Monthly Archives: November 2017

Linux® and Firewalls

We don’t want all the traffic we could possibly get to our Linux system. Some of it could be good, but some of it could also be bad. Some could just be, y’know, there. Like dust in the wind. But anyway, there’s traffic we don’t want near our system, like the traffic from people who want to do bad things to or with our computer. To prevent this, we use a firewall.

A physical firewall is a wall to prevent the spread of fire.

A Firewall for Fire

A Firewall for Fire

That would be spiffy, wouldn’t it? Surrounding the computer with a nice wall that prevents traffic. It would also make the computer weigh too much.

Instead, a computer firewall is a program. It’s designed to allow some traffic in and prevent other traffic from coming in. Similarly, it lets some traffic out but can prevent other traffic from going out.

For example, you want to surf the net, right? A firewall should let you do that. A web server is a server that hosts web pages (I know, I think it should have a spiffier name.) It runs on ports 80 and 443.

If you’re not running a web server, then there shouldn’t be any traffic trying to access that port. This being the Internet though, I bet someone does try. Just to be safe, let’s block it. We don’t actually put a block up like a physical firewall, we just drop the traffic. The computer says ‘what traffic? Never heard of it’.

On the other hand, if I start a connection to a web server and it says ‘well, today I’m going to reply on port 80’, you don’t want your firewall to drop that connection. You’d like your content, right? Give me http://www.computerlamp.net/ or bust!

That’s why there’s a rule that says ‘if I started the connection, let it finish’.

The standard firewall program for Linux is iptables. The rules can get quite complex, but so far, I’ve just talked about what we want the rules to do, not how to do them.

That’s next!

Linux® Scratch Paper

Sometimes in algebra when I’d be working out a problem, I’d find myself grabbing a small piece of paper and working out a side problem.   Like ‘gee, what IS 9×19’?  I need that to solve the problem, but my teacher hated it when I made what she called messy marks on my test.  So, I had to use scratch paper.

I even find myself using scratch paper today, like when I’m on my phone and someone says, ‘write down this number!’.  Normally I’d save that in my phone, but my phone doesn’t actually let me both listen to the number and save it in the phone.

Linux® needs scratch paper sometimes too!  Sometimes a process needs to write to a file to say, ‘I did this’ or ‘I did that’.  It doesn’t really do that.  It writes state to a file so that if it has to stop it can pick up where it left off.   state means that ‘Hey, this is what I was going now, let me know if I need it later.’

This can get complicated.  Every process would need its own directory to write its own files, so imagine keeping track of all of them.

Linux® likes to keep things simple and straightforward.  Unix is the same way, and Linux® picked up this trick from them.  Instead of each process having its own directory, we have one central directory that everyone has write permission to.  It’s called the /tmp/ directory.  tmp stands for temporary, so it’s meant for files that aren’t supposed to stick around.  In fact, every time you reboot your computer, the /tmp/ directory is emptied.

/tmp/ can have lots of files in it or it can be empty.  In fact, when I look at /tmp/ on Alpha, I see:

Alpha:~ computerlamp$ ls /tmp/
Alpha:~ computerlamp$

That means in my case, the directory is empty.  What does it look like on your system?

Block vs Character: Cage Match

In the last post, we looked at the contents of the file /proc/devices and saw a list of character devices and a list of block devices.  But what’s the difference between a block and a character?  And if there is a difference, when do we use a block vs character device?

Well, we know these are blocks:

Blocks

Blocks

And we know Ironman is certainly a character:

Ironman

Ironman

But that’s not what our devices do.  That would be silly if that’s what they did, right?  Our Linux® box isn’t Ironman and it isn’t a pile of blocks, it’s a computer that does things.

The difference between a block device and a character device is all in how your system communicates with it.  A character device is talked to one character at a time.  It doesn’t seem like it, but the terminal screen you type on is a character device.  One character at a time goes from your keyboard and to the screen (when you type) and one character at a time (although very quickly) goes from the output of the command you type and to the screen.

A block device sends its communications in blocks of data.  If you write information to a disk, like your USB drive or a hard drive, it goes in chunks of data.  For example, copying your file that contains all the Pokemons you’ve ever caught goes one big chunk at a time rather than P i k a c h u it sends it all together as Pikachu.

Now when we use Linux© we don’t care about block vs character.  We just care that what we type gets shown on the screen or what I copy to my USB drive goes to the drive.  How it really gets there isn’t important.

The people that really care about block vs character are the ones that have to write the code that makes the devices run.  That’s their job, but it is useful to know that there’s more than one type!

 

/proc and its files

Last time we talked about how /proc has directories for each process but that there were also some files in that directory.  This time we’ll talk about a couple of those files.  /proc and its files have lots of information about the running of your system.

Let’s start with meminfo.  That’s a weird name, right?  Well, surprise, surprise, it has something to do with memory.  It has the current state of the memory on your system.

MemTotal:       32953488 kB
MemFree:        12891648 kB
Buffers:           56460 kB
Cached:          7736136 kB
SwapCached:       720288 kB
Active:         12263732 kB
Inactive:        5540668 kB
Active(anon):    9316432 kB
Inactive(anon):  3067828 kB
Active(file):    2947300 kB
Inactive(file):  2472840 kB
Unevictable:       26100 kB
Mlocked:           15880 kB
SwapTotal:       3117180 kB
SwapFree:        1736868 kB
Dirty:              1820 kB
Writeback:             0 kB
AnonPages:       9560840 kB
Mapped:          2414060 kB
Shmem:           2369068 kB
Slab:             768816 kB
SReclaimable:     521000 kB
SUnreclaim:       247816 kB
KernelStack:       18416 kB
PageTables:       365784 kB
NFS_Unstable:          0 kB
Bounce:                0 kB
WritebackTmp:          0 kB
CommitLimit:    19593924 kB
Committed_AS:   27252100 kB
VmallocTotal:   34359738367 kB
VmallocUsed:      276548 kB
VmallocChunk:   34359361512 kB
AnonHugePages:    491520 kB
DirectMap4k:        7488 kB
DirectMap2M:     4179968 kB
DirectMap1G:    29360128 kB

That’s a lot of information and we don’t really care what it all means.  The first two lines are the interesting part, they tell us the total memory on the system (in kilobytes). This system has 32 Gigabytes of memory installed on it and 39% of it is being used.  (I figured that out by dividing the amount of memory being used by the memory on the system).

Another file is the devices file.  That’s a list of devices on the system.  Remember, /dev/  has a list of all possible devices, the devices file in /proc has a list of all the devices on the system.  I can cat that one and see:

Character devices:
  1 mem
  2 pty
  3 ttyp
  4 /dev/vc/0
  4 tty
  5 /dev/tty
  5 /dev/console
  5 /dev/ptmx
  7 vcs
 10 misc
 13 input
108 ppp
128 ptm
136 pts
229 hvc
254 uio

Block devices:
  1 ramdisk
259 blkext
  7 loop
  9 md
 43 nbd
147 drbd
202 xvd
253 device-mapper
254 mdp

So the question now is, what’s a block device and what’s a character device?  Tune in next time for more information… Same bat time, same bat station!