Made to Order Software Corporation Logo

filter

Docker, an advanced chroot utility

Chasm—just like a Docker creates a chasm between two sets of software

SECURITY WARNING

Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:

iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP

This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.

That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.

Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:

*filter
:DOCKER-USER - [0:0]

-A DOCKER-USER -j early_forward
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP

My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.

Then I have three rules that block port 80, 8080, and 8081 from Docker.

Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.

Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.

Docker

As we are helping various customers, we encounter new technologies.

In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.

Protected Node Views Support

The Protected Nodes offers some additional supports to views 2.x and 3.x in Drupal 6.x.

The additional support includes fields, filters, and sort capabilities that are added to the Node type. The join between the regular node and the protected node data is the node identifier (nid). This means the revision identifier is ignored.

  • Password last changed

    This value is the date when the password was last modified. You can display this date, filter using the date, and sort by date.
     
  • Node is protected

    This value is a yes/no value (i.e. Boolean) which can be ...

To Do Rules

The To Do module includes a sub-module called To Do Rules extension.

Events

The Rules extension includes the events as follow.

Each event is sent once per user assigned to a To Do item, including self-assigned users. It includes 4 parameters: the To Do item (a node); the To Do item author; the currently logged in user; and the assigned user. The node supports additional tokens that can be used as conditions (see below).

  • To Do Event Started

This event occurs when the Start button is clicked on a To Do item. This event is sent once.

  • To Do Event Reminder

This event

Insert Node Parameter: override (6-1.3) [special]

WARNING

This parameter is considered a security hazard. There is an option in your format definition that you have to turn on in order for the feature to work. When not selected, override is ignored. Only allow this feature in an input filter where you can trust users 100%.

One can use the override parameter to replace the expected data with their own data. Although one would think using the data directly would work as well, there are cases when this is useful.

By default the InsertNode module gets data from the $node object as defined by the system. At times, the data available in the

Similar Modules

To Do Lists

The Todo Filter creates a set of checkboxes on a page that you can click to mark as done. It uses a filter so it can appear in any node that has access to that filter.

The Todolist system that creates a list of To Do items managed using AJAX. Very similar in functionality, but unfortunately not supported anymore.

Advanced Management Systems

The Storm system is an advanced CMS including basic bookkeeping, hours worked, resources. This is not to be used publicly.

Using the Taxonomy VTN View feature

One of the options to link terms in a vocabulary to their view is:

taxonomy_view/voc-xxx/term-xxx

This option sends you to that path, exactly (where voc-xxx and term-xxx are numbers representing the vocabulary identifier and term identifier respectively.)

As is, it will tell you that the page does not exist. This is because the taxonomy_view path is to be created with the View module. To create a taxonomy VTN view, you want to define two arguments:

  • Vocabulary, and
  • Term.

The result is a list of nodes that you can control with very high granularity, sort the way you want them ...

Sample Usage

The jsMath module is now a filter. By default, the filter detects all the delimiters as defined by the jsMath library. This includes \( ... \), \[ ... \], $$ ... $$, $ ... $. It also supports the tag like syntax with [math], [/math] and [display], [/display].

The [math] tag, parenthesis and single dollar sign generate an inline math equation. This means the result is saved in a <span> tag.

jsMath Installation

Requirements

In order to use the jsMath for displaying mathematics with TeX Drupal 6.x module you need:

Table of Contents tags and parameters

Syntax

Supported Tags

The module supports 3 tags that all generate a Table of Contents.

The most popular is now [toc] since it is easy to type and works in WYSIWYG editors.

Only add identifiers and optionally numbers to my headers

Proposition

The Table of Contents module uses the headers to get generated. Each header gets a unique identifier when none were assigned manually. The Table of Contents module uses the text between the start and end tags as the title to show in the table of contents.

Very good!

Now, you may not want the Table of Contents itself, but you like the idea to have identifiers in all your headers. This can be useful to create in-page links (a link with an anchor, i.e. #some-name at the end of your URL.) It is generally annoying to have to enter the identifiers by hand for each header and you may