≡ Menu

shell command

FAQ Updates: May/03/2012

Our FAQ section has been updated. Here are latest howtos:

Make the most of nixCraft FAQ Section

Get intimated about our new howtos / faqs as soon as it is released via RSS feed OR follow us on twitter OR join our 21k+ facebook fans for more tips and news about Linux.

Linux / UNIX: Determine where a binary command is stored / located on file system

You can use "type" or "whereis" command to find out which command shell executes and to print binary (command) file location for specified command.

whereis command example

Display ls command location along with man page path:
whereis ls
ls: /bin/ls /usr/share/man/man1p/ls.1p.gz /usr/share/man/man1/ls.1.gz

type command example

Find out which command the shell executes:
type -a ls
ls is aliased to `ls --color=tty'
ls is /bin/ls

Related: How Linux or UNIX Understand which program to run - PART I and How BASH Shell Command Search Sequence Works

April 6, 2007: nixCraft FAQ Roundup

Recently updated/posted Linux and UNIX FAQ:


February 6, 2007 : nixCraft FAQ Roundup

Recently updated/posted Linux and UNIX FAQ:

=> Shell command or script to write simple output on screen under Linux and UNIX

=> Delete a log files in Linux or UNIX

=> VSFTPD limit the number of simultaneous vsftpd connections for a single IP address

=> Gnome Desktop Keyboard Shortcut Keys

=> Disable Advanced power management (APM) on Linux

=> Locate files on linux, FreeBSD and UNIX system

=> List installed packages on Linux or FreeBSD / OpenBSD system

=> Howto: Use mysql or run mysql queries from shell script

=> Linux configure batch jobs using at command

=> Solaris add a new swap file for database

=> Apache server view performance status with mod_status configuration

=> Howto Secure portmap service using iptables and TCP Wrappers under Linux

How do I build a Simple Linux Firewall for DSL/Dial-up connection?

If you're new to Linux, here's a simple firewall that can be setup in minutes. Especially those coming from a Windows background, often lost themselves while creating linux firewall.
This is the most common question asked by Linux newbies (noobs). How do I install a personal firewall on a standalone Desktop Linux computer. In other words "I wanna a simple firewall that allows or permits me to visit anything from my computer but it should block everything from outside world".
Well that is pretty easy first remember INPUT means incoming and OUTPUT means outgoing connection/access. With following little script and discussion you should able to setup your own firewall.

Step # 1: Default Firewall policy

Set up default access policy to drop all incoming traffic but allow all outgoing traffic. This will allow you to make unlimited outgoing connections from any port but not incoming traffic/ports are allowed.
iptables -p INPUT DROP
iptables -p OUTPUT ACCEPT

Step # 2: Allow unlimited traffic from loopback (lo) device

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -i lo -j ACCEPT

Step # 3: Setup connection oriented access

Some protocol such as a FTP, DNS queries and UDP traffic needs an established connection access. In other words you need to allow all related connection using iptables state modules.
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

Step # 4: Drop everything else and log it

iptables -A INPUT -j LOG
iptables -A INPUT -j REJECT

But wait you cannot type all above commands at a shell command prompt. It is a good idea to create a script called fw.start as follows (copy and paste following script in fw.start file):

# A simple
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# Setting default filter policy
iptables -P INPUT DROP
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP

You can enhance your tiny firewall with

  • Create a script to stop a firewall
  • This is optional, if you wish to start a firewall automatically as soon as Debian Linux boots up use the instruction outlined here
  • Finally if you wanna open incoming ssh (port 22) or http (port 80) then insert following two rules before #DROP everything and Log it line in above script:

iptables -A INPUT -p tcp -i eth0 --dport 22 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp -i eth0 --dport 80 -m state --state NEW -j ACCEPT

Easy to use Linux firewall programs/tools

  • GUI tools - firestarter :: A graphical interfaced Open Source firewall for Linux. (highly recommended for Linux desktop users)
  • IPCop Firewall and SmoothWall :: Setup a dedicated firewall box. (highly recommended for Linux server and LAN/WAN users)