Linux and DevOps with Vijay

~~~ Enable mail encryption in postfix outgoing mails for gmail~~~~~ ####First make a temporary directory, assuming you are signed on as root user cd /root mkdir temp cd /temp ####Next, generate a private key for the server. openssl genrsa -des3 -out mail.domain.tld.key 2048 ####Now it's time to create the certificate request. openssl req -new -key mail.domain.tld.key -out mail.domain.tld.csr ####Now it's time to create the self-signed key. It will also ask for the randomly generated password. openssl x509 -req -days 365 -in mail.domain.tld.csr -signkey mail.domain.tld.key -out mail.domain.tld.crt ####Now we need to remove the password from the private certificate so that there is no need to enter in a password when you restart postfix. You will need to enter in the randomly generated password. openssl rsa -in mail.domain.tld.key -out mail.domain.tld.key.nopass ####The command below will overwrite the old key with the new key (without password). mv mail.domain.tld.key.nopass mai

This is very common requirement for every linux admin while dealing with a service secuirty, Where we need to open certain port from specific source ip only. Below is example using ufw ubuntu firewall, redhat firewalld and with generic iptables rule. In below example i am trying to open port 9090 for only 192.168.1.2. If i wish to open it for entire subnet, i can simply provide 192.168.1.0/24  instead 192.168.1.2. - firewalld # firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.2" port protocol="tcp" port="9090" accept' - ufw $ sudo ufw allow from 192.168.1.2  to any port 9090 - iptables $ iptables -I INPUT -p tcp -s 192.168.1.2 --dport 9090 -j ACCEPT