CentOS 7 firewalld and iptables firewall setup allow multicast traffic

CentOS 7 remove firewalld and enable iptables.service

1. 關閉及停止使用 Firewalld:
systemctl status firewalld
systemctl disable firewalld (Loaded: loaded, Active: active)
systemctl mask firewalld (Loaded: masked, Active: active)
systemctl stop firewalld (Loaded: masked, Active: inactive)
sudo reboot -h now

2. 安裝 iptables
yum install iptables-services

3. 啟動及設定開機執行 iptables
systemctl status iptables.service
systemctl enable iptables
systemctl start iptables

現在已經可以用 iptables, 增加及剛除 rules 的方法跟以前 Centos 5, 6 相同.

如果上述命令沒有 lokkit，可以自己用 yum install lokkit 安裝。事實上 lokkit 也只是設定 iptables 把 http 和 ssh 打開，如果原本就有開了也不用執行或手動自己設定 iptables 也可以。
sudo lokkit -s http -s ssh

Reference
https://www.digitalocean.com/community/tutorials/how-to-migrate-from-firewalld-to-iptables-on-centos-7

New iptables default rules:
[ricky@thrift1 bin]$ sudo iptables -S | tee ~/firewalld_iptables_rules
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

Edit the rule file so accept udp packets so that
sudo vi /etc/sysconfig/iptables
      8 -A INPUT -p udp -j ACCEPT
      9 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
     10 -A INPUT -p icmp -j ACCEPT
     11 -A INPUT -i lo -j ACCEPT
     12 -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
     13 -A INPUT -j REJECT --reject-with icmp-host-prohibited
     14 -A FORWARD -j REJECT --reject-with icmp-host-prohibited
     15 COMMIT

Restart to make it effective

sudo sh -c 'iptables-restore -t < /etc/sysconfig/iptables'

systemctl restart iptables.service

Linux CentOS 7 SSH Connection Refused after Reboot

Description

On CentOS 7, I am using SSH fine for a month. After doing some operation with "systemctl status/mask/disable/restart firewalld" followed by "sudo reboot -h now", I cannot use ssh and got "connection refused" after reboot.

Problem

ssh 127.0.0.1

connection refused

Log

journalctl -u sshd | tail -100

Bad configuration option:ForwardX11Trusted

ssh failed

Solution

Comment "ForwardX11Trusted" option in sshd_config file as follows.

sudo vi /etc/ssh/sshd_config

X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost no
#ForwardX11Trusted yes

Outcome

journalctl -u sshd | tail -100

-- Logs begin at Tue 2016-11-08 17:45:28 HKT, end at Tue 2016-11-08 17:49:45 HKT. --

Nov 08 17:45:47 pc009 systemd[1]: Started OpenSSH server daemon.

Nov 08 17:45:47 pc009 systemd[1]: Starting OpenSSH server daemon...

Nov 08 17:45:47 pc009 sshd[1033]: Server listening on 0.0.0.0 port 22.

Nov 08 17:45:47 pc009 sshd[1033]: Server listening on :: port 22.

Nov 08 17:45:54 pc009 sshd[2296]: Accepted password for user from 10.1.10.111 port 59915 ssh2

SQLite with Java in Eclipse

Download JAR
Download sqlite-jdbc-3.14.2.jar from bit bucket https://bitbucket.org/xerial/sqlite-jdbc/downloads

Create Project
Eclipse > File > New > Java Project > Project Name = SQLiteJDBC

Copy JAR File
Project > Right Click > New > Folder > lib > Right Click > Import > File System > from "Downloads" > select the downloaded JAR file

Add JAR to Build Path Libraries
Project > Right Click > Properties > Libraries > Add JARs

New Class

Project > Right Click > New > Class > Package = "com.sqlite.jdbc", Name = "SQLiteJDBC"

Code

package com.sqlite.jdbc;

import java.sql.Connection;

import java.sql.DriverManager;

public class SQLiteJDBC {

       public static void main(String[] args) {

              Connection c = null;

              try {

                     Class.forName("org.sqlite.JDBC");

                     //c = DriverManager.getConnection("jdbc:sqlite:mdp.db"); // current directory

                     c = DriverManager.getConnection("jdbc:sqlite:data/mdp.db"); // data directory

              }

              catch (Exception e) {

                     System.err.println(e.getClass().getName() + ": " + e.getMessage());

                     System.exit(0);

              }

              System.out.println("Opened database successfully");

       }

}

Run
SQLiteJDBC.java > Right Click > Run As > Java Application

Opened database successfully