Xem tivi trực tiếp trên máy tính bằng VLC Player
Được đăng bởi Mr Zin at 11 tháng chín, 2011
MEATV là phiên bản thử nghiệm của Công ty Điện toán và Truyền số liệu VDC trên nền website tại địa chỉ MegaTV
Đây là dịch vụ xem phim và truyền hình trực tuyến chất lượng cao với tốc độ vượt trội được xây dựng trên nền tảng công nghệ mới của Octoshape, kết hợp với hạ tầng dịch vụ giá trị gia tăng sẵn có của VDC.
Hôm nay mình lập topic này, share các bạn list các kênh để có thể xem trực tiếp trên máy tính, lựa chọn xem các kênh 1 cách nhanh chóng và còn có thể ghi lại những chương trình mình yêu thích bằng VLC mà không cần phải vào tv.vnn.vn.
- Trước hết các bạn down phần mềm VLC về, tải tại đây (v1.1.11 - win 32): http://nchc.dl.sourceforge.net/proje...1.11-win32.exe
- Phần mềm hỗ trợ Octoshape: http://www.octoshape.com/files/octosetup.exe
- Sau đó download list channel của MEGATV: http://www.box.net/shared/gud7kad4sly9kd5h1ch0
or
http://www.mediafire.com/download.php?tksdo989m4b0341
List các kênh:
Hình ảnh 1 số kênh:
*** Một số lưu ý:
- Để hiển thị list các kênh thì các bạn ấn tổ hợp phím Ctrl + L hoặc nhấn nút:
- Để list hiện song song cùng màn hình player thì các bạn chọn View => bỏ tick ở Docked Playlist.
- Một số bạn phàn nàn rằng đang coi bình thường thì VLC tự động nhảy sang kênh khác, để tránh trường hợp này, các bạn nhấn vào nút sau:
- Đây đang là dịch vụ thử nghiệm nên số lượng kênh còn ít, 1 thời gian nữa có lẽ sẽ bổ sung thêm.
- Hiện tại thì các mạng đều coi được.
- Đây là công nghệ P2P, càng đông người vào xem càng nhanh, k lo bị giật.
- 1 số stream thi thoảng sẽ bị lỗi tạm thời, lúc sau thử lại là coi dc.
- Nếu bạn nào coi hình bị dẹt thì chuột phải vào màn hình, chọn Video => Aspect Ratio => chọn 4:3 hoặc 16:9.
- Có thể record (ghi lại) được bằng cách ấn View => Advanced Controls, sau đó ấn vào nút hình tròn màu đỏ để bắt đầu ghi, dừng ghi thì ấn Stop. File sau khi record sẽ được lưu mặc định ở My Videos (còn nếu thu các kênh của IPTV thì file sẽ được lưu ở My Documents).
- Bạn nào đang sử dụng FPT thì down list này (đã kết hợp danh sách kênh của IPTV & MEGATV): http://www.box.net/shared/3ogn5r82j5p2m86olraf
or
http://www.mediafire.com/?sb4ca67aigmqfv3
*** BẠN NÀO LẤY LIST STREAM MEGATV CỦA MÌNH QUA TOPIC, FORUM KHÁC THÌ LÀM ƠN GHI RÕ NGUỒN. THANKS!
Chúc các bạn vui vẻ!
26/08: ►►► Update: VTC6, VTC16, DRT2, KG1, THP, MTV, BRT1, DVTV, TRT1, NTV, Cần Thơ.
31/08: ►►► Update: LTD (Lâm Đồng), KTV (Khánh Hòa), NOW TV, RT (Russia Today), DW-TV Asien, TV5 Monde, BTV2, BTV3, VTV Huế, VTV6.
Nguồn Vn-zoom.Com
A Cost-Optimized Set-Top Box Architecture
By Stuart Ryan, Andrew Jones, Robert Deaves STMicroelectronics R&D Ltd
Abstract:
This paper presents a cost-optimized system on chip architecture for cable-based high definition TV set-top box platforms with integrated DOCSIS channel bonding and high speed home networking.
The architecture has several features which lower its system cost, including high-levels of integration, supporting contiguous memory over multiple independent memory controllers and support for very low power management.
1. Introduction
Current developments in the provision of all-digital interactive TV and domestic internet services have been driven by increased functional demand by the consumer, increased price competition among service providers and international green initiatives.
Customer requirements are directed towards an expanded number of services requiring higher data bandwidths and an ability to easily update software. For service providers, higher bandwidths support additional revenue streams such as video-on-demand, home networking, gaming and web-based services. A key issue for service providers is to drive down the cost of set top boxes (STBs) which can offer these new services. Several standards have arisen whose goal is to increase competition amongst STB manufacturers by removing proprietary technology barriers. It is likely that in the near future that the power consumption levels of STBs will be classified and will become critical in the marketing of these devices.
This paper describes a new architecture which addresses these next-generation requirements and discusses the emergent architectural trends in this class of consumer device.
2. Context
In the Cable TV and broadband market the introduction of DOCSIS[10] channel bonding allows a high bandwidth network connection to a subscriber's home, enabling a transition from a traditional video broadcast model to an IP multicast model. This "fat pipe" means an increased number of HD video streams, including on-demand content and interactive services can be delivered in a set-top box with integrated cable modem. The latest plans from the largest North American cable TV operators target products with an expected life span of 7 years. By supporting user downloadable applications through a Java based middleware new features can be added at any time. The required JVM as well as an unknown amount of compute power for the applications leads to a steep increase in CPU requirements. The amount of compute power required for network processing within these devices is driven not only by the channel bonded DOCSIS, but also home networking and an upcoming transition to IPv6 on operator networks. Against this background of ever-growing functionality, the industry faces a push towards lower power implementations. Forthcoming legislation is likely to mandate a standby consumption of less that 1 Watt. Contemporary, less feature-rich, set-top boxes consume approximately 30 Watts in standby [1].
By specifying a common middleware (CableLabs Tru2way) as well as standards-driven security, for example Multi-Stream CableCARD and DLNA/DTCP, the operator can chose from a large number of vendors for its set-top boxes, leading to increased cost pressure. To further reduce operating costs operators wish to use the box's cable modem to deliver diagnostic information to their head end. This implies that the cable modem must be robust to software malfunctions in the video portion of the platform.
The described architecture aims to increase the level of SoC integration within the set-top box and to optimize the memory system enabling the implementation of powerful, low-cost products.
3. Architecture
This architecture can be considered as the integration of the highest performance HD AVC decoding back-end in the industry with the highest performance cable modem front-end available.
We conducted a systems review of contemporary designs in this space with the goal of identify those aspects which would have the largest effect on lowering overall system cost but could achieve the flexibility necessary to meet anticipated requirements. This architecture is our attempt at producing a design which improves significantly on those which have gone before.
Fig. 1: Architecture Comparison
CPU
In order to service the processing requirements an unprecedented amount of CPU power was added to support the application software model. This allows headroom not only for the downloadable Java applications but also the emerging network processing loads. The deployment of Symmetric Multi-processors are imminent in this space. However, today, a good balance between the requirements of legacy software and performance is to implement a homogenous asymmetric multi-processor (AMP) architecture. We decided to use two super-scalar 32bit RISC host CPUs with vector floating point units. Both CPUs see an identical address map which, combined with a steerable interrupt controller, allows high flexibility in the allocation of processing to CPUs. The use of a full interrupt routing crossbar between the host CPUs and the other CPUs gives a lot of flexibility when allocating processing to CPUs. This is critical not only to support the downloadable application model but also when standard use-cases are confirmed late in the design process and so we need to supply both high performance and high flexibility.
This architecture is implemented by a pair of ST40-300 CPUs [2], and a pair of ST231 VLIW CPUs all four running at 450MHz, delivering a total of 2600 Dhrystone MIPS.
Memory
In order to minimise DRAM cost an analysis of the memory use of an embedded cable modem (eCM) and an embedded set top box (eSTB) was performed. The best cost/performance trade-off was found to be by implementing two 16-bit DDR2-800 interfaces. This arrangement brings the ability to populate system memory with a non-power of 2 megabytes. For example, applications requiring 384MB can be supported directly rather than having to over specify a 512MB system.
A pair of memory interfaces has the advantage of having a higher peak efficiency than a single interface of double the width. It can also simplify the task of bandwidth sharing between very high-bandwidth relatively latency-tolerant IP like video decoders and much lower bandwidth but relatively latency-sensitive IP like CPUs. However, in practice higher performance can only be attained if the bandwidth requirements between the two DRAM controllers is balanced.
The memory architecture is able to abut the memory regions allocated to each DRAM controller. This means that linux implementations do not require discontiguous memory support and the memory wastage which accompanies hardware partitioned memory spaces can be avoided.
Fig. 2 The topology of the NOC
Architecture analysis revealed that by using a 64KB SRAM buffer to aid DOCSIS packet processing the external memory bandwidth was reduced, and the need for hardware packet filters was avoided. In particular by DMA-ing DOCSIS packet headers directly into on-chip memory allowed a 7-fold decrease in latency enabled us to remove the necessity for the CPU to access packet buffers held in DRAM for packets which would be ultimately discarded.
A key challenge was to support a high-speed secure boot from the lowest-cost flash which gives the capacity and performance required by the customer.
Boot time is an important parameter for set top boxes and contemporary designs are commonly criticized in this aspect. Crucially, by selecting a CPU with 16-bit instructions we were able to significantly diminish the application footprint compared to other CPU architectures with 32-bit ISAs. For example, the flash image size of the linux kernel is 1.4x larger with a MIPS32 4K processor than with an ST40-300. This not only means that Flash size may be reduced but that booting can be quicker.
Integration
Further cost savings are made through the integration of multiple QAM demodulators and the fact that the eCM and eSTB can communicate via shared memory, rather than over a USB interface, see Fig.1 [4].
Network on chip
The problems of bandwidth scalability, high area occupancy and high power consumption meant that we had to look beyond the type of first generation networks on chip implemented in current chips carrying STBUS, AMBA or OCP-IP protocols.
The central interconnect of the chip implements a protocol-neutral switch of high-speed narrow connections. At the boundary of the switch are a set of network interfaces (NI) which are able to convert between a protocol based switching medium (STBUS) and a flit-based network on chip.
Fig.3 A network on chip
This arrangement meant that timing could be easily met at an interconnect clock rate of 200MHz – which hitherto had always been an issue.
Software architecture
The statically partitioned software architecture is shown in Fig.4, see also [9]. By using OS21 as a lightweight RTOS on one CPU prompt handling of DOCSIS MAC management frames is ensured. Running Linux on the other CPU provides an application-friendly platform for middleware and the customer's differentiating software. In order to make best use of the total processing capacity, a task previously in the domain of the eSTB, decapsulating video which arrived over a network interface, can be off-loaded to the CPU running the eCM. The decapsulation task then injects the recovered streams into the transport subsystem of the eSTB. To the eSTB application it appears that the video arrived as a standard video broadcast thereby enabling a large amount of software reuse.
Fig.4: Software architecture
In order to support application robustness across a dual-processor architecture it was necessary to enhance the way that watchdog timers (WDTs) are normally used in the event of software failures. By providing 3 watchdog timers, one CPU can be designated the master, the other the slave. If the slave CPU WDT triggers it resets itself and sends an interrupt to the master, the reset of the system continues to run. On servicing the slave's reset interrupt the master CPU can execute the diagnostic routines and report to the headend over DOCSIS. If either the system WDT or master WDT trigger the entire device can be reset.
The security infrastructure has the responsibility to restrict which data flows are allowed. Each instance of the device will have its security configured in order to limit IP to being only able to access those areas the software architect decrees is necessary for the correct functioning of the part. It was necessary to extend this infrastructure to prevent the eCM and eSTB subsystems from corrupting each others memory region
Fig. 5: Watchdog timer deployment
4. Low Power
With current technology there are a myriad of different power saving techniques at the architectural, integration and IP design levels. Due to industry initiatives, legislative mandate, and environmental issues it became key that this chip exhibited the lowest power consumption possible.
The first thing that we did was increase the number of independent clock domains from, typically 3-4, to 18-20 (dependent on configuration) to give finer grain control of IP level clock gating.
We also implemented an agile clocking scheme with support for per-domain dynamic frequency changing and per-domain clock gating; allied with smart, operating-mode aware, low power software drivers, this allows the dynamic power consumption of the device to match the task being performed. Thus we achieve the goal of the device appearing to be on and responsive to the head-end, whilst operating in a low-power state.
Implementing the device in a half-node optical shrink (55LP) of an existing, low leakage, process (65LP) allows an instant power saving of approximately 10% compared to the full node.
The DDR2 DRAM controller specification was enhanced to support transparent auto entry into an Auto-Precharge Power-Down mode (APPD) when the memory is infrequently used. This can save up to 90% of the power consumed by the memory devices in an idle system, with no impact to the software running on the device.
By aggressively integrating system functionality into the device a number of external components, including multiple QAM demodulators, and a USB hub can be removed from the set-top box. The unification of the memory map between the DOCSIS cable modem and the set-top box host processor and IP removes the requirement for dedicated Flash and DDR memories, bringing a reduction in chip count and significant power saving.
Supporting boot from NAND Flash allows the system designer to remove the small NOR boot Flash traditionally found in systems using a high capacity NAND component for mass storage.
The dual memory interface architecture allows the storage associated with video decode and display to be placed into a low power state without affecting the operation of the other processes within the device. A dual CPU architecture allows the macro functions, eCM & eSTB, to enter low-power states independently.
We estimate that this will help STBs to an average 50% power saving over the current generation. In the UK alone this would represent a saving of 3.2TWh/year or 2 million tonnes of CO2 per annum.[1]
5. Conclusion
In this paper we have outlined how we optimized a highly complex SoC for cost, performance and power whilst having the flexibility to deal with evolving specifications and a downloadable software model.
We used a flexible multi-core CPU architecture because it met the requirements of legacy software and provided sufficient performance at low power. By focusing on an optimal memory architecture and super integration a lower bill of materials for this new generation of set-top boxes is possible. Robustness and diagnostic facilities are provided by integrating the CPUs with this in mind and by leveraging the existing security infrastructure. The regular nature of this architecture allows for rapid silicon and software design, a 160 million transistor device was fabricated in a 65/55 nanometer processes. An early floorplan is outlined below (not strictly to scale).
6. Acknowledgements
Thanks to Neil Frost, Michel D'Hoe and Jean-Yves Danckaert for their continued expertise in this technology. As usual we relied on an outstanding SoC design team at STMicroelectronics Bristol, in particular, Paul Ravenhill, Claire Bonnet and Davide Sarta for their experience, insights and pragmatism in implementing these architectural techniques. That this chip has been completed and brought to market on time owes much to our project manager Andrew Lunness.
7. References
[1] NRDC Study of Set Top Box and Game Console Power Use
[2] S. Narita, "SH4 RISC Microprocessor for multimedia, gaming machine" IEEE Design, Automation and Test in Europe, 2001.
[3] R. Deaves and A. Jones, "A Toolkit for Rapid Modeling, Analysis and Verification of SoC Designs", IPSOC, Nov. 2003.
[4] MoCA Organization, "Cable and Satellite Digital Entertainment Networks", white paper, 2007.
[5] M. Grimwood et al, "Enhancing the DOCSIS cable modem specifications with an advanced physical layer for upstream transmission", in IEEE ConsumerElectronics, 2000.
[6] R. Deaves and A. Jones, "An IP-based SoC Design Kit for Rapid Time-to-Market", IPSOC, Dec. 2002.
[7] W. J. Dally, B. Towles - Principles and practices of interconnect networks - Morgan Kaufmann Publishers, ISBN 0-12-200751-4
[8] A Jones & S. Ryan.A re-usable architecture for functional isolation of SoCs. IP 07 – IP Based Electronic System Conference. Dec 2007
[9] R Deavs, A Jones, M Habets & S Ryan Embedded Software Architecture specification developments in support of SoC design and reuse. IP 08 – IP Based Electronic System Conference. Dec 2008
[10] www.cablemodem.com for DOCSIS (Data Over Cable Service Interface Specification)
Fig. 6: An early floorplan of the chip
Tạo khung chứa code cho bài viết cách 5
20:43 Fairstar 0 Nhận xét
Bạn viết blog thường có kèm theo code HTML để giới thiệu. Bạn muốn bài đăng của mình được đẹp hơn trong mắt người đọc.
Lần trước mình đã giới thiệu Đặt code trong khung trên bài viết của Blogger (Xem ở đây). Bài này mình sẽ giới thiệu cho các bạn các mẫu pre code ( Khung chèn code ) đẹp cho blogspot.
Bài viết này sẽ hướng dẫn các bạn một cách khá đơn giản nhưng cũng rất chuyên nghiệp để đặt đoạn code mình cần trích dẫn vào bài đăng trên blog. Với cách làm này đoạn mã hiển thị sẽ trông dễ nhìn hơn và người đọc dễ sao chép khi muốn sử dụng. Xem ảnh Demo
Vậy thì hôm nay tôi xin hướng các bạn cách làm đó. Hãy làm theo các bước sau:
B1: Login vào bảng điều khiển -> Thiết kế -> Sửa HTML.
B2: Nhấn CTRL + F để tìm dòng sau: ]]> , sau đó hãy thêm đoạn code dưới ngay trên dòng vừa tìm được.
.codeview {
margin : 15px 35px 15px 15px;
padding : 10px;
clear : both;
list-style-type : none;
background : #f9f9f9 url(http://i888.photobucket.com/albums/ac87/luanbony/khothuthuat-3.jpg) no-repeat right bottom;
border-top : 1px solid #eeeeee;
border-right : 2px solid #cccccc;
border-bottom : 2px solid #cccccc;
border-left : 1px solid #eeeeee;
}
.codeview li {
font-size : 13px;
line-height : 24px;
font-family : "Courier New", "MS Sans Serif", sans-serif, serif;
color : #333333;
font-weight : normal;
margin : 0;
padding : 0;
}
Vậy là bạn đã chỉnh sửa HTML thành công rồi ! Bây giờ khi viết bài đăng, hãy dùng code sau chèn vào bài viết và dán code cần hiển thị vào giữa.
Đặt code vào tại đây
Chúc thành công!
Sử dụng Vật lý trị liệu trong điều trị thoát vị đĩa đệm
Vật lý trị liêu thường đóng vai trò quan trọng trong quá trình phục hồi thoát vị đĩa đệm. Những phương pháp của nó không chỉ giúp giảm đau lập tức mà còn dạy bạn cách huấn luyện cơ thể và phòng ngừa tổn thương. Có nhiều kỹ thuật vật lý trị liệu. Trị liệu thụ động có tác dụng thư giãn cơ thể bằng cách massage các mô sâu, nóng và lạnh liệu pháp, kích thích điện (TENS) và thủy liệu pháp.
Chương trình vật lý trị liệu thường bắt đầu với trị liệu thụ động trước. Nhưng khi cơ thể đã hồi phục, bạn sẽ bắt đầu trị liệu chủ động để tăng cường sức mạnh cho cơ thể và ngăn những cơn đau tái phát.
Trị liệu thụ động
- Massage mô sâu. Có hơn 100 loại massage nhưng massage mô sâu là lựa chọn lý tưởng nhất nếu bạn bị thoát vị đĩa đệm do nó dùng áp lực để giảm áp lực và giảm sức co của các cơ sâu xuất hiện để ngăn chuyển động các cơ ở vùng bị bệnh.
- Liệu pháp nóng và lạnh. Cả liệu pháp nóng và lạnh đều có những lợi ích riêng của chúng và kỹ thuật viên sẽ thay đổi giữa chúng để cho kết quả tốt nhất. Các kỹ thuật viên có thể dùng nhiệt để tăng lượng máu lưu thông đến khu vực mục tiêu. Máu sẽ giúp làm lành những khu vực này bằng cách cung cấp thêm oxy và chất dinh dưỡng và loại bỏ những chất thải do co thắt cơ. Ngược lại, liệu pháp lạnh sẽ làm chậm tuần hoàn giúp làm giảm viêm, giảm co cơ và giảm đau. Bạn sẽ được đặt một túi đá lên khu vực đau, hoặc được massage đá, hoặc thậm chí dùng bình xịt fluoromethane để làm lạnh mô viêm.
- Thủy liệu pháp. Như cái tên của nó, thủy liệu pháp là phương pháp điều trị bằng nước. Vì đây là phương pháp trị liệu thụ động nên thủy liệu pháp chỉ là ngồi vào bồn nước xoáy hoặc ngồi dưới vòi sen nước ấm. Thủy liệu pháp giúp giảm đau nhẹ nhàng và thư giãn cơ.
- Dùng điện kích thích thần kinh qua da (TENS - Transcutaneous electrical nerve stimulation). Là phương pháp sử dụng máy tạo ra một dòng điện kích thích cơ. Tuy nghe có vẻ nặng nề nhưng nó thật sự không gây đau đớn. Các điện cực gõ vào da của bạn để gửi những dòng điện nhỏ đến các điểm trên đường đi của dây thần kinh. TENS giúp làm giảm co thắt cơ và thường được cho là có tác dụng kích thích tiết ra endorphin là chất gây giảm đau tự nhiên của cơ thể.
- Kéo xương. Mục đích là để làm giảm hiệu quả của trọng lực lên cột sống. Bằng cách kéo nhẹ nhàng các xương ra xa nhau, mục đích là nhằm làm giảm thoát vị đĩa đệm. Phương pháp này cũng tượng tự như hiện tượng chỗ lốp xe ôtô bị xẹp "biến mất" khi bạn đặt cái kích ở phía dưới xe để giải phóng áp lực khỏi lốp. Có thể thực hiện kéo xương ở cột sống cổ hoặc cột sống thắt lưng.
Trị liệu chủ động
Trị liệu chủ động có mục đích nhắm vào sự mềm dẻo, tư thế, sức mạnh, độ ổn định thân người và chuyển động khớp. Nó không chỉ giúp hạn chế những cơn đau tái phát mà còn có lợi ích cho sức khỏe toàn diện của bạn nữa.
- Ổn định thân người. Nhiều người không nhận ra tầm quan trọng của một thân người khỏe đối với sức khỏe của cột sống. Các cơ thân (cơ bụng) giúp các cơ lưng hỗ trợ cho cột sống. Khi các cơ này yếu, nó sẽ tạo thêm áp lực cho các cơ lưng. Các chuyên gia vật lý trị liệu sẽ dạy bạn những bài tập để ổn định cơ thân giúp lưng vững vàng hơn.
- Độ mềm dẻo. Học những kỹ thuật duỗi và uốn thích hợp sẽ chuẩn bị cho bạn bước vào các bài tập aerobic và những bài tập nặng. Ngoài ra nó còn giúp cơ thể di chuyển dễ dàng hơn không còn cứng nhắc nữa.
- Thủy liệu pháp. Ngược với thủy liệu pháp trong trị liệu thụ động, thủy liệu pháp chủ động có thể là tập aerobics dưới nước giúp cơ thể tránh được những áp lực không cần thiết.
- Tăng sức mạnh của cơ. Các cơ mạnh là một hệ thống hỗ trợ tốt cho cột sống và giúp chịu đựng những cơn đau tốt hơn.
Các chuyên gia vật lý trị liệu sẽ dạy bạn cách luyện tập và làm lưng mạnh hơn để ngăn những cơn đau trong tương lai. Họ cũng sẽ dạy bạn những nguyên tắc tự chăm sóc bản thân để giúp bạn hiểu được cách tốt nhất để điều trị triệu chứng của mình.
Mục tiêu cuối cùng đối với bạn là phát triển kiến thức để duy trì một cuộc sống không có sự xuất hiện của những cơn đau. Điều cơ bản là bạn học các tập luyện sau khi đợt điều trị chính thức kết thúc. Nếu không thực hiện đầy đủ những bài học đã được hướng dẫn trong chương trình vật lý trị liệu, bạn có thể sẽ không thấy được hiệu quả lâu dài của nó.
(Theo Yhoc-net.com)
Linux Commands
A B C D E F G H I K L M N P Q R S T U V W XYZ
References and answers
back to beginning
A
alias Create your own name for a command
arch print machine architecture
ash ash command interpreter (shell)
awk (gawk) pattern scanning and processing language
B
basename Remove directory and suffix from a file name
bash GNU Bourne-Again Shell
bsh Command interpreter (Shell)
bc Command line calculator
bunzip2 Unzip .bz2 files
C back to commands top
cat Concatenate a file print it to the screen
chgrp Change the group designation of a file
chmod Change file permissions
chown Change the owner of a file
cjpeg Compress an image file to a JPEG file
clear Clear terminal screen (command line)
comm Compare two sorted files
stty cooked Formatting the display of text in a terminal
cp Copy command
cpio Copy files to and from archives
csh C Shell
cut Print selected parts of lines to standard output
D back to commands top
date Display date and time
dc Command line calculator
df Show amount of disk space free
diff Determine difference between two files
diff3 Determine difference between 3 files
dig Interrogate DNS name servers
djpeg Decompress a JPEG file to an image file
dmesg Print or control the kernel ring buffer (print out bootup messages)
dnsdomainname Show the system's DNS domain name
doexec Run an executable with an arbitrary argv
domainname Show or set the system's NIS/YP domain name
dos2unix Converts plain text files in DOS/MAC format to UNIX format
du Show disk useage
dumpkeys Write keyboard driver's translation tables to std output
E back to commands top
echo Display a line of text
ed Line-oriented text editor
egrep Print lines matching a pattern
elinks A text mode WWW browser (supports frames)
env Dislay the path
ex Start Vim in ex mode
eject Eject media from device ( command line )
F back to commands top
factor Display prime factors of a number
false Exit with a status code indicating failure
fdisk The fdisk command with usage examples
fgrep Variant of grep
find Find a file
finger Displays information about the system users
fixps Try to fix common PostScript problems that break postprocessing
free Display free memory
G back to commands top
grep Search for a pattern using regular expression
gtar See the tar command
gunzip Unzip .gz files
gzip Compress using Lempel-Ziv coding (LZ77)
H back to commands top
halt Stop the system
hdparm Get/set harddisk parameters
head Print the first 10 lines of a file to standard output
hostname Show or set the system's host name
history Display entire command history
HISTSIZE Change history size
httpd Start Apache
I back to commands top
identify Describes the format and characteristics of image files.
id Print information for username, or the current user
ifconfig Display network and hardware addresses
igawk Gawk with include files
ipcalc Calculate IP information for a host
K back to commands top
kbd_mode Report or set the keyboard mode (RAW, MEDI- UMRAW or XLATE)
kill Terminate a process
L back to commands top
last Show listing of last logged in users
lastlog Formats and prints the contents of the last login log /var/log/lastlog file
link Call the link function to create a link to a file
links See elinks
ln Create a link to the specified TARGET with optional LINK_NAME
loadkeys Load keyboard translation tables
locate Locate a file
login Sign on
look Displays any lines in file which contain "string" as a prefix.
ls List directory contents
lsmod List loaded kernel modules
lynx Command to start the Lynx browser
M back to commands top
mac2unix Converts plain text files in DOS/MAC format to UNIX format
mail A mail processing system, which has a command syntax like ed
man Display a particular manual entry
manweb Manweb is part of the Netpbm package
mdu Display the amount of space occupied by an MSDOS directory
mkdir Create a directory
mkfs Make a filesystem on a drive
mknod Make block or character special files
mktemp Make temporary filename (unique)
more Page through text one screenful at a time.
mount Mount a filesystem/device
mt Control magnetic tape drive operation
mv Move and / or rename files
:
N
namei Follow a pathname until a terminal point is found
nano An enhanced free Pico clone
nc arbitrary TCP and UDP connections and listens
(note that nc is also called the client interface
to the NEdit program but it is not the
command that invokes nedit-nc on current systems)
ncftp Browser program for the File Transfer Protocol
nedit-nc nedit-nc is the client interface to the NEdit text editor
netstat Display verbose info about network processes and ports
nice Run a command with modified priority
nisdomainname Show or set system's NIS/YP domain name
nslookup query internet domain name servers
P
paste Merge lines of files
pdf2dsc Generate a PostScript page list of a PDF document
pdf2ps Convert PDF file "input.pdf" to PostScript(tm) in "output.ps"
pdfinfo Print contents of the 'Info' dictionary (plus some other useful information) from a PDF file
pdftotext Convert pdf files to plain text
perl (start) Practical Extraction and Report Language
pgawk The profiling version of gawk
pico Text editor that comes with Pine (from the University of Washington)
pine Email program used by The University of Washington
ping6 Ping
ping Send ICMP ECHO_REQUEST to network hosts
pinky A lightweight 'finger' program;
pr Format for printing
ps Processes running
ps2ascii Ghostscript translator from PostScript or PDF to ASCII
ps2epsi Generate conforming Encapsulated PostScript
ps2frag Obsolete shell script for the PSfrag system
ps2pdf12 Convert PostScript to PDF 1.2 (Acrobat 3 and later compatible) using ghostscript
ps2pdf13 Convert PostScript to PDF 1.3 (Acrobat 4 and later compatible) using ghostscript
ps2pdf14 Use ps2pdfwr: Convert PostScript to PDF without specifying Compatibility Level, using ghostscript
ps2pdf Convert PostScript to PDF using ghostscript
ps2pdfwr Convert PostScript to PDF without specifying Compatibility Level, using ghostscript
ps2pk creates a TeX pkfont from a type1 PostScript font
ps2ps ps2ps uses gs to convert PostScript(tm) file "input.ps" to simpler and (usually) faster PostScript in "output.ps"
psbook Rearranges pages from a PostScript document into "signatures" for printing books or booklets
pwd Print Working Directory
Q back to commands top
quota display disk usage and limits
R back to commands top
resize Xterm window size
readelf Displays information about ELF files
reboot Stop the system, poweroff, reboot
red red is a restricted ed: it can only edit files in the current directory and cannot execute shell commands
rename Rename files
rmdir Remove a directory
rm Remove files or directories
rpm rpm command options
rundig Sample script to create a search database for ht://Dig
rview The GUI version of Vim in easy mode with restrictions
rvi Vi / Vim editor
S back to commands top
sed Stream editor
setfont Load EGA/VGA console screen font
set gid Set group id
set serial Get / set Linux serial port info
set uid Set user id
sfdisk Modified fdisk program
sftp Secure file transfer protocol (ftp)
sh Shell (BASH)
shred Safely remove data from disk drive
sleep Delay for a specified amount of time
slocate Security Enhanced version of the GNU Locate
sort Sort lines of a text file
ssh Secure shell connection command
stty change and print terminal line settings
stty raw Unformatted output to terminal
su Become super user ( root )
switchdesk Graphical and text mode interface for choosing desktop environment
sync Force changed blocks to disk, update the super block
ssh Secure shell connection command
T back to commands top
tail Print the last 10 Lines of a file standard output
tar Create an Archive
tcsh Enhanced completely compatible version of the Berkeley UNIX C shell, csh
tee Copy standard input to each file, and also to standard output
telnet User interface to the telnet protocol
time Run the specified program command with the given arguments
touch Change file timestamps
tracepath6 See tracepath
tracepath Trace path to a network host discovering MTU along this path
traceroute6 See traceroute
traceroute Print the route packets take to network host
tree Display file tree
true Exit with a status code indicating success
tty Print name of terminal connected to standard output
U back to commands top
umask File creation mask / Bash builtins
umount Detache file system(s) mentioned from file hierarchy
uname Print system information ( kernel version )
unicode_start Put keyboard and console into Unicode (UTF-8) mode
unicode_stop Undo the effect of unicode_start
unlink Call the unlink function to remove the specified file
uniq Remove duplicate lines from sorted file
updatedb Update the slocate database
unset gid Group id change
unset uid User id change
untar Unarchive ( untar ) a file
unzip Unzip .zip files
useradd Add new user
users Output who is currently logged in according to system records
usleep Sleep a given number of microseconds. default is 1
V back to commands top
view Start vim in read-only mode
vi Start the vi editor
W back to commands top
w Show who is logged on and what they are doing
wc Word count of a file
wget Non-interactive download of files from the Web
whatis Search the whatis database for complete words (command names)
whereis Locate a command or file
which Find command path
whoami Print effective userid
who show who is logged on
whois Client for the whois service
X,Y,Z back to commands top
xinit Start Xserver
xpdf Portable Document Format (PDF) file viewer for X windows
xrandr Change resolution running Xwindows ( command line )
ypdomainname show or set the system's NIS/YP domain name
zcat Compress or expand files
zip Compression and file packaging utility for Unix, VMS, MSDOS, OS/2, Windows NT, Minix,
Atari and Macintosh, Amiga and Acorn RISC OS. It is analogous to a
combination of the UNIX commands tar(1) and compress(1) and is
compatible with PKZIP (Phil Katz’s ZIP for MSDOS
systems)
zipinfo List detailed information about a ZIP archive
Troubleshooting Memory Usage
Processing dying unexpectedly? Want to know if you need more memory?
Check your /var/log/messages. If you see (on a 2.4.23 kernel):
Dec 11 10:21:43 www kernel: __alloc_pages: 0-order allocation failed (gfp=0x1d2/0)
Dec 11 10:21:44 www kernel: __alloc_pages: 0-order allocation failed (gfp=0x1f0/0)
Or (on a pre-2.4.23 kernel):
Dec 7 23:49:03 www kernel: Out of Memory: Killed process 31088 (java).
Dec 7 23:49:03 www kernel: Out of Memory: Killed process 31103 (java).
Or on a Xen-based VPS console:
swapper: page allocation failure. order:0, mode:0x20
[<c01303a4>] __alloc_pages+0x327/0x3e3
Then your programs need more memory than they can get.
Interpreting Free
To see how much memory you are currently using, run free -m. It will provide output like:
:~$ free -m
total used free shared buffers cached
Mem: 2008 1951 57 0 142 575
-/+ buffers/cache: 1234 774
Swap: 3812 35 3777
The top row 'used' (85) value will almost always nearly match the top row mem value (90). Since Linux likes to use any spare memory to cache disk blocks (34).
The key used figure to look at is the buffers/cache row used value (46). This is how much space your applications are currently using. For best performance, this number should be less than your total (90) memory. To prevent out of memory errors, it needs to be less than the total memory (90) and swap space (9).
If you wish to quickly see how much memory is free look at the buffers/cache row free value (43). This is the total memory (90)- the actual used (46). (90 - 46 = 44, not 43, this will just be a rounding issue)
Interpreting ps
If you want to see where all your memory is going, run ps aux. That will show the percentage of memory each process is using. You can use it to identify the top memory users (usually Apache, MySQL and Java processes).
For example in this output snippet:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 854 0.5 39.2 239372 36208 pts/0 S 22:50 0:05
/usr/local/jdk/bin/java -Xms16m -Xmx64m -Djava.awt.headless=true -Djetty.home=/opt/jetty -cp /opt/jetty/ext/ant.jar:/opt/jetty/ext/jasper-compiler.jar:/opt/jetty/ext/jasper-runtime.jar:/opt/jetty/ext/jcert.jar:/opt/jetty/ext/jmxri.jar:/opt/jetty/ext/jmxtool
We can see that java is using up 39.2% of the available memory.
Interpreting vmstat
vmstat helps you to see, among other things, if your server is swapping. Take a look at the following run of vmstat doing a one second refresh for two iterations.
# vmstat 1 2
procs memory swap io system cpu
r b w swpd free buff cache si so bi bo in cs us sy id
0 0 0 39132 2416 804 15668 4 3 9 6 104 13 0 0 100
0 0 0 39132 2416 804 15668 0 0 0 0 53 8 0 0 100
0 0 0 39132 2416 804 15668 0 0 0 0 54 6 0 0 100
The first row shows your server averages. The si (swap in) and so (swap out) columns show if you have been swapping (i.e. needing to dip into 'virtual' memory) in order to run your server's applications. The si/so numbers should be 0 (or close to it). Numbers in the hundreds or thousands indicate your server is swapping heavily. This consumes a lot of CPU and other server resources and you would get a very (!) significant benefit from adding more memory to your server.
Some other columns of interest: The r (runnable) b (blocked) and w (waiting) columns help see your server load. Waiting processes are swapped out. Blocked processes are typically waiting on I/O. The runnable column is the number of processes trying to something. These numbers combine to form the 'load' value on your server. Typically you want the load value to be one or less per CPU in your server.
The bi (bytes in) and bo (bytes out) column show disk I/O (including swapping memory to/from disk) on your server.
The us (user), sy (system) and id (idle) show the amount of CPU your server is using. The higher the idle value, the better.
Resolving: High Java Memory Usage
Java processes can often consume more memory than any other application running on a server.
Java processes can be passed a -Xmx option. This controls the maximum Java memory heap size. It is important to set a limit on the heap size, otherwise the heap will keep increasing until you get out of memory errors on your VPS (resulting in the Java process - or even some other, random, process - dying.
Usually the setting can be found in your /usr/local/jboss/bin/run.conf or /usr/local/tomcat/bin/setenv.sh config files. And your RimuHosting default install should have a reasonable value in there already.
If you are running a custom Java application, check there is a -XmxNNm (where NN is a number of megabytes) option on the Java command line.
The optimal -Xmx setting value will depend on what you are running. And how much memory is available on your server.
From experience we have found that Tomcat often runs well with an -Xmx between 48m and 64m. JBoss will need a -Xmx of at least 96m to 128m. You can set the value higher. However, you should ensure that there is memory available on your server.
To determine how much memory you can spare for Java, try this: stop your Java process; run free -m; subtract the 'used' value from the "-/+ cache" row from the total memory allocated to your server and then subtract another 'just in case' margin of about 10% of your total server memory. The number you come up with is a rough indicator of the largest -Xmx setting you can use on your server.
Resolving: High Spam Assassin Memory Usage
Are you running a Spam Assassin 'daemon'? It can create multiple (typically 5) threads/processes and each of those threads can use a very large amount of memory.
SpamAssassin works very well with just one thread. So you can reduce the 'children' setting and reclaim some memory on your server for other apps to run with.
for location in /etc/default/spamassassin /etc/sysconfig/spamassassin; do
if [ ! -e $location ]; then continue; fi
replace "SPAMDOPTIONS=\"-d -c -m5 -H" "SPAMDOPTIONS=\"-d -c -m1 -H" -- /etc/init.d/spamassassin
replace "\-m 10 " "-m 1 " -- $location
replace "\-m 5 " "-m 1 " -- $location
replace "\-m5 " "-m1 " -- $location
replace "max-children 5 " "max-children 1 " -- $location
done
Another thing to check with spamassassin is that any /etc/procmailrc entry only does one spamassassin check at a time. Otherwise if you receive a batch of incoming email they will all be processed in parallel. This could cause your server CPU usage to spike, slowing down your other apps, and it may cause your server to run out of memory.
To make procmailrc run only one email at a time through Spamassassin use a lockfile on your recipe line. e.g. change the top line of:
:0fw:
# The following line tells Procmail to send messages to Spamassassin only if they are less thatn 256000 bytes. Most spam falls well below this size and a larger size could seriously affect performance.)
* < 256000
| /usr/bin/spamc
To:
:0fw:/etc/mail/spamc.lock
# The following line tells Procmail to send messages to Spamassassin only if they are less thatn 256000 bytes. Most spam falls well below this size and a larger size could seriously affect performance.)
* < 256000
| /usr/bin/spamc
Resolving: High Apache Memory Usage
Apache can be a big memory user. Apache runs a number of 'servers' and shares incoming requests among them. The memory used by each server grows, especially when the web page being returned by that server includes PHP or Perl that needs to load in new libraries. It is common for each server process to use as much as 10% of a server's memory.
To reduce the number of servers, you can edit your httpd.conf file. There are three settings to tweak: StartServers, MinSpareServers, and MaxSpareServers. Each can be reduced to a value of 1 or 2 and your server will still respond promptly, even on quite busy sites. Some distros have multiple versions of these settings depending on which process model Apache is using. In this case, the 'prefork' values are the ones that would need to change.
To get a rough idea of how to set the MaxClients directive, it is best to find out how much memory the largest apache thread is using. Then stop apache, check the free memory and divide that amount by the size of the apache thread found earlier. The result will be a rough guideline that can be used to further tune (up/down) the MaxClients directive. The following script can be used to get a general idea of how to set MaxClients for a particular server:
#!/bin/bash
echo "This is intended as a guideline only!"
if [ -e /etc/debian_version ]; then
APACHE="apache2"
elif [ -e /etc/redhat-release ]; then
APACHE="httpd"
fi
RSS=`ps -aylC $APACHE |grep "$APACHE" |awk '{print $8'} |sort -n |tail -n 1`
RSS=`expr $RSS / 1024`
echo "Stopping $APACHE to calculate free memory"
/etc/init.d/$APACHE stop &> /dev/null
MEM=`free -m |head -n 2 |tail -n 1 |awk '{free=($4); print free}'`
echo "Starting $APACHE again"
/etc/init.d/$APACHE start &> /dev/null
echo "MaxClients should be around" `expr $MEM / $RSS`
Note: httpd.conf should be tuned correctly on our newer WBEL3 and FC2 distros. Apache is not installed by default on our Debian distros (since some people opt for Apache 2 and others prefer Apache 1.3). So this change should only be necessary if you have a Debian distro.
from http://modperlbook.org/html/11-2-Setting-the-MaxRequestsPerChild-Directive.html: "Setting MaxRequestsPerChild to a non-zero limit solves some memory-leakage problems caused by sloppy programming practices and bugs, whereby a child process consumes a little more memory after each request. In such cases, and where the directive is left unbounded, after a certain number of requests the children will use up all the available memory and the server will die from memory starvation."
Resolving: High MySQL Memory Usage
Our rpm based distros (e.g. RH9 and WBEL3) have MySQL preinstalled but not running. Our pre-install uses a memory efficient /etc/my.cnf file. If you install MySQL on a Debian server, edit the key_buffer_size setting in /etc/mysql/my.cnf. A small value like 2M often works well. For an ultra-tiny setup add or change the follow entries to the mysqld section:
# if your are not using the innodb table manager, then just skip it to save some memory
#skip-innodb
innodb_buffer_pool_size = 16k
key_buffer_size = 16k
myisam_sort_buffer_size = 16k
query_cache_size = 1M
Troubleshooting Irregular Out Of Memory Errors
Sometimes a server's regular memory usage is fine. But it will intermittently run out of memory. And when that happens you may lose trace of what caused the server to run out of memory.
In this case you can setup a script (see below) that will regularly log your server's memory usage. And if there is a problem you can check the logs to see what was running.
wget http://proj.ri.mu/memmon.sh -q -O - | bash
Just Add Memory
A simple solution to resolving most out of memory problems is to add more memory. If you'd like to increase the memory on your VPS, just send us a support ticket and let us know how much memory you need (per the pricing here).
Operating Shorewall and Shorewall Lite
Operating Shorewall and Shorewall Lite
Tom Eastep
Copyright © 2004, 2005, 2006, 2007 Thomas M. Eastep
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”.
2011/05/22
Table of Contents
- /sbin/shorewall and /sbin/shorewall-lite
- Starting, Stopping and Clearing
- /etc/init.d/shorewall and /etc/init.d/shorewall-lite
- Tracing Command Execution and other Debugging Aids
- Having Shorewall Start Automatically at Boot Time
- Saving a Working Configuration for Error Recovery and Fast Startup
- Additional Configuration Directories
- Alternate Configuration Directories
- Commands
- Shorewall State Diagram
Caution
This article applies to Shorewall 4.3 and later. If you are running a version of Shorewall earlier than Shorewall 4.3.5 then please see the documentation for that release.
/sbin/shorewall
is the program that you use to interact with Shorewall. Normally the root user's PATH includes /sbin
and the program can be run from a shell prompt by simply typing shorewall followed by a command.
Warning
In some releases of KDE, the default configuration of the konsole program is brain dead with respect to the "Root Console". It executes the command "su" where it should execute "su -"; the latter will cause a login shell to be created which will in turn set PATH properly. You can correct this problem as follows:
Click on "Settings" on the toolbar and select "Configure Konsole"
Select the "Session" tab.
Click on "Root Console"
Change the Execute command from "su" to "su -"
Click on "Save Session"
Click on "Ok"
To see a list of supported commands, use the help command:
shorewall help
To get further information about a particular command, use the man command:
man shorewall
The program /sbin/shorewall-lite performs a similar role with Shorewall-lite.
For a more complete description of the files and directories involved in Shorewall and Shorewall-lite, see the Shorewall Anatomy article.
As explained in the Introduction, Shorewall is not something that runs all of the time in your system. Nevertheless, for integrating Shorewall into your initialization scripts it is useful to speak of starting Shorewall andstopping Shorewall.
Shorewall is started using the shorewall start command. Once the start command completes successfully, Netfilter is configured as described in your Shorewall configuration files. If there is an error duringshorewall start, then if you have a saved configuration then that configuration is restored. Otherwise, an implicit shorewall stop is executed.
Important
shorewall start is implemented as a compile and go; that is, the configuration is compiled and if there are no compilation errors then the resulting compiled script is executed. If there are compilation errors, the command is aborted and the state of the firewall is not altered.
Shorewall is stopped using the shorewall stop command.
Important
The shorewall stop command does not remove all Netfilter rules and open your firewall for all traffic to pass. It rather places your firewall in a safe state defined by the contents of your/etc/shorewall/routestopped file and the setting of ADMINISABSENTMINDED in /etc/shorewall/shorewall.conf.
If you want to remove all Netfilter rules and open your firewall for all traffic to pass, use the shorewall clear command.
If you change your configuration and want to install the changes, use the shorewall restart command.
For additional information, see the Shorewall State Diagram section.
Because of the different requirements of distribution packaging systems, the behavior of /etc/init.d/shorewall
and /etc/init.d/shorewall-lite
is not consistent between distributions. As an example, when using the distribution Shorewall packages on Debian™ and Ubuntu™ systems, running /etc/init.d/shorewall stop will actually execute the command /sbin/shorewall clear rather than /sbin/shorewall stop! So don't expect the meaning of start, stop, restart, etc. to be consistent between /sbin/shorewall
(or /sbin/shorewall-lite
) and your init scripts unless you got your Shorewall package from shorewall.net.
Update:
In Shorewall 4.4.0 and later, the tarballs from shorewall.net follow the Debian convention when installed on a Debian or Ubuntu system. Beginning with Shorewall 4.4.10, you can revert to the prior behavior by setting SAFESTOP=1 in
/etc/default/shorewall
,/etc/default/shorewall6
, etc.
If you include the word trace as the first parameter to an /sbin/shorewall
command that transfers control to /usr/share/shorewall/firewall
, execution of the latter program will be traced to STDERR.
Example 1. Tracing shorewall start
To trace the execution of shorewall start and write the trace to the file /tmp/trace
, you would enter:
shorewall trace start 2> /tmp/trace
Note
The trace keyword does not result in a trace of the execution of the Shorewall rules compiler. It rather causes additional diagnostic information to be included in warning and error messages generated by the compiler.
You may also include the word debug as the first argument to the /sbin/shorewall
and /sbin/shorewall-lite
commands.
shorewall debug restart
In most cases, debug is a synonym for trace. The exceptions are:
debug is ignored by the Shorewall-perl compiler.
debug causes altered behavior of scripts generated by the Shorewall-perl compiler. These scripts normally use iptables-restore to install the Netfilter ruleset but with debug, the commands normally passed toiptables-restore in its input file are passed individually to iptables. This is a diagnostic aid which allows identifying the individual command that is causing iptables-restore to fail; it should be used when iptables-restore fails when executing a COMMIT command.
Warning
The debug feature is strictly for problem analysis. When debug is used:
The firewall is made 'wide open' before the rules are applied.
The
routestopped
file is not consulted.The rules are applied in the canonical iptables-restore order. So if you need critical hosts to be always available during start/restart, you may not be able to use debug.
The .rpm, .deb and .tgz all try to configure your startup scripts so that Shorewall will start automatically at boot time. If you are using the install.sh script from the .tgz and it cannot determine how to configure automatic startup, a message to that effect will be displayed. You will need to consult your distribution's documentation to see how to integrate the /etc/init.d/shorewall
script into the distribution's startup mechanism.
Caution
Shorewall startup is disabled by default. Once you have configured your firewall, you can enable startup by editing
/etc/shorewall/shorewall.conf
and setting STARTUP_ENABLED=Yes.. Note: Users of the .deb package must rather edit/etc/default/shorewall
and set “startup=1”.If you use dialup or some flavor of PPP where your IP address can change arbitrarily, you may want to start the firewall in your /etc/ppp/ip-up.local script. I recommend just placing “/sbin/shorewall restart” in that script.
Once you have Shorewall working the way that you want it to, you can use shorewall save to save the commands necessary to recreate that configuration in a restore script.
In its simplest form, the save command is just:
shorewall save
That command creates the default restore script, /var/lib/shorewall/restore
. The default may be changed using the RESTOREFILE option in /etc/shorewall/shorewall.conf. A different file name may also be specified in the save command:
shorewall save
Where <filename> is a simple file name (no slashes).
Once created, the default restore script serves several useful purposes:
If you change your configuration and there is an error when you try to restart Shorewall, the restore script will be run to restore your firewall to working order.
Bootup is faster (although with Shorewall-perl, the difference is minimal). The -f option of the start command (e.g., shorewall -f start) causes Shorewall to look for the default restore script and if it exists, the script is run. When using Shorewall-shell, this is much faster than starting Shorewall using the normal mechanism of reading the configuration files and running iptables dozens or even hundreds of times.
The default is to not use -f. If you wish to change the default, you must set the OPTIONS shell variable in either
/etc/default/shorewall
or/etc/sysconfig/shorewall
(if your distribution provides neither of these files, you must create one or the other).Update: In Shorewall 4.4.20, a new LEGACY_FASTSTART option was added to /etc/shorewall/shorewall.conf. When LEGACY_FASTSTART=No, the compiled script that did the last successful start orrestart will be used.
The shorewall restore command can be used at any time to quickly configure the firewall.
shorewall restore [
] If no <filename> is given, the default restore script is used. Otherwise, the script
/var/lib/shorewall/
is used.
The ability to have multiple restore scripts means that you can save different Shorewall firewall configurations and switch between them quickly using the restore command.
Restore scripts may be removed using the shorewall forget command:
shorewall forget [ ]
If no <filename> is given, the default restore script is removed. Otherwise, /var/lib/shorewall/
is removed (of course, you can also use the Linux rm command from the shell prompt to remove these files).
The CONFIG_PATH setting in /etc/shorewall/shorewall.conf
determines where Shorewall looks for configuration files. The default setting is CONFIG_PATH=/etc/shorewall
:/usr/share/shorewall
which means that /etc/shorewall
is searched first and if the file is not found then /usr/share/shorewall
is searched. You can change the value of CONFIG_PATH to cause additional directories to be searched but CONFIG_PATH should always include both /etc/shorewall
and /usr/share/shorewall
.
When an alternate configuration directory is specified as described in the next section, that directory is searched before those directories listed in CONFIG_PATH.
Example - Search /etc/shorewall
, /etc/shorewall/actiondir
and /usr/share/shorewall
in that order:
CONFIG_PATH=/etc/shorewall:/etc/shorewall/actiondir:/usr/share/shorewall
The above is the setting that I once used to allow me to place all of my user-defined 'action.' files in /etc/shorewall/actiondir
.
As explained above, Shorewall normally looks for configuration files in the directories specified by the CONFIG_PATH option in /etc/shorewall/shorewall.conf
. The shorewall start, shorewall restart,shorewall check, and shorewall try commands allow you to specify an additional directory for Shorewall to check before looking in the directories listed in CONFIG_PATH.
shorewall {start|restart|check}shorewall try [ ]
If a
If you haven't saved the current working configuration, do so using shorewall save.
mkdir /etc/test
cd /etc/test
shorewall check ./
shorewall restart ./
If the restart fails, your configuration will be restored to its state at the last shorewall save.
When the new configuration works then just:
cp -f * /etc/shorewall
cd
rm -rf /etc/test
shorewall save
Important
Shorewall requires that the file /etc/shorewall/shorewall.conf
to always exist. Certain global settings are always obtained from that file. If you create alternative configuration directories, do not remove /etc/shorewall/shorewall.conf.
The general form of a command is:
shorewall [
] [ ] [ ... ] Available options are:
- -c
Specifies an alternate configuration directory. Use of this option is deprecated.
- -f
Specifies fast restart. See the start command below.
- -n
Prevents the command from changing the firewall system's routing configuration.
- -q
Reduces the verbosity level (see VERBOSITY setting in shorewall.conf). May be repeated (e.g., "-qq") with each instance reducing the verbosity level by one.
- -v
Increases the verbosity level (see VERBOSITY setting in shorewall.conf). May be repeated (e.g., "-vv") with each instance increasing the verbosity level by one.
- -x
Causes all iptables -L commands to display actual packet and byte counts.
- -t
All progress messages are timestamped with the date and time.
In addition, the -q and -v options may be repeated to make the output less or more verbose respectively. The default level of verbosity is determined by the setting of the VERBOSITY option in
/etc/shorewall/shorewall.conf
.For Shorewall Lite, the general command form is:
shorewall-lite [
] [ ] [ ... ] where the options are the same as with Shorewall.
The complete documentation for each command may be found in the shorewall and shorewall-lite man pages.
The Shorewall State Diagram is depicted below.
/sbin/shorewall Command | Resulting /usr/share/shorewall/firewall Command | Effect if the Command Succeeds |
---|---|---|
shorewall start | firewall start | The system filters packets based on your current Shorewall Configuration |
shorewall stop | firewall stop | Only traffic to/from hosts listed in /etc/shorewall/routestopped is passed to/from/through the firewall. If ADMINISABSENTMINDED=Yes in /etc/shorewall/shorewall.conf then in addition, all existing connections are retained and all connection requests from the firewall are accepted. |
shorewall restart | firewall restart | Logically equivalent to “firewall stop;firewall start” |
shorewall add | firewall add | Adds a host or subnet to a dynamic zone |
shorewall delete | firewall delete | Deletes a host or subnet from a dynamic zone |
shorewall refresh | firewall refresh | Reloads rules dealing with static blacklisting, traffic control and ECN. |
shorewall reset | firewall reset | Resets traffic counters |
shorewall clear | firewall clear | Removes all Shorewall rules, chains, addresses, routes and ARP entries. |
shorewall try | firewall -c |
The only time that a program other than /usr/share/shorewall[-lite[/firewall performs a state transition itself is when the shorewall[-lite] restore command is executed. In that case, the /var/lib/shorewall[-lite]/restoreprogram sets the state to "Started".
With any command that involves compilation, there is no state transition while the compiler is running. If compilation fails, the state remains unchanged.
Also, shorewall start and shorewall restart involve compilation followed by execution of the compiled script. So it is the compiled script that performs the state transition in these commands rather than/usr/share/shorewall/firewall.
The compiled script is placed in /var/lib/shorewall
and is named either .start
or .restart
depending on the command.
Xóa Attribution (Nguồn cấp) trong Blogger.Com
Xóa Attribution (Nguồn cấp) trong Blogger.Com
Làm sao để xóa được phần nguồn cấp trong blog của bạn ở Blogspot?
Hôm nay mình sẽ hướng dẫn các bạn.
Cái Attribution trong blog của bạn nó có dạng thế này:
Để xóa được cái Gadget này khỏi giao diện các bạn làm theo bước sau:
Bước 1 : Vào phần Design -> Chỉnh sửa HTML
Bước 2 : Tải bản backup nhằm đề phòng các bạn sửa sai.
Bước 3 : Tìm đoạn mã sau:
Thường thì widget này bắt đầu với đoạn code màu đỏ.
Bước 4 : Các bạn xóa đoạn code trên đi. Với một vài template khác nhau thì sẽ có độ dài ngắn khác nhau. các bạn chỉ cần tìm từ
Đến
Và xóa đoạn đó đi.
Bước 5: Lưu lại
Bước 6:
Bạn sẽ nhìn thấy 1 dòng cảnh báo giống hình dưới:
Warning: Your Template does not include the following widgets:
Attribution 1
Hãy chọn vào Xóa Widgets
Bước 7: Lưu lại và xem thành quả.
Chúc các bạn thành công
Lưu trữ Blog
-
▼
2011
(73)
-
▼
tháng 10
(16)
- Bạn đang xem kênh THVL2
- Bạn đang xem kênh TH VTC3
- Bạn đang xem kênh TH DN2
- Xem tivi trực tiếp trên máy tính bằng VLC Player
- A Cost-Optimized Set-Top Box Architecture
- Tạo khung chứa code cho bài viết cách 5
- Sử dụng Vật lý trị liệu trong điều trị thoát vị đĩ...
- Linux Commands
- Troubleshooting Memory Usage
- Operating Shorewall and Shorewall Lite
- Post bài có chia sẽ code
- Tạo khung chứa code với số đầu dòng cho Blogspot
- Xóa Attribution (Nguồn cấp) trong Blogger.Com
- Hoài Linh - Chuyện Đời 2010 - Live Show Hoài Linh
- Tô Ánh Nguyệt - Hoài Linh, Minh Vương, Lệ Thủy
- Phóng sự VTV1 về lương y Võ Hoàng Yên - 4/7/2011
-
▼
tháng 10
(16)