My /etc/named.conf looks like this:

zone "myzone.com" IN {
        type master;
        file "/var/named/zones/myzone.com/myzone.com";
        notify no;
};

I want to keep my dnssec zones in a separate directory.

# mkdir -p /var/named/signed/myzone.com/
# cp /var/named/zones/myzone.com/myzone.com /var/named/signed/myzone.com/

Now I sign the zone.

# cd /var/named/signed/myzone.com/
# dnssec-keygen -r /dev/urandom myzone.com
# dnssec-keygen -r /dev/urandom -f KEY myzone.com
# dnssec-signzone -r /dev/urandom -S myzone.com
# ls 
myzone.com         Kmyzone.com.+005+02971.key      Kmyzone.com.+005+29262.private
myzone.com.signed  Kmyzone.com.+005+02971.private
dsset-myzone.com.  Kmyzone.com.+005+29262.key

Finally I want to change the named.conf to the myzone.com.signed.

zone "myzone.com" IN {
        type master;
        file "/var/named/signed/myzone.com/myzone.com.signed";
        notify no;
};

Make sure that all the files are owned by user "named" and reload bind

# chown -R named:named /var/named/signed
# /etc/init.d/named reload

$ apt-get install texlive-full texlive-formats-extra
$ mkdir ~/.fonts && cd ~/.fonts
$ wget http://www.gust.org.pl/projects/e-foundry/tex-gyre/pagella/qpl1.103otf.zip
$ unzip qpl1.103otf.zip
$ rm qpl1*.zip

After about 20 minutes I had everything set up and was ready to follow the tutorial.
My sample.tex file looks like this:

\documentclass{article}
\usepackage{fontspec}
\setromanfont{TeX Gyre Pagella}
\begin{document}
Testing XeLaTeX!

Greek: τεχ
\end{document}

Now to make sure everything works...

$ xelatex sample.tex
This is XeTeXk, Version 3.141592-2.2-0.996-patch1 (Web2C 7.5.6)
%&-line parsing enabled.
entering extended mode
(./sample.tex
LaTeX2e <2005/12/01>
Babel  and hyphenation patterns for english, usenglishmax, dumylang, no
yphenation, arabic, farsi, croatian, ukrainian, russian, bulgarian, czech, slo
ak, danish, dutch, finnish, basque, french, german, ngerman, ibycus, greek, mo
ogreek, ancientgreek, hungarian, italian, latin, mongolian, norsk, icelandic,
nterlingua, turkish, coptic, romanian, welsh, serbian, slovenian, estonian, es
eranto, uppersorbian, indonesian, polish, portuguese, spanish, catalan, galici
n, swedish, ukenglish, loaded.
(/usr/share/texmf-texlive/tex/latex/base/article.cls
Document Class: article 2005/09/16 v1.4f Standard LaTeX document class
(/usr/share/texmf-texlive/tex/latex/base/size10.clo))
(/usr/share/texmf-texlive/tex/xelatex/fontspec/fontspec.sty
(/usr/share/texmf-texlive/tex/generic/ifxetex/ifxetex.sty)
(/usr/share/texmf-texlive/tex/latex/tools/calc.sty)
(/usr/share/texmf-texlive/tex/latex/xkeyval/xkeyval.sty
(/usr/share/texmf-texlive/tex/latex/xkeyval/xkeyval.tex
(/usr/share/texmf-texlive/tex/latex/xkeyval/keyval.tex)))
(/usr/share/texmf/tex/latex/lm/lmodern.sty)
(/usr/share/texmf-texlive/tex/latex/base/fontenc.sty
(/usr/share/texmf-texlive/tex/xelatex/euenc/eu1enc.def)
(/usr/share/texmf-texlive/tex/xelatex/euenc/lm/eu1lmr.fd))
fontspec.cfg loaded.
(/usr/share/texmf-texlive/tex/xelatex/fontspec/fontspec.cfg)) (./sample.aux)
[1] (./sample.aux) )
Output written on sample.pdf (1 page).
Transcript written on sample.log.

Success!
Next time I'll create something a little more substantive.

aria2c -s2 http://host/image.iso http://mirror1/image.iso http://mirror2/image.iso

The main page has plenty of examples with many different transfer protocols. Too bad the parallel download features seem to have disappeared with the invention of bit torrent.

Write a iptables script that blocks everything except ping (icmp) and ssh (port 22), http (80) and https (443).

Solution

#!/bin/bash
export ipt=/sbin/iptables
$ipt -F #Flush all the rules one by one
 
#Allow SSH
$ipt -A INPUT -p tcp --dport 22 -j ACCEPT
#Allow HTTP
$ipt -A INPUT -p tcp --dport 80 -j ACCEPT
#Allow HTTPS
$ipt -A INPUT -p tcp --dport 443 -j ACCEPT
 
# Set default policies for INPUT, FORWARD and OUTPUT chains
$ipt -P INPUT DROP
$ipt -P FORWARD DROP
$ipt -P OUTPUT ACCEPT
 
# Set access for localhost
$ipt -A INPUT -i lo -j ACCEPT
 
# Accept packets belonging to established and related connections
$ipt -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
#Allow pings
#Ping requires the ability to accept packets and send packet back out.
#Ping is a layer 3,ICMP operation.
#In order to allow it our protocol now becomes icmp instead of tcp.
#Ping packets are able to be received.
$ipt -I INPUT -p icmp -j ACCEPT
 
#Ping packets are able to be sent
$ipt -I OUTPUT -p icmp -j ACCEPT
 
# List rules
$ipt -L -v

-m says load a module state which allows access to the connection tracking state of the packets
--state precedes a comma separated list of the connection states to match. In this case it's NEW.
NEW the packet has started a new connection or a connection that has not seen packets going in both directions
-m tcp load the tcp module (just like we loaded the state module) this module allows us extra functionality with tcp
-p tcp specifies protocol, in my case TCP
--dport 22 feature provided by the -m tcp module, in this case I want the rule to be applicable to port 22 (ssh).
-j ACCEPT means the results of this chain is to accept the packets. (-j specifies the target of the rule if the packet matches the rule. If I said -j DROP we would block all traffic to port 22).