Iptables, is a great tool to create firewall in Linux, actually it is not only for that, but useful to pre-process or post-process any package of data that arrives to our Linux Operating System machine.

The other day I was needing to block the access to my network using the mac address of a machine, and Iptables come to save my day.

This is my scenario, I have an open Access Point (Do not never do that, always keep your access points closed, using WEP or better WPA, or mac address filtering).

There are times when you might need to filter the traffic on your firewall using MAC addresses instead of IP addresses, iptables has the option to do it.

From the man page of iptables:

Note that this only makes sense for packets coming from an Ethernet device and entering the PREROUTING, FORWARD or INPUT chains.

Note: Use this only as your last resort, and only if you also have a firewall protecting your server, this is dangerous to apply, and if you do, try to go back to the previous (default) configuration as soon as possible.

When trying to connect via ssh to a server, I got this answer from the server.

ssh_exchange_identification: Connection closed by remote host

last is another command for the system admin tool box, it displays the login history of all or any specific user.

Yo do not need to be root to use it:

last

For Desktop computers, this is usually needless, as you may be the only user logged in at an any given time, but if you are a server admin, you know that there may be a lot of users connected to the Server at a given time.

It is useful to know who they are, and maybe also, what are they doing, this for security reasons, but also if you are planning any server maintenance or reboot, you will have to know who are logged, and what are they doing to know if you can reboot the server in that moment, or have to wait.

I am paranoid about security, I am always looking for new ways to secure my server or even my Desktop PC, which sometimes I left up and running.

One of the beauties about Linux is that it is really easy to administer it remotely, but that is also one of the major concerns about Linux security, if you have weak passwords, you are exposed to attacks, there are lots of ways to protect yourself, one of the easiest is to close the firewall, and only permit access to port 22 from some specific IPs, but this is not an option if you travel a lot or if you do not have a fixed IP, at the place you use to be when you access your remote server.

Another approach is to have something like DenyHosts or fail2ban, both of them do almost the same, they block a port, (22 in the most used cases) when a threshold point of number of tries have been reached.

Now I have found another way, you may have your firewall closed by default, but you will be able to open it when you need to access your server, and closed it again after use, the package that will do the magic is knockd, and as its name says, you will knock the door of the firewall and it will open itself for you, but you will need a secret type of knock, it is like the "Open/Close, Simsim" (Open/Close sesame).

Now, let's go to the point, and see how to install and use knockd

You may know that if you type

sudo [command]

Your password will be asked, but if you type it again in a few seconds, it will not be asked, because Linux "remember" your password for some time, well if you are really concerned about this, you may force Linux to "forget" your password inmediately.

How to do it?

sudo visudo

First of all, if you forget your admin Ubuntu password, you will need physical access to the PC in order to recover your password.