqKbPrMRJH9mbvIugilxhSb3WNTbZde/p1YavQzfgPTbkWYcm1nAla4/O3Xy79riBz72aa1vvm6VLHTaoAtg7f6HxNATH8xQKMggBCKIsyxOZlu1GiCqPEqXFdUFjHLMF16WefeLNtkr6x27Tp21C4rDlX3Y8vNPz7R+ykmauzV2pZOd92osHfH/V9h01626steiJ/+OXKnxwQQQh4HD9PzEkjPN2uII/uztKm0vBb0c51loB7/MxmmftgN8x7bdfmpu0cmZIq62hA+tvHhcc4DK4qP60MkgBAKMar4lINAuhLNBJK9Gj9XMqWWw5jMS+xokW2zfRe5DvJo7s1J4OC03NkTtYyRTXPZ9FYj4/Mu0105g8plURFACEUVbpztTSAVSFZzZJkje9nPJpZGJpLu2Sp370wtP2h74wz8ilcPyL3+/EhjYxmeT1YEj2V57PUJmZ7ABx7ulUoAIVQqTjoLm0BalG3iyFqzSDKh1Gj276XXJD14SO76iZF+4IYd2j68O3VM7sWHKotJI5tjlpnQsVfzzyZ2Gv/Wh/XcAgEINAgghBgLEKiUQFqf1CyUmp/WLKwa/27/9nCrSVYvtHWWvY4qDVWBzm1V1/PTmXVBdvZW1oqrZlHT9MSEYyoK8OdSCJRJACFUJk36gkApBNwuSU8ghkqBWXonPUTQk1Ji8aNBAAKeEEAIeRIozIyNgJvvtHs2maHRjoMeIuiolNheVjQIQMAjAgghj4KFqTERSOuRbLqk7cBZxNBoxkEPEWQ1PbezKms0seGpEBiEAEJoEHrcC4FKCWSLIXvs/bvlJqYqK9at1DPfOl84LHf0N5msEUG+BRR7IdBEACHEcIBArQl0F0PrNspt/DWbLlYVQtsscf430ol5RFBVjOkXAqMmgBAadQR4PgR6EuguhlaNyd2/h+M4emIseIEdm3Fkp3Q++wBTMkEFmXI5BOpIACFUx6hgEwTaCKRiyE4Bn8yCc9v/yW3YRnZo0MFjWaDXDkpv/bHrtKOdzL6ZmqBBaXM/BEZPACE0+hhgAQQKEOi8tL7RgWWHNsxIExupHSoA9cKli/Nyrx3omgWya1ki3w9c7oFATQkghGoaGMyCQDYBZ0u0LTuUuYO1nVF2zzamy/KOIpsGe/2g1OPMsC9XskC2tQENAhAIhABCKJBA4kZsBNIdq00Mre/mOYKo+7jIKYCsk4UVEcSxFrG91fA3eAIIoeBDjINhE3DbJdlOxl3PNxtbI3fbJqbMGmPBpsDeOiydO91zCtGyQLukZF/Y4wjvIBAvAYRQvLHH82AIpNkhE0PTvVyyzRgnNkprp+I7t8w2RDw5Jy3OZ54R1opvVtJ2CqJ7jSp+DwG/CSCE/I4f1kOgiYC7fUUQdZ0ua9xghdU33RW2KGqIn1PHehZAN48kmwazLBAHofL+gkAEBBBCEQQZF2MjUEwQGZ2QRFGf4scwIIBie6vgLwSknvPjQIIABLwlUFwQNVy1IuvrJqSxG6Xr1tZ3byLb8+fMSencB9KZxZ6rvrIiiQDydoxjOAQGJ0BGaHCG9ACBmhNwtyzXusiW3Xctqs5yxDJGqTBaI43fmGaQdOX4cL9Ifb4kd/6ctPRBWuScCp8uuz73iokVQdsy+H1S8m6vi/k9BCAQLgGEULixxTMItBBId6c2MWSvzB2qi2AzgXTFuNR4rVr5ubWP69Z1Fk1nTsi1XvvvJen8kmR/Nl4DCJ7W7m1HaBNA8xRBF4k010IgXAIIoXBji2cQ6GmCPVAAAAIpSURBVEKgfFFUY9yInxoHB9MgMGoCCKFRR4DnQ2DkBC4SRbbyrK/ps5G78Z0BNu1lK77I/NQoKJgCgboSQAjVNTLYBYGREUj3JTJBZLVF9ufNIzMl34PtFHgTPlbrc1xK2P05HzeuggAEWDXGGIAABPIRSFeg2ctEUuP1o3z3lnbVp5JM5DReJnrY66c0vHQEgTgJkBGKM+54DYGSCKTZo+aXZZGsKLu1ZW3yaEvXW9sXK9mdJtFDlqekgNENBCDQQgAhxJCAAAQgAAEIQCBaAgihaEOP4xCAAAQgAAEIIIQYAxCAAAQgAAEIREsAIRRt6HEcAhCAAAQgAAGEEGMAAhCAAAQgAIFoCSCEog09jkMAAhCAAAQggBBiDEAAAhCAAAQgEC0BhFC0ocdxCEAAAhCAAAQQQowBCEAAAhCAAASiJYAQijb0OA4BCEAAAhCAAEKIMQABCEAAAhCAQLQEEELRhh7HIQABCEAAAhBACDEGIAABCEAAAhCIlgBCKNrQ4zgEIAABCEAAAgghxgAEIAABCEAAAtESQAhFG3ochwAEIAABCEAAIcQYgAAEIAABCEAgWgIIoWhDj+MQgAAEIAABCCCEGAMQgAAEIAABCERLACEUbehxHAIQgAAEIAABhBBjAAIQgAAEIACBaAkghKINPY5DAAIQgAAEIIAQYgxAAAIQgAAEIBAtAYRQtKHHcQhAAAIQgAAEEEKMAQhAAAIQgAAEoiXw/9wXNEGmwy4xAAAAAElFTkSuQmCC';

</script>


[ view entry ] ( 1580 views )   |  print article
Postfix: SMTP forwarding based on sender 
Saturday, February 21, 2015, 08:39 PM - - Linux Notes
Posted by Administrator
Postfix: sender-dependent SASL authentication — relay to multiple SMTP hosts, or relay to the same host but authenticate as different users (e.g., two Gmail accounts)

I would like to send mail from two different Gmail accounts using Postfix.

As a concrete example, here's how to set up two Gmail accounts (only relevant sections of the config files are listed below):

/etc/postfix/main.cf:
    # sender-dependent sasl authentication
    smtp_sender_dependent_authentication = yes
    sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay

    # default relayhost setting
    relayhost = [smtp.gmail.com]:587

    # smtp authentication settings
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options = noanonymous
    smtp_sasl_mechanism_filter = plain
    smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
    smtp_use_tls = yes
    smtp_tls_security_level = encrypt

/etc/postfix/sasl_passwd:
    # per-sender authentication
    account1[@]gmail.com account1[@]gmail.com:passwd1
    account2[@]gmail.com account2[@]gmail.com:passwd2

    # default relayhost
    [smtp.gmail.com]:587 default_account[@]gmail.com:default_passwd

/etc/postfix/sender_relay:
    account1[@]gmail.com [smtp.gmail.com]:587
    account2[@]gmail.com [smtp.gmail.com]:587


Create maps:
postmap sasl_passwd sender_relay


Restart postfix and test:

To send an email from account1[@]gmail.com, use sendmail with the -f sender option (set the envelope sender address):

sendmail -f account1[@]gmail.com -t <<EOF
To: barney[@]example.net
Subject: Hey, I successfully configured Postfix with sender-dependent SASL authentication!
Content-type: text/html

<b>Isn't this awesome?</b>
EOF


as of 2/2015:
https://gist.github.com/zmwangx/2c56aa32be68daf48c2f

[ view entry ] ( 1542 views )   |  print article
Node.js: Creating a new project with Express framework 
Monday, February 9, 2015, 02:45 PM - - Node.js Notes
Posted by Administrator
// install express globally
$npm install -g express-generator

// create a new project using handlebars for views
$express -hbs "node-chat"

// cd into "node-chat" and execute:
$npm install

// add suport for socket.io
$npm install socket.io --save


// output versions
[acool@localhost node-chat]$ node --version
v0.10.33
[acool@localhost node-chat]$ npm --version
1.3.6
[acool@localhost node-chat]$ express --version
4.11.1

// make sure daemon (dev only) is installed and run:
// (I think you can also do npm start or node bin/www)
[acool@localhost node-chat]$ nodemon bin/www 

// finally go to browser and type http://localhost:3000
// ...socket.io sample to come.


[ view entry ] ( 1447 views )   |  print article
Gearman Experiment 
Saturday, October 25, 2014, 06:40 PM - - Linux Notes
Posted by Administrator
You can experiment with Gearman quickly right from the command line:
Launch the agent, the Gearman daemon:
$ sudo /usr/sbin/gearmand --daemon

Run a worker with the command-line utility gearman. The worker needs a name and can run any command-line utility. For example, you can create a worker to list the contents of a directory. The -f argument names the function the worker is providing:
$ gearman -w -f ls -- ls -lh

The last piece of the puzzle is a producer, or a job that generates lookup requests. You can generate a request with gearman, too. Again, use the -f option to spell out which service you want help from:
$ gearman -f ls < /dev/null
drwxr-xr-x@ 43 supergiantrobot  staff   1.4K Nov 15 15:07 gearman-0.6.0
-rw-r--r--@  1 supergiantrobot  staff    29K Oct  1 04:44 gearman-0.6.0.tgz
-rw-r--r--@  1 supergiantrobot  staff   5.8K Nov 15 15:32 gearman.html
drwxr-xr-x@ 32 supergiantrobot  staff   1.1K Nov 15 14:04 gearmand-0.10
-rw-r--r--@  1 supergiantrobot  staff   5.3K Jan  1  1970 package.xml
drwxr-xr-x  47 supergiantrobot  staff   1.6K Nov 15 14:45 pecl-gearman


source (as of 25-10-2014)
http://www.ibm.com/developerworks/opens ... p-gearman/

[ view entry ] ( 1627 views )   |  print article
Mimicking Ajax Call with PHP 
Tuesday, October 21, 2014, 05:08 PM - - PHP Notes
Posted by Administrator
 /*********************************************************
 |
 | Creates Ajax-like request
 |
 *********************************************************/
 function sendRequest($params,$url)
 {
  $postdata = http_build_query($params);
  $opts = array('http' =>
      array(
          'method'  => 'POST',
          'header'  => "Content-type: application/x-www-form-urlencoded \r\n".
                       "X-Requested-With: XMLHttpRequest \r\n",
          'content' => $postdata
      )
  );
  $context  = stream_context_create($opts);
  return json_decode(
              file_get_contents($url.time(), false, $context)
          );
 }

   $params=array(
           'email' => 'me[at]example.com',
           'choCountry' => 'Mexico',
           'zip' => '91744',
       );
   $url= 'http://www.barney-example.com/subscribe'; 
   $data = sendRequest($params,$url);


[ view entry ] ( 1598 views )   |  print article
GNU Sed - Tasks 101 
Monday, October 6, 2014, 10:58 PM - - Linux Notes
Posted by Administrator
// replacing commas for pipes in csv file
sed 's/,/|/g' original.csv > piped.txt

// alternate syntax to replace commas for pipes
cat original.csv | sed 's/,/|/g' > piped.txt

// printing lines that contain "Angel"
sed -n '/Angel/p' names.txt
grep "Angel" names.txt

// printing lines that contain "Angel" along with line number
cat -n names.txt | sed -n '/Angel/p'
grep -n "Angel" names.txt

// ...case-insensitive
cat -n names.txt | sed -n '/Angel/Ip'
grep -ni "Angel" names.txt




Finds all files and replace single quotes with double quoutes in place,sed is always greedy.
 find ./ -type f -exec sed -i -r "s/'playlist_us([\.a-zA-Z0-9]*)'/\"playlist_us\1\"/" {} \;


5/10/2018 - looks like the following is another way to accomplish the same crap
[acool@acool2 greenentre]$ find public/ -type f | xargs sed -i 's/\/6280\/Entre/\/6280\/greenEntre/g'

5/10/2018 - I also found the following interesting
grep -rl 'SearchString' ./ | xargs sed -i 's/REPLACESTRING/WITHTHIS/g'


[ view entry ] ( 1401 views )   |  print article
Load Balancing Riak with Keepalived (Draft) 
Saturday, October 4, 2014, 11:40 PM - - Riak Notes
Posted by Administrator
This is a working draft, like lots of things in this site. For dev purposes firewalld was turned off.

Cluster VIP:172.16.1.213

TODO: VRRP failover setup for load balancer (keepalived)
ALSO: It looks like I configured net.ipv4.ip_forward=1 in load balancer but failed to document it, check this when doing a new load balancer.

#####################Edge01 Configuration (loadbalancer 1)#########################
//keepalived.conf
! Configuration File for keepalived

global_defs {
#   notification_email {
#     me[at]example.net

#   }
#   notification_email_from not-replay[at]example.net
#   smtp_server 192.168.200.1
#   smtp_connect_timeout 30
   router_id LVS_DEVEL
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
    #    172.16.1.213
    #    172.16.1.254
    }
}

virtual_server 172.16.1.213 8098  {
    delay_loop 6
    lb_algo wlc
    lb_kind DR
    nat_mask 255.255.255.0
    persistence_timeout 50
    protocol TCP

    real_server 172.16.1.113 8098 {
        weight 1
        TCP_CHECK {
         connect_timeout 3
         connect_port 8098
        }
    }

    real_server 172.16.1.112 8098 {
        weight 100
        TCP_CHECK {
        connect_timeout 3
       connect_port 8098
        }
    }

    real_server 172.16.1.111 8098 {
        weight 100
        TCP_CHECK {
         connect_timeout 3
         connect_port 8098
        }
    }
}

//ifconfig (secondary address for VIP)
[acool@edge01 ~]$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:24:54:3A:66:4D
          inet addr:172.16.1.200  Bcast:172.16.1.255  Mask:255.255.255.0
          inet6 addr: fe80::224:54ff:fe3a:664d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:385 errors:0 dropped:0 overruns:0 frame:0
          TX packets:243 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:37042 (36.1 KiB)  TX bytes:35302 (34.4 KiB)

eth0:0    Link encap:Ethernet  HWaddr 00:24:54:3A:66:4D
          inet addr:172.16.1.213  Bcast:172.16.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:240 (240.0 b)  TX bytes:240 (240.0 b)

[acool@edge01 ~]$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:24:54:3a:66:4d brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.200/24 brd 172.16.1.255 scope global eth0
    inet 172.16.1.213/24 brd 172.16.1.255 scope global secondary eth0:0
    inet6 fe80::224:54ff:fe3a:664d/64 scope link
       valid_lft forever preferred_lft forever


#####################Real Server 2 ( 99% same output for other real servers) #########################
//DR-IPVS file
#!/bin/bash

VIP=172.16.1.213
host=`/bin/hostname`

/sbin/ifconfig lo down
/sbin/ifconfig lo up
echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce
echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce


/sbin/ifconfig lo:1 $VIP netmask 255.255.255.255 up
/sbin/route add -host $VIP dev lo:1


exit 1

//ifconfig
[acool@app02 ~]$ ifconfig
ens1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.1.112  netmask 255.255.255.0  broadcast 172.16.1.255
        inet6 fe80::216:d4ff:fe45:8ae1  prefixlen 64  scopeid 0x20<link>
        ether 00:16:d4:45:8a:e1  txqueuelen 1000  (Ethernet)
        RX packets 564  bytes 53931 (52.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 1
        TX packets 428  bytes 57911 (56.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 13  bytes 1360 (1.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 13  bytes 1360 (1.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo:1: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 172.16.1.213  netmask 255.255.255.255
        loop  txqueuelen 0  (Local Loopback)

[acool@app02 ~]$
[acool@app02 ~]$
[acool@app02 ~]$ ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 172.16.1.213/32 scope global lo:1
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:16:d4:45:8a:e1 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.112/24 brd 172.16.1.255 scope global ens1
       valid_lft forever preferred_lft forever
    inet6 fe80::216:d4ff:fe45:8ae1/64 scope link
       valid_lft forever preferred_lft forever



edge01 verification (keealived load balancer):
[acool@edge01 ~]$
[acool@edge01 ~]$
[acool@edge01 ~]$ sudo ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.16.1.213:8098 wlc persistent 50
  -> 172.16.1.111:8098            Route   100    1          0
  -> 172.16.1.112:8098            Route   100    0          0
  -> 172.16.1.113:8098            Route   1      0          0
[acool@edge01 ~]$
[acool@edge01 ~]$
[acool@edge01 ~]$


Riak ring verification:
[acool@app02 ~]$
[acool@app02 ~]$
[acool@app02 ~]$ sudo riak-admin member_status
================================= Membership ==================================
Status     Ring    Pending    Node
-------------------------------------------------------------------------------
valid      32.8%      --      'riak@172.16.1.111'
valid      32.8%      --      'riak@172.16.1.112'
valid      34.4%      --      'riak@172.16.1.113'
-------------------------------------------------------------------------------
Valid:3 / Leaving:0 / Exiting:0 / Joining:0 / Down:0
[acool@app02 ~]$
[acool@app02 ~]$
[acool@app02 ~]$
[acool@app02 ~]$ sudo riak-admin ring-status
================================== Claimant ===================================
Claimant:  'riak@172.16.1.113'
Status:     up
Ring Ready: true

============================== Ownership Handoff ==============================
No pending changes.

============================== Unreachable Nodes ==============================
All nodes are up and reachable

[acool@app02 ~]$


Finally, storing data in riak:
Angels-Mac-mini:~ webmaster$ curl -v -XPUT 172.16.1.213:8098/buckets/test-bucket/keys/friends?returnbody=true  -H "Content-Type: application/json" -d '{"Name":"Angel Cool"}'


Fetching data:
http://172.16.1.213:8098/buckets/test-bucket/keys/friends


Or using any of the real servers:
http://172.16.1.111:8098/buckets/test-bucket/keys/friends


Adding another node at a later time:
[webmaster@dev ~]$ sudo riak-admin cluster join riak@172.16.1.111
[webmaster@dev ~]$ sudo riak-admin cluster plan
[webmaster@dev ~]$ sudo riak-admin cluster commit


If plan does not look good:
[webmaster@dev ~]$ sudo riak-admin cluster clear



Riak must be bound to all interfaces: 0.0.0.0:8098

[aesteban@localhost ~]$ 
[aesteban@localhost ~]$ riak-admin status | grep riak_kv_version
riak_kv_version : <<"1.4.7-0-g5daeedd">>
[aesteban@localhost ~]$



[ view entry ] ( 1766 views )   |  print article
Restrict SFTP Users to Home Folder 
Friday, August 22, 2014, 09:42 PM - - Linux Notes
Posted by Administrator
Here is a guide for setting up SFTP users who’s access is restricted to their home directory.

Add the following to the end of the /etc/ssh/sshd_config file:
Subsystem sftp internal-sftp

# This section must be placed at the very end of sshd_config
Match Group sftponly
    ChrootDirectory %h
    ForceCommand internal-sftp
    AllowTcpForwarding no

This means that all users in the ‘sftponly’ group will be chroot’d to their home directory, where they only will be able to run internal SFTP processes.

Now you can create the group sftponly by running the following command:
$ groupadd sftponly

Set a user’s group:
$ usermod steve -g sftponly

To deny SSH shell access, run the following command:
$ usermod steve -s /bin/false

And set the user’s home directory:
$ usermod steve -d /folder

Finally, you probably need to restart SSH
$ service ssh restart

The SSH part should now be in order, but you should make sure that file permissions also are correct. If the chroot environment is in a user’s home directory both /home and /home/username must be owned by root and should have permissions along the lines of 755 or 750.

In other words, every folder leading up to and including the home folder must be owned by root, otherwise you will get the following error after logging in:

Write failed: Broken pipe
Couldn't read packet: Connection reset by peer



--------------------------------------------------
Credit (link as of 8-22-2014):
https://bensmann.no/restrict-sftp-users-to-home-folder/
Thanks Mr. Bensmann

NOTE: It's on my bucket list to test this.

[ view entry ] ( 1468 views )   |  print article
CentOS 7.- Using FirewallD instead of IPtables ..changes, changes and more changes. 
Wednesday, July 30, 2014, 05:47 PM - - Linux Notes
Posted by Administrator

Presentation

Firewalld is the new userland interface in RHEL 7. It replaces the iptables interface and connects to the netfilter kernel code. It mainly improves the security rules management by allowing configuration changes without stopping the current connections.

To know if Firewalld is running, type:

# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: active (running) since Tue 2014-06-17 11:14:49 CEST; 5 days ago
   ...

or alternatively:

# firewall-cmd --state
running

Note: If Firewalld is not running, the command displays not running.

If you’ve got several network interfaces in IPv4, you will have to activate ip_forwarding.
To do that, paste the following line in the /etc/sysctl.conf file:

net.ipv4.ip_forward=1

Then, activate the configuration:

# sysctl -p

Although Firewalld is the RHEL 7 way to deal with firewalls and provides many improvements, iptables can still be used.

Zone management

Also, a new concept of zone appears : all network interfaces can be located in the same default zone or divided into different ones according to the levels of trust defined.

To get the default zone, type:

# firewall-cmd --get-default-zone
public

To get the list of zones where you’ve got network interfaces assigned to, type:

# firewall-cmd --get-active-zones
public
interfaces: eth0

To get the list of all the available zones, type:

# firewall-cmd --get-zones
block dmz drop external home internal public trusted work

To get all the details about the public zone, type:

# firewall-cmd --zone=public --list-all
public (default, active)
  interfaces: eth0
  sources: 
  services: dhcpv6-client ssh
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules:

To change the default zone to home permanently, type:

# firewall-cmd --set-default-zone=home
success

Network interfaces can be assigned to a zone in a temporary (until the next reboot or reload) or permanent way.

To assign the eth0 network interface temporary to the internal zone, type:

# firewall-cmd --zone=internal --change-interface=eth0
success

To assign the eth0 network interface permanently to the internal zone (a file called internal.xml is created in the /etc/firewalld/zones directory), type:

# firewall-cmd --permanent --zone=internal --change-interface=eth0
success

To know which zone is associated with the eth0 interface, type:

# firewall-cmd --get-zone-of-interface=eth0
internal

Service management

After assigning each network interface to a zone, it is now possible to add services to each zone.
To allow the http service permanently in the internal zone, type:

# firewall-cmd --permanent --zone=internal --add-service=http
success
# firewall-cmd --reload

Note1: Type –remove-service=http to deny the http service.
Note2: The firewall-cmd –reload command is necessary to activate the change. Contrary to the –complete-reload option, current connections are not stopped.

To get the list of services in the default zone, type:

# firewall-cmd --list-services
dhcpv6-client ssh

Note: To get the list of the services in a particular zone, add the –zone= option.

Service firewall configuration

With the Firewalld package, the firewall configuration of the main services (ftp, httpd, etc) comes in the /usr/lib/firewalld/services directory. But it is still possible to add new ones in the /etc/firewalld/services directory. Also, if files exist at both locations for the same service, the file in the /etc/firewalld/services directory takes precedence.

For example, it is the case of the HAProxy service. There is no firewall configuration associated.
Create the /etc/firewalld/services/haproxy.xml and paste the following lines:

<?xml version="1.0" encoding="utf-8"?>
<service>
 <short>HAProxy</short>
 <description>HAProxy load-balancer</description>
 <port protocol="tcp" port="80"/>
</service>

Assign the correct SELinux context and file permissions to the haproxy.xml file:

# cd /etc/firewalld/services
# restorecon haproxy.xml
# chmod 640 haproxy.xml

Add the HAProxy service to the default zone permanently and reload the firewall configuration:

# firewall-cmd --permanent --add-service=haproxy
# firewall-cmd --reload

Port management

Port management follows the same model as service management.

To allow the 443/tcp port temporary in the internal zone, type:

# firewall-cmd --zone=internal --add-port=443/tcp
success
# firewall-cmd --reload

Note: type –remove-port=443/tcp to deny the port.

To get the list of ports open in the internal zone, type:

# firewall-cmd --zone=internal --list-ports
443/tcp

Masquerading

If your firewall is your network gateway and you don’t want everybody to know your internal addresses, you can set up two zones, one called internal, the other external, and configure masquerading on the external zone. This way, all packets will get your firewall ip address as source address.

To set up masquerading on the external zone, type:

# firewall-cmd --zone=external --add-masquerade

Note1: To remove masquerading, use the –remove-masquerade option.
Note2: To know if masquerading is active in a zone, use the –query-masquerade option.

Port forwarding

In addition to the masquerading, you can want to use port forwarding.
If you want all packets intended for port 22 to be now forwarded to port 3753, type:

# firewall-cmd --zone=external --add-forward-port=port=22:proto=tcp:toport=3753

Note1: To remove port forwarding, use the –remove-forward-port option.
Note2: To know if port forwarding is active in a zone, use the –query-forward-port option.
Also, if you want to define the destination ip address, type:

# firewall-cmd --zone=external --add-forward-port=port=22:proto=tcp:toport=3753:toaddr=10.0.0.1

Direct rules

It is still possible to set specific rules by using the direct mode (here to open the tcp port 9000) that by-passes the Firewalld interface:

# firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 9000 -j ACCEPT
success
# firewall-cmd --reload

Note: This last example has been borrowed from Khosro Taraghi’s blog.

To display all the direct rules added, type:

# firewall-cmd --direct --get-all-rules

Sources: RHEL7 Security Guide, wiki Fedora project.



All credit to:
http://www.certdepot.net/rhel7-get-started-firewalld/

..thanks guys :)

[ view entry ] ( 1886 views )   |  print article

<<First <Back | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | Next> Last>>


2024 By Angel Cool