LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-13-2013, 07:13 PM   #1
j118
LQ Newbie
 
Registered: Jan 2013
Posts: 16

Rep: Reputation: Disabled
Newbie question about IPtables script


I'm having trouble with all traffic being blocked to my server whenever the ipables service is started (which always happens on a reboot). I have not yet altered any of the default values in IPtables, so I am unsure why this is happening.

I am running CentOS 6.3, and just installed the Plesk firewall GUI module, but have not changed the default settings on that either.

I am perfectly willing to do the weeks of work necessary to learn IPTables etc. but for this moment, I'm pretty desperate just to get it to stop blocking everything and locking me out in the meantime.

Can anyone who is knowledgeable about IPTables look at the following "iptables.save" and let me know what is blocking everything, and point me in the right direction?

I'm sure that if I could just get some initial "mentoring" on this, I could take it from there. I just need some guru to hold my hand a bit at first.

So what I have is this:


Code:
# Generated by iptables-save v1.4.7 on Thu Jan 10 17:45:19 2013
*mangle
:PREROUTING ACCEPT [434:24948]
:INPUT ACCEPT [434:24948]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7:8609]
:POSTROUTING ACCEPT [7:8609]
COMMIT
# Completed on Thu Jan 10 17:45:19 2013
# Generated by iptables-save v1.4.7 on Thu Jan 10 17:45:19 2013
*filter
:INPUT DROP [425:24480]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j REJECT --reject-with tcp-reset 
-A INPUT -m state --state INVALID -j DROP 
-A INPUT -i lo -j ACCEPT 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j REJECT --reject-with tcp-reset 
-A FORWARD -m state --state INVALID -j DROP 
-A FORWARD -i lo -o lo -j ACCEPT 
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A OUTPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j REJECT --reject-with tcp-reset 
-A OUTPUT -m state --state INVALID -j DROP 
-A OUTPUT -o lo -j ACCEPT 
COMMIT
# Completed on Thu Jan 10 17:45:19 2013

So what's killing all communication here???
 
Old 01-13-2013, 08:03 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,675
Blog Entries: 54

Rep: Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953
Traffic got filtered due to something (or somebody ;-p) mucking with the default rule set. This is what /etc/sysconfig/iptables looks like out of the box:
Code:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
It isn't the most strict or secure rule set but it allows HTTP and SSH traffic among other things.
 
Old 01-14-2013, 12:12 AM   #3
j118
LQ Newbie
 
Registered: Jan 2013
Posts: 16

Original Poster
Rep: Reputation: Disabled
Thanks! That is very helpful...as well as disturbing to see how much it's been messed up.

I basically need to allow:

- web access (port 80, and https)
- SMTP and POP
- SSH
- FTP
- access to port 3306 *only to the server's own IP*, to enable MySQL via localhost only.


I'll see if I can figure out how to do that, but if you want to help me along a bit in accomplishing that, I'd certainly not be apposed to any added help.

I really want to lock things down very well, but not block the vital ports and services.

Also, how do I apply these settings to IPTables? What is the best way?


Thanks again.
 
Old 01-14-2013, 04:42 AM   #4
LeoPap
Member
 
Registered: Jan 2013
Distribution: Centos
Posts: 97
Blog Entries: 1

Rep: Reputation: 5
Opening a port on iptables is very easy, i am sure that you have already found out how to do it.

I would just wanted to warn you about port 80 and port 22. Be aware of them, there are a tricky ports.

Also using mapped ports, would be better.
 
Old 01-14-2013, 06:07 AM   #5
bijo505
Member
 
Registered: Nov 2012
Location: Bangalore
Distribution: Fedora & Ubuntu
Posts: 77

Rep: Reputation: 18
Quote:
Originally Posted by j118 View Post

Code:
# Generated by iptables-save v1.4.7 on Thu Jan 10 17:45:19 2013
*mangle
:PREROUTING ACCEPT [434:24948]
:INPUT ACCEPT [434:24948]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7:8609]
:POSTROUTING ACCEPT [7:8609]
COMMIT
# Completed on Thu Jan 10 17:45:19 2013
# Generated by iptables-save v1.4.7 on Thu Jan 10 17:45:19 2013
*filter
:INPUT DROP [425:24480]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j REJECT --reject-with tcp-reset 
-A INPUT -m state --state INVALID -j DROP 
-A INPUT -i lo -j ACCEPT 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j REJECT --reject-with tcp-reset 
-A FORWARD -m state --state INVALID -j DROP 
-A FORWARD -i lo -o lo -j ACCEPT 
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A OUTPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j REJECT --reject-with tcp-reset 
-A OUTPUT -m state --state INVALID -j DROP 
-A OUTPUT -o lo -j ACCEPT 
COMMIT
# Completed on Thu Jan 10 17:45:19 2013
Hi J118,

There is noting wrong with your current configuration. it is not connecting to the server due to missing rules. If you add the rules according to your requirement will solve the issue. I have added the rule for ssh, so you can do it your self for the rest of the requirement.
I added the rule no 1 for logging and 4 for ssh in the input chain. Logging will help you to find out, which rules you need to add to the chains. After the configuration, you can remove the logging rule. But if you are new to iptables, I suggest you to try to install APF or Arno's firewall. That will help you to configure firewall for you.

http://www.rfxn.com/projects/advanced-policy-firewall/
http://rocky.eld.leidenuniv.nl/jooml...d=46&Itemid=77

Code:
# Generated by iptables-save v1.3.5 on Mon Jan 14 02:49:03 2013
*filter
:INPUT DROP [1679:575794]
:FORWARD DROP [0:0]
:OUTPUT DROP [34:2378]
-A INPUT -j LOG  # This I added for enable logging.
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,PSH,ACK SYN -m state --state NEW -j REJECT --reject-with tcp-reset 
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT # This is for enabling ssh request to the server.
-A INPUT -m state --state INVALID -j DROP 
-A INPUT -i lo -j ACCEPT 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j REJECT --reject-with tcp-reset 
-A FORWARD -m state --state INVALID -j DROP 
-A FORWARD -i lo -j ACCEPT 
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A OUTPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j REJECT --reject-with tcp-reset 
-A OUTPUT -m state --state INVALID -j DROP 
-A OUTPUT -o lo -j ACCEPT 
COMMIT
# Completed on Mon Jan 14 02:49:03 2013
And also please have a look at the following URL's
http://wiki.centos.org/HowTos/Network/IPTables
http://www.thegeekstuff.com/2011/01/...-fundamentals/
http://www.thegeekstuff.com/2011/03/...utbound-rules/

And also if you are playing with remote server, you can add the following rule in the crontab, so iptables will be restarted every 20 minutes.
Code:
*/20 * * * * /etc/rc.d/init.d/iptables restart
then add the rules and save the new rules in to a file..
Code:
iptables-save >/tmp/iptables.txt
and if you did anything wrong, you will get the access again after 20 minutes and you can edit this file and restore it with the help of
Code:
iptables-restore < /tmp/iptables.txt

Last edited by bijo505; 01-14-2013 at 06:55 AM.
 
Old 01-14-2013, 07:48 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,675
Blog Entries: 54

Rep: Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953
Quote:
Originally Posted by LeoPap View Post
I would just wanted to warn you about port 80 and port 22. Be aware of them, there are a tricky ports.
Also using mapped ports, would be better.
And why would that be? If you say stuff like that then you should also explain why.


Quote:
Originally Posted by bijo505 View Post
I added the rule no 1 for logging and 4 for ssh in the input chain.
...in a way like one would write ipchains rules. Your SSH rule doesn't use --state NEW like it should and with logging you should use state and rate limiting, maybe you forgot the OP uses a DROP policy.


Quote:
Originally Posted by bijo505 View Post
if you are new to iptables, I suggest you to try to install APF or Arno's firewall.
If one is new to iptables the best suggestion is to use the tools the Linux distribution provides (like http://www.centos.org/docs/5/html/5....-iptables.html) and then get acquainted with Netfilter (like reading the standard http://www.frozentux.net/documents/iptables-tutorial/). Tools like Arno's firewall may come in handy after one acquired basic Netfilter knowledge but generally speaking (not LMD, that's actually useful) using RFx tools lead to brain rot for marketing talk it uses to promote its "features" and a false sense of security for the convoluted, old school approach it takes to filtering. After all it's only a layer on top of things and IMNSHO nothing "special".


Quote:
Originally Posted by j118 View Post
- web access (port 80, and https)
- SMTP and POP
- SSH
- FTP
- access to port 3306 *only to the server's own IP*, to enable MySQL via localhost only.
The "-i lo" and "-o lo" rules already take care of any localhost traffic:
Code:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state INVALID -j DROP
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -m multiport --dports 20:22,80,110,143,993,995,443 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT -m limit --limit 1/s -j LOG --log-prefix "REJECT "
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
 
Old 01-14-2013, 08:06 AM   #7
LeoPap
Member
 
Registered: Jan 2013
Distribution: Centos
Posts: 97
Blog Entries: 1

Rep: Reputation: 5
Quote:
Originally Posted by unSpawn View Post
And why would that be? If you say stuff like that then you should also explain why.

So you believe that leaving port 22 open on a Server with internet connection is absolutely fine??

I really don't think so!!

Also have in mind that the OP is not a "Security Guru"!
 
Old 01-14-2013, 08:59 AM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,675
Blog Entries: 54

Rep: Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953
Quote:
Originally Posted by LeoPap View Post
So you believe that leaving port 22 open on a Server with internet connection is absolutely fine??
I really don't think so!!
Instead of trying to 'tisk' me (epic fail BTW) you could have taken my question as a cue to educate the OP about at least using pubkey auth and fail2ban (or point to http://www.linuxquestions.org/questi...tempts-340366/ of you can't or don't want to)...
 
Old 01-14-2013, 09:10 AM   #9
bijo505
Member
 
Registered: Nov 2012
Location: Bangalore
Distribution: Fedora & Ubuntu
Posts: 77

Rep: Reputation: 18
Quote:
Originally Posted by unSpawn View Post
...in a way like one would write ipchains rules. Your SSH rule doesn't use --state NEW like it should and with logging you should use state and rate limiting, maybe you forgot the OP uses a DROP policy.
[/code]
Hi UnSpawn,
Kindly accept my apology, if anything wrong....Not arguing..... Just want to say my rule will work with out any issue. [Just now I tested that with out giving the state and rate limit]
Code:
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,PSH,ACK SYN -m state --state NEW -j REJECT --reject-with tcp-reset 
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT # This is for enabling ssh request to the server.
In the 3rd rule, it is clearly saying that if the tcp flag not set to SYN (and set FIN,RST,PSH,ACK )and the state is new, it will get rejected. So in the next rule, if the packet, which match packets with the SYN flag set, and the ACK,FIN,RST,PSH are unset and state is NEW,it will allow the ssh. So no need to explicitly specify the --state NEW in the rule and if we don't specify the 4th rule, system will not allow ssh.
But I like your rule as the 4th rule rather that me. While writing the rule, I thought about only ssh not any other service...
Code:
iptables -t filter -I INPUT 4 -m state --state NEW -m tcp -p tcp -m multiport --dports 20:22,80,110,143,993,995,443 -j ACCEPT

Last edited by bijo505; 01-14-2013 at 09:28 AM.
 
1 members found this post helpful.
Old 01-14-2013, 09:36 AM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,675
Blog Entries: 54

Rep: Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953Reputation: 2953
Quote:
Originally Posted by bijo505 View Post
Not arguing (..) In the 3rd rule, it is clearly saying that if the tcp flag not set to SYN (and set FIN,RST,PSH,ACK )and the state is new, it will get rejected. So in the next rule, if the packet, which match packets with the SYN flag set, and the ACK,FIN,RST,PSH are unset and state is NEW,it will allow the ssh. So no need to explicitly specify the --state NEW in the rule.
Arguing based on facts is always good and yes, you're right: I overlooked the TCP flags! My apologies.
OTOH I still would not recommend it as a way to filter access because it allows access based on a single TCP flag and bypasses conntrack which you already use. Until you face new-not-SYN and other problems I'd suggest (simplified, re-ordered):
Code:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -m state --state INVALID -j DROP 
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m limit --limit 1/s -j LOG --log-prefix "IN_allowed "
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
# etc, etc.
or easier to troubleshoot missing access:
Code:
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -m state --state INVALID -j DROP 
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
-A INPUT -m state --state NEW -m limit --limit 1/s -j LOG --log-prefix "IN_denied "
-A INPUT -m state --state NEW -j REJECT --reject-with icmp-host-prohibited
# etc, etc.
 
1 members found this post helpful.
Old 01-14-2013, 09:59 AM   #11
LeoPap
Member
 
Registered: Jan 2013
Distribution: Centos
Posts: 97
Blog Entries: 1

Rep: Reputation: 5
Quote:
Originally Posted by unSpawn View Post
Instead of trying to 'tisk' me (epic fail BTW) you could have taken my question as a cue to educate the OP about at least using pubkey auth and fail2ban (or point to http://www.linuxquestions.org/questi...tempts-340366/ of you can't or don't want to)...
Replying with attitude doesn't help. Instead of saying "And why would that be? If you say stuff like that then you should also explain why" , you could have say something like, " Good notice LeoPap, perhaps you would like to explain more on the OP about these ports, and why they are risky?"

Cheers,
Leo

Last edited by LeoPap; 01-14-2013 at 10:00 AM.
 
Old 01-14-2013, 11:02 AM   #12
j118
LQ Newbie
 
Registered: Jan 2013
Posts: 16

Original Poster
Rep: Reputation: Disabled
OK, this is starting to make sense to me. I actually find this easier to follow than the dumbed-down Plesk Firewall GUI.

(Thanks for all of your responses above!)

One thing I'm having trouble with though is saving the new script so that it's used each time the server restarts (vital).

When I type:

Code:
# /sbin/service iptables save
It says:

Code:
iptables: Saving firewall rules to /etc/sysconfig/iptables: /etc/init.d/iptables: line 268: restorecon: command not found
                                                           [FAILED]

Performing a:

Code:
# locate iptables
Gives me:

Code:
/bin/iptables-xml
/etc/rc.d/init.d/iptables
/etc/rc.d/rc0.d/K92iptables
/etc/rc.d/rc1.d/K92iptables
/etc/rc.d/rc2.d/S08iptables
/etc/rc.d/rc3.d/S08iptables
/etc/rc.d/rc4.d/S08iptables
/etc/rc.d/rc5.d/S08iptables
/etc/rc.d/rc6.d/K92iptables
/etc/sysconfig/iptables-config
/sbin/iptables
/sbin/iptables-multi
/sbin/iptables-restore
/sbin/iptables-save
/usr/share/doc/iptables-1.4.7
/usr/share/doc/iptables-1.4.7/COPYING
/usr/share/doc/iptables-1.4.7/INCOMPATIBILITIES
/usr/share/doc/iptables-1.4.7/INSTALL
/usr/share/man/man8/iptables-restore.8.gz
/usr/share/man/man8/iptables-save.8.gz
/usr/share/man/man8/iptables-xml.8.gz
/usr/share/man/man8/iptables.8.gz

So what am I doing wrong??

Note: I don't currently have the iptables service running, as it will lock me out. Also, I am doing this all on a remote server via SSH (if that wasn't already obvious). So any misstep will lock me out and shut down my business for anyone buying my products (which would be very bad).

I need to get this new rule-set saved ASAP, as currently, the next time the server restarts I (and everyone else) will be locked out.

Any help would be much appreciated.
 
Old 01-14-2013, 11:08 AM   #13
LeoPap
Member
 
Registered: Jan 2013
Distribution: Centos
Posts: 97
Blog Entries: 1

Rep: Reputation: 5
It seems to me that the installation was not completed sucesfully.

restorecon is provided by policycoreutils package. You can try uninstalling and re-installing policycoreutils package and see if you get restorecon file under /sbin

Try to run : yum install policycoreutils

Last edited by LeoPap; 01-14-2013 at 11:44 AM.
 
Old 01-14-2013, 11:39 AM   #14
j118
LQ Newbie
 
Registered: Jan 2013
Posts: 16

Original Poster
Rep: Reputation: Disabled
Thanks again for the responses!

Wow, really? This is a dedicated virtual server from a major web host (GoDaddy). Why would policycoreutils be missing? I just reprovisioned the server with the latest install of CentOS 6.3 too.

running:

Code:
# yum info
shows that I have policycoreutils 2.0.83 installed properly.

I don't get it. Is this command not in some path it needs to be in? Or am I needing to be in a certain directory before issuing the command?


Doing a:

Code:
# locate restorecon
Finds nothing.

So if I have to uninstall and reinstall that, will I need to reboot the server? (doing so will lock me out if the new script isn't saved)

I just want to proceed carefully, and make sure I know what I'm doing before uninstalling the policycoreutils
 
Old 01-14-2013, 11:43 AM   #15
LeoPap
Member
 
Registered: Jan 2013
Distribution: Centos
Posts: 97
Blog Entries: 1

Rep: Reputation: 5
To be honest i don't know if you need to restart your server after installing policycoreutils package. Although i don't believe that you will need to restart your server.

I google you problem and every post i met, says that installing policycoreutils package, is the solution to your problem.
So give it a try and let's hope that everything will work fine.

Don't forget to inform us!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTables Script Question eggman95 Linux - General 2 07-14-2006 05:57 AM
iptables newbie question Beauford-2 Linux - Security 4 09-26-2004 05:41 AM
iptables newbie question TurtleBay Linux - Newbie 10 10-09-2003 03:37 PM
Newbie Question - IPTables cyberperson Linux - Networking 1 03-14-2003 11:22 PM
iptables script question iceman47 Linux - Networking 1 12-18-2002 11:39 AM


All times are GMT -5. The time now is 04:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration