CentOS and RHEL iptables setting

Drop (block) Settings

Block incoming port connection
iptables -A INPUT -p tcp –destination-port 80 -j DROP

Block incoming port connection using network interface x
iptables -A INPUT -i eth1 -p tcp –destination-port 80 -j DROP

Block incoming port connection except for IP x (1.2.3.4)
iptables -A INPUT -p tcp -i eth1 -s ! 1.2.3.4 –dport 80 -j DROP

Block incoming port connection except for these IPs
iptables -A INPUT -p tcp -i eth1 -s ! 1.2.3.4,2.3.4.5,3.4.5.6 --dport 80 -j DROP

Block null packets
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
Block syn-flood packets
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
Block XMAS packets
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

Flush all firewall rules
iptables -F

Accept Settings

Open port for port x (eg: HTTP & HTTPS)
iptables -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 443 -j ACCEPT

Allow outgoing connection
iptables -I INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

Allow outgoing connection and block incoming (after setting other rules)
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP

Block DoS attack
iptables -A INPUT -p tcp –dport 80 -m limit –limit 25/minute –limit-burst 100 -j ACCEPT

PDF document conversion in CentOS 7 using unoconv and Libreoffice

yum install unoconv libreoffice-headless
reboot
unoconv -f pdf sample.doc

In CentOS 6.6, i have to start the listener to start conversion, but in CentOS 7, apparently i don’t have to start the listener to do conversion.

So in my case, i do not start the listener, but if u have to :
unoconv –listener &

Alternatively you can use libreoffice to do the conversion for you from the shell :

libreoffice –headless –invisible –convert-to pdf sample.doc