An example auto start script for iptables

# chkconfig: 345 99 9
# description: iptables auto start-stop script.

case “$1” in
# Start iptables
su $OWNER -c “service iptables start”
touch /var/lock/subsys/iptables_rule

A sample auto start script for cntlm

# chkconfig: 345 99 9
# description: cntlm auto start-stop script.
if [ ! -f /usr/sbin/cntlm ]
echo “cntlm startup: cannot start”

case “$1” in
# Start cntlm
su $OWNER -c “/usr/sbin/cntlm -c /etc/cntlm.conf > /dev/null”
touch /var/lock/subsys/run_cntlm

cntlm in linux

After installing cntlm in linux and configure it properly, you need to specify http_proxy environment variables in order to use it in command line. To make these environment variables accessible to all users, create a file in /etc/profile.d. Any .sh files in this folder will be sourced by /etc/profile. The content of the file is as follows:

export http_proxy=

export ftp_proxy=$http_proxy

export https_proxy=$http_proxy

(if you need to set these environment variable for all users, you can put them in /etc/bashrc)

To start cntlm, run: /usr/sbin/cntlm -c /etc/cntlm.conf

If you use yum in CentOS, you need to update /etc/yum.conf to add the proxy server information:

ex. proxy=http://localhost:3128

oracle:system defined limits for shared memery was misconfiguration

Edit /etc/sysctl.conf and ensure the following lines are present:

kernel.shmall = 18350080
kernel.shmmax = 75161927680
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
DBCA Error: ORA-27104: system-defined limits for shared memory was
misconfigured Fix: Increase kernel.shmmax & kernel.shmall based on your Server RAM. Please
refer Oracle Metalink Note [ID 567506.1] – Maximum SHMMAX values for Linux
x86 and x86-64
Example for x86_64 Server with 32GB RAM:
shmmax=34359738368 (=16*1024*1024*1024),
shmall=8388608 (=16*1024*1024*1024 / 4096) – 4096 is page size

save iptables in centos

With RHEL 7 / CentOS 7, firewalld was introduced to manage iptables. IMHO, firewalld is more suited for workstations than for server environments.

It is possible to go back to a more classic iptables setup. First, stop and mask the firewalld service:

systemctl stop firewalld
systemctl mask firewalld

Then, install the iptables-services package:

yum install iptables-services

Enable the service at boot-time:

systemctl enable iptables

Managing the service

systemctl [stop|start|restart] iptables

Saving your firewall rules can be done as follows:

service iptables save


/usr/libexec/iptables/iptables.init save

Task: Turn On Firewall

Type the following two commands to turn on firewall:

chkconfig iptables on
service iptables start
# restart the firewall
service iptables restart
# stop the firewall
service iptables stop Activating the IPTables Service

The firewall rules are only active if the iptables service is running. To manually start the service, use the following command:

[root@myServer ~] # service iptables restart

To ensure that iptables starts when the system is booted, use the following command:

[root@myServer ~] # chkconfig --level 345 iptables on

The ipchains service is not included in Red Hat Enterprise Linux. However, if ipchains is installed (for example, an upgrade was performed and the system had ipchains previously installed), the ipchains and iptablesservices should not be activated simultaneously. To make sure the ipchains service is disabled and configured not to start at boot time, use the following two commands:

[root@myServer ~] # service ipchains stop
[root@myServer ~] # chkconfig --level 345 ipchains off
The auto start command described here didn't work for me, so I created an auto start script to put in /etc/ and use two commands:
chmod 750 /etc/
chkconfig --add xxx
to make it work

Open port in linux


If you want to open an incoming TCP port, type the following:

iptables -I INPUT -p tcp –dport 12345 –syn -j ACCEPT

If you want to open a UDP port (perhaps for DHT in Tixati), type the following:

iptables -I INPUT -p udp –dport 12345 -j ACCEPT

After you are done opening ports in your firewall, you can save your changes so they will be applied when you restart your computer by typing the following command:

service iptables save