Farewell IT….you have been good to me

As of today I accepted a new position at Concorde Career Colleges where I will be the VP of Marketing and Data Analytics.    In that new job I will manage Marketing, the National Call Center, and Data Analytics.   I am humbled and excited yet again that they have given me the opportunity to manage a different area of the company.  We really have some fantastic and talented folks in this area of the company.  Let’s be honest, I will always be an IT geek and I can’t say enough great things about my IT team.  This will be the first time I am technically not working in or managing your traditional IT department.

So what I think this means…….is that I am no longer an IT guy.   And with this I finally drop the dreaded IT guy curse.  Whats that you say?  I believe this means I no longer have to fix anyone’s computer! w00t!

Dealer of Folly in 2015

As I kickoff 2015 I have felt convicted to reflect on that which is important to me.  From the perspective of the world, people I interact with, some supposed friends, and just my general interpretation of the words I hear, I am tainted.     And though the word “tainted” may bring many things to mind, I am specifically referring to being infected with an undesirable quality.  It has become increasingly clear that I find myself in a place and time where I am viewed as a dealer of disgust.  Numerous are my symptoms. I am hypocritical, ignorant, uninformed, selfish, unloving, intolerant, and outdated to name a few.

This is not a recent onset of infection. The truth is that I have been ill since I was 13 years old.   Worst of all, I am also contagious by design and thus spreading the undesirable in multiplicity.  Don’t fear regarding this news.  The world has built up immunity and has suppressed this illness relentlessly, though a remnant still remains susceptible despite those efforts.  So the chances of you contracting this illness are probably not something to worry about.

Perhaps I am muddling intently or purposefully “stirring the pot” to say in different words, but what I am has become concerning to many.   I am a Christian.

There is a good chance that if you are reading this then you know me in some capacity.  If what I am has not been clear to you; shame on me.   I have seen better days where I was more contagious.  Given the political climate I have tried to bring to light here, Christians find themselves being comfortably Christian when amongst Christians, but comfortably normal and generic when not.  This dualistic lifestyle that I have been guilty of might just be the key to worldly success.  I need the courage, as do many Christians, to view worldly success and acceptance as having little value.

Matthew 6: 19. Do not lay up for yourselves treasures on earth, where moth and rust destroy and where thieves break in and steal, 20. but lay up for yourselves treasures in heaven, where neither moth nor rust destroys and where thieves do not break in and steal. 21. For where your treasure is, there your heart will be also.

Do not misinterpret my words.  I am not calling for divisive actions or a proud embrace of the symptoms I have highlighted. If you as a Christian were prepared to sound your war cry upon reading this, then pause for a moment to be certain we are in accord.  In fact, it is my argument that the infection I have described is perhaps a misrepresentation of genuine Christianity and more describes your average census survey Christian.  Otherwise my remnant statements seem yet again ignorant when looking at the below data.

So it seems that 31.7% of the world is census survey Christian and that number rises to over 75% for the US.  These people come in many forms and contribute to the worldly definition of a Christian.  And yet they all feel comfortable, at least on things like surveys, bearing the name of Christ.  To do something in someone’s name, or while bearing a label,  seems to be based on the discretion of the label bearer and not the label.  What does this mean?  It means that I could very well do something horrible in your name today while declaring it boldly.   And though you would likely not condone the activity, it seems that I have the discretion to do the unthinkable while bearing your label to bring taint upon you.  The ones whose activity you would condone and allow to bear your name are the genuine type.   Genuine Christians are only those that Christ has saved to bear his image, and I am fairly certain that percentage is much much smaller.   I think it is also safe to say that the worldly definition of a Christian is severely tainted since the law of numbers regarding false image bearers would prevail.

Matthew 7: 13. Enter by the narrow gate. For the gate is wide and the way is easy that leads to destruction, and those who enter by it are many. 14. For the gate is narrow and the way is hard that leads to life, and those who find it are few.

In 2015 it is important to me that everyone understand that I bear this image with humility.   I am a Christian and severely flawed.  I know the standard and fall short.  I often act in ways that my label would not condone.  In humility I claim Christ because my broken state leaves me undeserving of this love and favor.  This is the true illness and I have had this one since birth.  I am sinful but not a slave to it, nor is it an excuse.

Romans 6: 17. But thanks be to God, that you who were once slaves of sin have become obedient from the heart to the standard of teaching to which you were committed, 18. and, having been set free from sin, have become slaves of righteousness. 

It is my prayer in 2015 that everyone have genuine encounters with genuine Christians.  I am sure that the worldly definition will start to erode regarding these genuine people.  But at the end of the day, there is no guarantee that you will be susceptible to their message or that they will be bold enough to deliver it. Let’s hope the “illness” becomes the cure.

I hope everyone has a great 2015.  I will seek to be a dealer of folly.

1 Corinthians: 18. For the word of the cross is folly to those who are perishing, but to us who are being saved it is the power of God.

 

 

 

You have to be good to truly know bad.

In preparing to teach my Life Group a lesson out of James 1 regarding temptation I came across this amazing quote that really puts things into perspective.

C.S. Lewis: “No man knows how bad he is till he has tried very hard to be good. A silly idea is current that good people do not know what temptation means. This is an obvious lie. Only those who try to resist temptation know how strong it is. After all, you find out the strength of the German army by fighting against it, not by giving in. You find out the strength of a wind by trying to walk against it, not by lying down. A man who gives in to temptation after five minutes simply does not know what it would have been like an hour later. That is why bad people, in one sense, know very little about badness. They have lived a sheltered life by always giving in. We never find out the strength of the evil impulse inside us until we try to fight it: and Christ, because he was the only man who never yielded to temptation, is also the only man who knows to the full what temptation means–the only complete realist.”

Fair Coin Flip

Many ages ago I owned and operated the site electronicliberty.com with a friend.  Below is a somewhat comical article we wrote on Fair Coin Flip that existed on that site.  It first existed as a group research paper we were suppose to write in the TSM program at MSU and we decided to gamble and submit it in story format.  Our professor said we should have failed for not following directions, but it was too good so he gave us a “B”.    I thought I would open up the time capsule and share some  of these oldies but goodies.  It is also available on the WaybackMachine.

The Fair Coin Flip encryption protocol was designed to allow two untrusted parties to communicate with each other in a secure and “trustworthy” manner. This article demonstrates the protocol step by step in an entertaining story format.

Fair Coin Flip

It all started one evening when two students were on the phone debating how they should write a paper on the Fair Coin Flip protocol.
Derek being the more responsible of the two suggested that they immediately convene to a writing conducive environment and write the paper together. Craig suggested an alternative, he would go to sleep and Derek would write the paper. Derek being a quick witted fellow soon realized that this proposal was not fair. However, he was intrigued at the idea of only one person writing the paper, because he had other things he wanted to do as well. After a short pause in the conversation Derek suggested that they flip a coin to decide who would be the unlucky student to write the paper.
Craig was also intrigued by this proposition because he was of a gambling persuasion and did not mind letting the dice fly. Taking initiative Craig exclaimed, “That sounds wonderful, I have a coin right here. Call it in the air.” Derek yelled into the phone, “Tails.”

The coin landed and Craig quickly stated that he was sorry but the coin had indeed landed on Heads and that he was going to bed. Derek was somewhat flustered at the recent events, but collected himself and began on the daunting task of writing a paper about Fair Coin Flips.

One page into writing the paper on Fair Coin Flips, Derek came to the realization that based on the information he had read there was a possibility that the process that had taken place earlier over the phone may not have been fair. He trusted Craig and did not question that then, but now he realized that Craig’s desire to go to sleep could have persuaded him to lie. Derek also realized that there was nothing in the previous protocol that ensured him that the flip was random and fair. Although, Craig was a trusted friend there was the possibility that he had cheated and that he should be the one doing the paper. Once again Derek contacted Craig. Craig answered his phone, and inquired as to why Derek was ruining his sleep. Derek quickly explained his doubts as to whether or not the events that had taken place earlier had been fair and that they needed to redo the coin flip. Craig was not at all happy about this proposition, but did feel somewhat guilty because he had in fact cheated on the coin toss. Since Craig had not done any research about the Fair Coin Flip Derek took it upon himself to describe the problem that presented itself.

Derek and Craig had come across a common problem. How could they flip a coin over the phone and make it fair? M. Blum was also fascinated with this same problem. He realized that there must be something in place to make the result random even if one of the parties cheated. He believed that this process could be solved with the Exclusive Or process. Now we go back to the story.

Craig was quite perplexed and not entirely focused on what was going on, but he agreed that in the spirit of fairness that they should come up with a solution that left both parties satisfied that the coin flip was fair. Derek presented a new solution to provide them with a fair coin flip. Derek said, “Craig, do you remember a few weeks ago when we did the lab report over ‘Exclusive Or’.” Craig vaguely remembered the process and Derek quickly updated him on how they would use the Exclusive Or process to make the coin flip fair. He helped Craig remember that Exclusive Or was based on alternate bits. They would be easily applicable to a coin since heads and tails could be represented by alternate bits (0 and 1). He quickly refreshed Craig on how the Exclusive Or process calculations were made by showing the four different combinations of two alternate bits. The total combinations are easily calculated by taking the number of possibilities and raising it to a power equal to the sample size. The Exclusive Or operation applies to two bits. Each bit has two possibilities. This means that the total possibilities is 2^2 which is equal to 4. The Exclusive Or operations then result as follows.

The Exclusive Or process works like this:
0 XOR 0 = 0
0 XOR 1 = 1
1 XOR 0 = 1
1 XOR 1 = 0

As stated before, by M. Blum, in the article, “Coin Flipping By Telephone: A Protocol for Solving Impossible Problems”, in the proceedings of the 24th IEEE computer conference, published in 1982, presented a simple protocol for coin flips ( http://www.disappearing-inc.com/F/faircointoss.html ). Blum’s protocol was highly recognized and was used in networking protocols to determine which party would complete which side of the handshake. This was the same protocol that Derek intended to use. Derek proposed that each of them would flip a coin at the same time while on the phone. After they had flipped the coins they would take the results of the flips and XOR them. The outcome of this process would represent the fair coin flip result. Derek quickly made things simple by saying that Heads would be equal to one and that Tails would be equal to 0. Craig pondered over Derek’s proposal and decided to put it to a test. After all, if one of them truly gave a random answer then the outcome of the XOR would be truly random and thus fair. They also agreed that after the XOR process that a result of 1 would mean that Craig would have to do the paper and a final result of 0 would mean that Derek would have to do the paper.

Derek and Craig each procured a coin and flipped them simultaneously. Derek quickly asked Craig what result he had. Craig responded that he had indeed flipped Tails. Derek told Craig that the result of his coin flip had been Heads and therefore after doing the XOR process it meant that Craig was now going to have to do the paper.

To make certain that the process had indeed been legitimate Craig wrote out the process mathematically.

Heads = 1 = Derek Sleeps
Tails = 0 = Craig Sleeps

Craig’s Flip = Tails = 0
Derek’s Flip = Heads = 1
XOR = 1
After seeing that the math was correct Craig realized that he was now going to have to write the paper. He turned on his computer and downloaded the portion of the paper that Derek had done and started writing.

After adding two more pages to the previous page that Derek had written, Craig realized that there was a significant flaw in the protocol that they had followed for the second coin flip. Craig immediately realized that his night of sleep could have been unfairly taken away from him due to Derek’s previous knowledge of the flaw. After all, Derek did seem strangely excited to put the paper off on Craig and sleep. So once again Craig called Derek and explained his discontent with the previous protocol that they had followed. Craig explained that they needed a secure system that fulfilled the criteria set forth by Manuel Blum, outlined as the following:

1) Craig must make the coin flip before Derek makes his guess.
2) Craig must not be able to change his answer after hearing Derek’s guess.
3) Derek must not be able to know the result of the coin flip before he makes his guess.

So once again they needed to find a system that would result in a fair coin flip for both of them. Derek formulated a revised fair coin flip protocol that incorporated the one way hash program that they had written previously. The idea for the protocol came from an articled he had read by Joe Kilian titled, “Uses of Randomness in Algorithms and Protocols”, from MIT press in 1990. Kilian realized that there had to be something truly random in the protocol in order for the outcome to be completely fair. Derek used this theory of randomness coupled with a one way hash function. This protocol would require these things:

1. Derek would choose a number at random between -infinity and infinity (which equals R), assuming that the number was totally random.
2. Derek would then put the number (R) into the one way hash generator (F) and send the result to Craig (Y).
3. Craig would then decide whether or not he thought the random number was even or odd. Thus, giving him a 50/50 chance at guessing the right number. The same chances of a fair coin flip.
4. Derek would then send the result of the coin flip to Craig.
5. Derek would also send the random number (R) to Craig.
6. Craig would then input the random number into the one way hash and see if his guess was correct and be assured that the process was done fairly.
Image
Craig agreed that this protocol seemed secure, but learning from the two previous experiences opted to find out the flaws, if any, before they put the protocol into practice. He came up with these flaws:

1) If the one way hash generator could have two inputs that resulted in the same hash it would be possible for Derek to send that hash to him and then pick whichever input would result in his best interest after Craig had sent his guess to Derek. Derek will then be able to cheat Craig all of the time.
Image
2) If the one way hash generator’s result has any correlation with the input and Craig is aware of this flaw, his probability of guessing the number increases beyond 50/50 thus, resulting in an unfair coin flip. Craig will be able to cheat Derek some of the time.

Ex) Suppose that experimentation shows that when an odd number is put into a given hash it will generate an even numbered hash more often than an odd number hash. This means that when an even numbered hash result is sent, the recipient knows that the input was probably odd and thus increases his chances of guessing correctly. We know that a his chances should be 50% if all is truly fair, but since his chances have increased we know that he can cheat the sender based on odds. He will not be able to guess correctly every time, but having knowledge of correlation between an input and the corresponding hash does create an advantage.

Craig realized that if either of them were capable of finding two inputs that would result in the same hash, or finding the correlation between the input and the corresponding hash that they would not need to do this research paper and therefore it was very likely that a fair coin flip would result. He was confident that the knowledge it would take to exploit these flaws was beyond their current capacity, but Craig set forth to find a solution that was flawless. After all eight hours of sleep was at stake. Craig proposed that they incorporate the use of PGP (Pretty Good Privacy). He had also read the article by Kilian and understood that by using keys they could eliminate one of the party’s ability to make his decision based on the others party’s decision. He decided that they must follow these guidelines:

1. Derek will generate two messages one that contains a Heads and a random number value (M1) and one that contains a Tails value and a random number (M2). Derek will then encrypt (Ed) each message using his public key (provided by PGP) and send both to Craig.
2. Craig will then choose one of the messages at random and encrypt (Ec) his answer with his public key (provided by PGP) and send it to Derek.
3. Derek will then decrypt (Dd) his public key encryption with his private key and send that back to Craig.
4. Craig can then decrypt (Dc) using his public key encryption with his private key and see the result.
5. Craig then sends the result back to Derek and he can verify that the message is equal to one of the two messages that he sent initially.
6. Craig and Derek then reveal their private keys to each other to assure that there was no cheating.
Image
Derek thought that the system was very secure and the only flaw with this protocol would be if either party knew the other’s private key. He explained these flaws as follows:

1. If Craig knew Derek’s private key prior to making his guess, Craig would be able to decrypt the messages and then chose the one that best suited his desires. He would then re-encrypt it with Derek’s public key (which everyone has access to) and then encrypts it with his own private key. Craig has cheated the system and Derek will never know.
Image
2. If Derek knew Craig’s public key prior to sending the messages he could force Craig into choosing whichever value he wanted. For instance, if he wanted Craig to chose Heads he would send both messages as Tails from the beginning. Craig would then chose at random and send his answer back to Derek. Derek would then decrypt the answer with Craig’s private key and his own to reveal the original message. He then changes Tails to Heads and encrypts it with Craig’s public key and sends it back. Derek has cheated the system and Craig will never know.
Image
Derek did not think that it was very probable that Craig had acquired his Private Key, nor did Craig think that Derek had his Private Key. Therefore they both decided that this would be a totally secure and fair way to decide who should write the paper. Before they flipped the coin they both realized that throughout the arduous process of trying to decide who would be left to write the paper on the fair coin flip, they had indeed acquired all of the information necessary to write a stellar paper.

Now we will recap the events that took place during Derek and Craig’s expedition to achieving the fair coin flip from remote locations. This can be done using XOR, One way Hash functions, or Public-Key Private-Key Cryptography. With XOR we realized that there were many flaws when only using two parties (Craig and Derek). This was because one of the participants could make their decision based on their knowledge of the other participants answer. This problem could have been resolved by having a trusted third party in the middle to hold the answers, concealing them from both parties. Then this trusted third party could use the XOR process and then produce the fair results. Assuming that there are only two parties available then the one way hash or public-key private-key cryptography would have to suffice.

The one way hash and public-key private-key protocols do have some flaws, but the chances of someone being able to exploit these flaws are minuscule. Therefore, each of these methods can be considered a secure way to perform a fair coin flip from remote locations between two parties. The idea of a fair coin flip gave way to a new method of security and it has evolved into a newer method that expands the fair coin flip into a multi party conversation. The end result being Mental Poker.

When Blum came up with the idea for fair coin flipping he actually developed a new thought process to approach network security. This thought process is what allows un-trusted parties to develop a line of communication without a bias. The analogy of the coin flip done while all parties are physically present is the perfect state of fairness and randomness at work. Therefore, it was necessary to develop a protocol that could produce this same amount of fairness and randomness without the need for both parties to witness it. Using the one way hash and public-key/private-key methods it is not necessary for either participant to trust the other because the protocol erases the need for trust. In effect, producing the same amount of fairness that is necessary to do a real-time coin flip. In conclusion: the fair coin flip thought process can be applied to anything and is necessary for developing successful protocols that deal with the issues of trust.

Sources
Schneier, Bruce. Applied Cryptography New York John Wile and Sons Inc. 1996
http://www.disappearing-inc.com/F/faircointoss.html February 20, 2004

How To Use: IPTables (Beginner)

Many ages ago I owned and operated the site electronicliberty.com with a friend.  Below is an article we wrote on IPTables that existed on that site.  I thought I would open up the time capsule and share some  of these oldies but goodies.  It is also available on the WaybackMachine.

How To Use: IPTables (Beginner)

IPTables TutorialIPTables is a stateful firewall service that comes standard on Linux machines. It is a very useful and powerful tool that can be used for packet filtering, stateful filtering, and NAT’ing. There are many advantages to using IPtables, but it is very important to configure the service correctly or serious problems could arise.

To understand the following tutorial it should be noted that we will be running a script to execute the firewall rules in the IPTables service on RedHat version 9.0. The very first thing that we will do with this script is to clear out the default rules that are already running in IPTables. Also, for a definitive idea of what IPTables does please refer to the MAN pages that concern IPTables. To begin we will find out whether or not IPTables is currently running on your Linux box. To do this you will type the following command into the command line:

[root@e-Liberty root]# service iptables status

This should tell you whether or not IPTables is currently running. Note: that servicecommand status will on work with RedHat.

Regardless of whether or not it is running we can continue on in our venture to create new firewall rules.

Create a file in the root directory called firewall with the following command:

[root@e-Liberty root]# touch /firewall

We will use this file for editing rules and then when we are finished we can add it to the /etc/rc.d/rc.local (Adding the file here will ensure that the rules are put into place every time the computer is booted). It is always a good idea to make changes to an arbitrary file and then apply those changes after verifying its validity to allow for easier troubleshooting.

Open the file you just created with your favorite text editor. During this tutorial we will use vim. Open the file by typing the following:

[root@e-Liberty root]# vim /firewall

This should open a blank document ready for editing. Now type the following:

!/bin/sh #Remove the current rules from IPTables iptables –F #Create Policy for IPTables iptables –policy INPUT DROP iptables –policy OUTPUT DROP iptables –policy FORWARD DROP

Hit the Esc key on your keyboard and the type:

:wq

(NOTE: this is the process to save a file using vim, use this process each time you are asked to save).

Now that your script is saved you will need to make sure that it is executable, type:

[root@e-Liberty root]# chmod 700 /firewall

To see the affect that our script can have we will now stop iptables from running and ping a machine. Type:

[root@e-Liberty root]# service iptables stop

Iptables is no longer running, therefore the firewall is down and the machine is totally vulnerable to everything (assuming there aren’t any other firewalls running on the machine). Type:

[root@e-Liberty root]# ping google.com

Type Ctrl+C to stop the replied pings from Google. If you did not receive any ping replies then make sure that you have successfully stopped IPtables and that you are connected to the internet. Type:

[root@e-Liberty root]# ./firewall

This will execute the script that we wrote earlier and load the rules that we wrote into iptables. (Note: Even though we stopped Iptables, loading rules will automatically start it again). Type:

[root@e-Liberty root]# ping google.com

Type Ctrl+C to stop the host unreachable replies. Amazing! Nothing can get in or out of your computer. Congratulations you have just made your computer an impregnable fortress. Unfortunately, by creating these rules we have made it impossible to access the internet, or intranet from this machine, or any machines running behind it. Let’s analyze the rules we loaded.

[root@e-Liberty root]# iptables –policy INPUT DROP

iptables is the service we are running and is how we will start every rule concerning iptables in our script, or at the command line.

–policy is the modifier that tell iptables that we want to modify the policy or one of the chains (INPUT, OUTPUT, FORWARD)

INPUT is the chain that we are going to modify.

DROP is what we want iptables to do when the rule preceding it is matched.

To summarize, if anything tries to come INTO the computer via the network it is immediately dropped. However, because we instructed all three chains to DROP, everything going out of the computer or being forwarded to another computer is dropped as well.

Now let’s see what our rules resulted in, type:

[root@e-Liberty root]# Iptables –L –v

This will list the rules iptables has loaded and the number of packets that have matched each rule. At any time if you would like to clear the counters type:

[root@e-Liberty root]# iptables –Z

For this section it will be necessary to change the rules in the /firewall script to all accept. To do this go back into the firewall file and make sure your script looks like the following:

#!bin/sh#Remove the current rules from IPTables iptables –F #Create Policy for IPTables iptables –policy INPUT ACCEPT iptables –policy OUTPUT ACCEPT iptables –policy FORWARD ACCEPT

Doing this will allow all communications in and out of your system to work again. To be sure this works save your script and execute it at the command line. Now try to ping google.com again. This should work. If it does not work then return to your script and be sure that it is correct and that you executed the correct script at the command line. Once you are able to ping google move on to the next portion of the tutorial.

Go back into your script and add the following rule to the bottom of your script.

Iptables –A OUTPUT –p icmp –j REJECT –reject-with THIS OPERATION IS NOT PERMITTED ON THIS MACHINE

Save and execute your script and try to ping http://www.google.com once again. You should receive a message after each ping attempt that says THIS OPERATION IS NOT PERMITTED ON THIS MACHINE. What you have done is stop any ICMP packets from going out of the computer. Essentially if someone tried to ping this machine it would allow the ping to come in but not allow a ping reply. If you have access to two machines on this network, change the rule we just made to INPUT instead of OUTPUT and execute the script again. Now ping the “firewall” machine from your second machine. You should receive the same rejection banner.

Let’s analyze the rule we just created.

-A appends the new rule to the table/chain that you specify, in this case we chose OUTPUT. After the chain is specified we tell iptables to look for a specific protocol to match the rule using –p. The protocol that we want to match is ICMP. The –j option specifies a jump this means that when this rule is matched it will do whatever follows the –j option. For example, we could simply tell it to DROP the packet when the rule is matched. However in this instance we decided to be more specific and let the internal user know that the network administrator does not allow pings to go out of this machine. To specify a message, use the –reject-with option. You can type anything in the text that follows, but it is probably best not to upset anyone and remain professional.

We have now developed a firm understanding of how iptables rules are created and implemented, for this reason we should now add a rule that should always be permitted. The loopback interface should always be allowed to work because iptables will block traffic if the default policy is set to DROP (even though it doesn’t actually generate packet traffic). Because loopback is necessary for several services in Linux it is important to allow this on your computer. Type the following rule:

Iptables –A INPUT -i lo –j ACCEPT Iptables –A OUTPUT -o lo –j ACCEPT

The option -i is short for –in-interface, the -o option is short for –out-interface. The matched option ‘lo’ means the interface named loopback, which is what we want to ACCEPT. This rule means that if the default policy is set to drop our machine will still be allowed to communicate on the loopback interface. This is a good time to explain how iptables drops packets and the ‘deny by default’ mindset.

The ‘deny by default’ mindset means that you will block everything and then allow only specific operations to be permitted. This was demonstrated to you in the original script that we wrote. Everything was set to drop, and nothing could get in or out. However, any rules that you append (using -A) to a chain will be compared to each packet before the default policy is enacted. For instance, if the default policy on the OUTPUT chain is set to DROP and we try to PING, it will not work. However, if we append the rule

Iptables –A OUTPUT –p icmp –j ACCEPT

The PING will work. Iptables will try to match every rule before it executes default policy.

Lastly, we want our firewall script to execute every time we reboot the computer. Therefore we will add the firewall script to: /etc/rc.d/firewall

Now we want to make sure that only root can read, write, and execute on the firewall. At the command prompt type:

[root@e-Liberty root]# chown root.root/etc/rc.d/firewall
[root@e-Liberty root]# chmod 700 /etc/rc.d/firewall

Congratulations you have completed the Beginner tutorial on IPTables.