How to Whitelist an IP with IP Tables

I’ve had a server for a while now that I usually don’t use for much. From time to time I tell myself that I should start using it for some personal projects, but I never really do. Until now…

About a week ago I decided to finally do something with it besides hosting buzu.me. From some time now I’ve had a small app to manage a side business of mine. I had it running on a local host on a laptop that I could take anywhere to manage my business, but at times that became a little problematic for numerous reasons, including pure laziness to turn the computer on, or not being able to register a payment because I didn’t have the laptop close when visiting friends who had happen to purchase something “on credit”.

Last Saturday while at the store, which by the way opens only on Saturdays in a farmers market of sorts, I decided to take the time to start setting up the server for my app, and in the process I locked my self out of it after failing to login a couple of times. I contacted support to ask them to remove my IP from the blacklist, and was able to log in again just to lock myself out again trying to ssh into the server instead of using the control panel. I asked support to again remove my IP address from the blacklist, and to resend my SSH login information. It turns out it was different from my control panel information.

Since, in the past, this has happened to me a couple of times, I decided to just learn how to remove my IP from the blacklist so that if I ever lock myself out again on a certain IP because of a mistype or something I could just connect to another network and log in correctly to remove my original IP from the blacklist. Given how my server blocks any IP after only 3 failed attempts, it is not really unthinkable that at some point I will need to clear my IP from the blacklist.

It turns out that using iptables this is a really simple process:

  1. Find out the IP you want to clear out.
  2. Search the iptables filter table for that IP to get the rule number.
  3. Delete that chain/rulenumber

You can find the IP address that you want to remove by connecting to that network and using any of the services out there to check your IP.

To search iptables for that IP you can do this in the console:

iptables -L --line-numbers | grep "111.111.111.111"

using your ip instead of 111.111.111.111. That will return the lines where that IP is found. Those are the lines you need to remove, but before doing that you will need to find out the chain where those lines are. For this you can just list all the rules for the filter table, and look for the lines you got before:

iptables -L --line-numbers

You do not have to look at all the rules one by one, but rather at the line number you got before in each of the chains. Once you find a line that matches, just look a few lines before. Right before the first line in the current sequence of lines you should see a line with no number that starts with “Chain ” and then it says the chain name. In my specific case searching for my IP in iptables got me 2 results in  DENYIN, and DENYOUT respectively.

Once you have this information all you have to do is delete those lines:

iptables -D DENYIN NNN

Where NNN is the line number you want to remove, and DENYIN is your chain name which may be different.

You should do this with care as it relates to the security of your server.

If you would like to learn more about iptables​ you can read the manual:

man iptables

Setting Up Canon G3111 on Mac OS Mojave

Today I was setting up the home printer on the Mac OS Mojave machine, and, although there is a driver download page from canon, there is no download button, or at least I  couldn’t find one. The printer doesn’t seem to support AirPrint, and none of the other options in the printer settings seemed to work. The solution: find a driver.

A quick search got me to this page https://ijcanon.com/canon-pixma-g3110-drivers-download/ where I selected the CUPS driver for Mac OS, and went through the set up process. After that was done, I went to system preferences > Printers & Scanners, and clicked the plus button. The printer was listed in the Default section, and I selected it as I had been doing previously, and again, no driver was auto-selected for it. I selected the “Select software” option in the section labeled “Use”, and this time, there was a G300 driver option on the list that appeared. That option wasn’t there previously. I selected that, and Clicked Add to add the printer. The printer is now set up and working.

The Weird Case of the Modem that Would Work With Only One of the Devices Connected to It.

I received a message this morning from my brother, who said to be having problems with his modem. He said, that all the sudden all the devices connected to it stopped getting internet service, except for one. The devices seemed to be connected, but the internet would not work on any of them, except for the Roku they use to make their TV a little smarter. I said I would stop by to check it later, and so I did.

Just like he had explained, only the Roku could connect to the internet. My initial thought was that the Roku, for some reason was hugging the internet all for its own, so I disconnected it, and nothing changed. The other devices still were unable to connect to the internet. I knew for sure that the devices were connected and that the modem was recognizing them because I could see them in the modem’s settings panel.

I must have spent over half an hour looking at all the settings in the modem over and over, changing channels, and other settings with no luck. When I was about to give up, it occurred to me that it could be a DNS issue. This right after my brother demonstrated how WhatsApp was the only internet app that seemed to work. I updated the DNS in a Mac we had wired to the modem, and just as I hit the Apply button, a bunch of notifications and what not started showing up in the screen. Vioala!

I adjusted the DNS settings on the modem, and then all the connected devices started working well. I don’t know who his ISP is, and why in the world their DNS would stop working, but I’m glad there are open DNS servers. As far as for why the Roku was the only device that was working well, it seems Roku uses custom DNS.

Debugging Apache Virtual Host Config

This is just a quicktip I found while doing a quick search for the sintax for a virtual host in apache: You can run apachectl -t -D DUMP_VHOSTS to run config test for virtual hosts. This will report any error there may be with your config. I found this is a great way to debug virual host config files. You can read more about apachectl on https://httpd.apache.org/docs/current/programs/apachectl.html