networking Archives • Linux Tips

Enable/Disable Your Network Interface

Today we’ll cover one way to enable or disable your network interface in the Linux terminal. We will cover enabling and disabling your network interface, so you might want to keep this in mind.

If you have multiple network interfaces, you might want to disable one of them. You might want to disable networking to keep a computer offline. There are many reasons why you’d want to enable or disable your networking.

This isn’t a very complicated process, so it won’t take too long.

The command we’ll be using, and we’ll be using it twice, is the ‘ip’ command.

The ‘ip’ Command:

If you’ve got a modern Linux desktop (or server), you’ve got access to the ‘ip’ command. It’s a relative newcomer in the space but it’s pretty universal at this point.

That’s it. That’s the only tool (other than ‘sudo’) we’ll need for the job. You can verify that ‘ip’ is installed with this command:

which ip

which ip

The output should match:

$ which ip
/usr/sbin/ip

1 2	$ which ip /usr/sbin/ip

If you check the man page, you’ll see why this is the correct tool for the job:

ip – show / manipulate routing, network devices, interfaces and tunnels

We’ll use the command with a couple of different ways to enable and disable your network interface. It’s not terribly complicated.

Enable/Disable Your Network Interface:

Yes, the ‘ip’ command is used in the terminal. That means you’ll need an open terminal. Just press CTRL + ALT + T and your default terminal should open.

With your terminal open, your first step is to identify the network interface:

ip addr

ip addr

That should look something like this:

show your network interface names — It should look something like that. That’s both a wired and wireless network interface.

With that information, the syntax to disable a network connection is simple.

sudo ip link set <interface_name> down

1	sudo ip link set <interface_name> down

For example:

sudo ip link set enp0s31f6 down

1	sudo ip link set enp0s31f6 down

If you’ve disabled the device, it’s just as easy to enable it. The syntax is:

sudo ip link set <interface_name> up

1	sudo ip link set <interface_name> up

An example would be:

sudo ip link set wlxe4beed0e5f5c up

1	sudo ip link set wlxe4beed0e5f5c up

See? It’s pretty easy to enable or disable your network interface.

Closure:

If you need to enable or disable your network interface you now know how. That’s a handy thing to know as folks have inadvertently disabled their network interface. This enables it if you did. This also disables your network interface if you’d rather.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

How To: Clear the DNS Cache

Today’s article will be a nice and easy article where we learn how to clear the DNS cache as a simple exercise. This isn’t very difficult and won’t take too much time, so this article should be relatively short.

If you don’t know what DNS cache is, that’s fine. I’ll do my best to explain.

Chances are good that you do not need to clear your DNS cache. This isn’t something you’ll need to do all that often, maybe not ever. I only clear the DNS cache when I need to.

What is DNS?

DNS stands for Domain Name Service. When you type a domain name into your browser’s address bar, it relies on an IP address behind the scenes. DNS is the interface between those two.

You can think of DNS like a phone book, translating names to numbers.

While not important, a single IP address can host many websites. So, think of DNS as the phone book and nameservers are like the names of people who live in the same apartment complex.

As you browse, your computer tries to save you some time. It saves a cache of DNS hits. It saves a cache of domain names and their IP addresses. With a speedy connection, you won’t notice this as much today. However, it’s meant to speed up browsing when you revisit a site you’ve already visited.

Make sense?

Let’s say you’re like me and have a website. For reasons, you decide to change your hosting company. You do so and update the nameservers. You now have a new IP address for your domain name, at least you will when the changes propagate.

Suddenly, you have an old IP address cached for that domain name. Because it is in the cache, your system won’t look that address up again. What do you do to get access to the site again?

Clear DNS Cache:

We’ll learn to clear the DNS cache in the terminal. In fact, I don’t know of a GUI way to do this for the system. (It’s possible to clear the DNS cache in Chrome via a GUI.) So, open a terminal. Many of you can just press CTRL + ALT + T and your default terminal will pop open.

With your terminal now open, enter one of the following commands to see the state of affairs regarding your DNS cache:

sudo systemd-resolve --statistics

1	sudo systemd-resolve --statistics

Or:

sudo resolvectl statistics

1	sudo resolvectl statistics

One of those two commands should work for you.

Here’s an example output:

$ sudo resolvectl statistics
DNSSEC supported by current servers: no

Transactions
Current Transactions: 0
Total Transactions: 563365

Cache
Current Cache Size: 44
Cache Hits: 1397
Cache Misses: 10952

DNSSEC Verdicts
Secure: 0
Insecure: 0
Bogus: 0
Indeterminate: 0

$ sudo resolvectl statistics

DNSSEC supported by current servers: no

Transactions

Current Transactions: 0

Total Transactions: 563365

Cache

Current Cache Size: 44

Cache Hits: 1397

Cache Misses: 10952

DNSSEC Verdicts

Secure: 0

Insecure: 0

Bogus: 0

Indeterminate: 0

Now, let’s clear that cache.

One of the following commands should work for you:

sudo resolvectl flush-caches

1	sudo resolvectl flush-caches

Or:

sudo systemd-resolve --flush-caches

1	sudo systemd-resolve --flush-caches

There won’t be any output from that command to confirm that the cache has been cleared. If you run the first command all over again, you should see something like this after you’ve run the command:

Current Cache Size: 0

1	Current Cache Size: 0

See? It’s pretty easy to clear the DNS cache!

Closure:

This is only something a few people will need to do. If you’re having issues visiting a site you recently were able to access without issue then this might be something you try. You can try to clear the DNS cache to see if it helps but there are a million and ten reasons why a site may suddenly be down and DNS is unlikely to be the issue unless you have a specific reason to expect this particular problem and solution.

Prevent Brute-Force SSH Attacks With fail2ban

Today’s article is one I could have already written and it’s about how to prevent brute-force SSH attacks with fail2ban. The reason I haven’t written it yet is because it either has too much substance or too little substance. I think I can strike a middle-of-the-road here and write an article with just enough substance.

See, and we’ll get to this later in the article, most folks won’t need to do a whole lot more than just install it. You can configure it a great deal, but the defaults are just fine for most people. On top of that, you can even make fail2ban send you email reports but we won’t be covering that in this article. Instead, we’ll largely have directions for installing fail2ban so that you can “prevent” brute-force attacks via SSH. I put the “prevent” in quotes because a diligent attacker could time things, use varied IP addresses, and try brute forcing your login credentials.

I think we need to start at the beginning.

What is SSH:

SSH stands for “Secure Shell” and is a tool to connect to a server remotely. If you check the man page for SSH it is defined as:

ssh — OpenSSH remote login client

This allows you to connect two computers over the terminal. It also comes with SFTP so that you can securely transfer files. You can do a whole lot more with SSH, including forwarding the graphical environment.

Here are a few SSH articles:

Install SSH to Remotely Control Your Linux Computers
Check Your SSH Server Configuration
Show Failed SSH Login Attempts

Then, there are a whole lot more SSH articles. I love SSH, so there have been quite a few articles on the subject. It’s a tool that I use quite often. I encourage familiarity with SSH as it’s sometimes a useful tool to effect a repair on a computer that is otherwise unresponsive to local inputs.

Servers are typically managed with SSH. As you can imagine, servers are a juicy target for malicious people. This means that SSH is a means with which malicious people will use to attack servers. One of the ways they do that is with ‘brute-force’.

What is Brute-Force:

There are many ways that one can try brute-forcing something. The name is as it implies. Rather than knowing the login credentials, they try to brute force them. That means they’ll try one combination of username and password and then keep trying various combinations until they eventually crack the system and figure out the login information.

That is the goal. Their goal is to find the login credentials. Instead of finesse, they use brute force.

This can include a dictionary attack. This can include a progressive attack where they start at the letter a, then try aa, then try aaa, etc. until they find the login credentials. They may also have a list of commonly used usernames and passwords and will systemically work their way through this until they find their way in.

This is one of many attacks and a modern computer can make many attempts in a short amount of time. Add to this modern bandwidth speeds and you can get thousands of attacks in just a short amount of time. It goes even faster if they know one part of the data, such as the username of a privileged account.

Enter fail2ban:

If you’re using a major distro, you have fail2ban available, one way or another. It’s usually easily installed and in your default repositories. When you do install it, you can check the man page. However, fail2ban is described as:

fail2ban – a set of server and client programs to limit brute force authentication attempts.

So, as you can see, fail2ban is the correct tool for the job. After all, and as the headline suggests, we’re trying to prevent brute-force SSH attacks with fail2ban.

Installing fail2ban:

We’ll be using a terminal to install fail2ban. You may also need to remotely connect to the server on which you want to install fail2ban. That too will require a terminal (or some SSH application like PuTTY). Simply press CTRL + ALT and your default terminal should open. If not, you can open a terminal from your application menu.

With your terminal now open, we can install fail2ban.

Debian/Ubuntu/etc:

sudo apt install fail2ban

1	sudo apt install fail2ban

RHEL/CentOS/etc:

sudo yum install epel-release -y
sudo yum install fail2ban

1 2	sudo yum install epel-release -y sudo yum install fail2ban

Fedora with dnf:

dnf install fail2ban

1	dnf install fail2ban

I believe those are correct. That’s what is in my notes. If they’re not correct, please leave a comment and I’ll update the article. Other distros will have fail2ban available, just search your default repositories and you’ll likely find fail2ban available for installation.

Using fail2ban:

Now that you’ve installed fail2ban, you’re pretty much done. The default configuration is pretty much all you need – but you can customize it. There are a bunch of options available, so you can configure fail2ban in many ways. There are so many ways that we won’t be covering them. They’re reasonably obvious.

Once installed, fail2ban should start automatically. If it doesn’t, run this command to start it:

sudo systemctl start fail2ban

1	sudo systemctl start fail2ban

Next, we’ll make sure to enable fail2ban to start at boot time. That’s this command:

sudo systemctl enable fail2ban

1	sudo systemctl enable fail2ban

I assume that you’ll want to at least examine the configuration files and I’ll get you started with that. The first thing you want to do is cd to the right directory.

cd /etc/fail2ban/

1	cd /etc/fail2ban/

If you run ls you’ll see that there’s a file called jail.conf and you do not want to edit this file itself. Instead, fail2ban will look for configurations in a file called jail.local first. To make that file, you run the following command:

sudo cp jail.conf jail.local

Next, you might want to make a backup of that jail.local file.

sudo cp jail.local jail.local.backup

1	sudo cp jail.local jail.local.backup

You can now use Nano to edit your fail2ban configurations:

sudo nano jail.local

1	sudo nano jail.local

As you can now see, there are a bunch of options available. They’re far too many to explain here but they’re fairly well described. If any of the options confuse you, you can get help on the man page (man fail2ban ).

After you’ve set fail2ban’s configuration files the way you want them, you’ll need to restart the service for the changes to take effect. That’s done like this:

sudo systemctl restart fail2ban

1	sudo systemctl restart fail2ban

If you screw up the configuration, just remove the jail.local with this command:

sudo rm jail.local

1	sudo rm jail.local

Then restore from your backup like this:

sudo cp jail.local.backup jail.local

1	sudo cp jail.local.backup jail.local

Then, of course, restart the service with this command:

sudo systemctl restart fail2ban

1	sudo systemctl restart fail2ban

There are a lot of options with this application. You can explore them at your leisure, though I find the defaults to be adequate for most of my needs. As mentioned above, you can install sendmail and have the system send you notification emails. There are many other options as well.

Closure:

Like I said in the beginning, there’s a lot of substance with fail2ban. There’s a lot to it. If I added more to the article, it’d end up quite long. I may write a bit more about this application, but I don’t want to end up with a 2500-word article that will make your eyes gloss over. That doesn’t do me any good and it doesn’t do most people any good. Most folks are going to be fine with the basics before they explore the configuration options on their own.

If you do have a server (or even a personal computer) that’s running SSH, it’s worth your time to install fail2ban. If there’s any chance that someone can try to brute-force your system, they will.

Some bots crawl the ‘net looking for servers that respond on the default SSH ports. They can and will find you. You can also change the port SSH uses for some added obscurity (but remember that obscurity isn’t really security). So, it’s a good idea to prevent brute-force SSH attacks with fail2ban. Yes, it’s a good idea even for us ‘little guys’ who aren’t running servers with valuable information on them.

How To: Change DNS Servers

Today’s article shouldn’t be all that difficult for even our newest users but is limited to those who want to change DNS servers to something other than the default. This is easy enough to do, but obscure enough to warrant an article of its own.

First, let’s have some fun. I’m going to ask ChatGPT to tell you about DNS in just two paragraphs. So, let’s see what the AI has to say:

First, what is DNS?

DNS, or the Domain Name System, is a fundamental protocol used in computer networks to translate human-readable domain names into machine-readable IP addresses. It serves as a decentralized directory system that enables users to access websites, send emails, and perform various network activities using familiar domain names instead of numerical IP addresses. When a user enters a domain name in their web browser, the DNS resolver (typically provided by the Internet Service Provider or ISP) initiates a series of queries to locate the corresponding IP address. The resolver communicates with DNS servers, starting from the root servers, then the top-level domain servers, and finally the authoritative name servers associated with the requested domain. Through this hierarchical process, DNS ensures efficient and accurate resolution of domain names, facilitating seamless internet connectivity.
DNS operates through a distributed database system known as the DNS namespace. This namespace is organized hierarchically, with the root domain at the top, followed by top-level domains (TLDs) like .com, .org, or country-specific domains such as .us or .uk. Beneath the TLDs, there are second-level domains, and further subdivisions like subdomains. Each domain has authoritative name servers that store the IP addresses associated with the domain names they manage. DNS resolution occurs through recursive queries, where the resolver traverses the DNS hierarchy to find the authoritative name servers responsible for the domain. Once the IP address is obtained, the resolver caches it for future use, reducing the need for repetitive queries. DNS plays a crucial role in the functioning of the internet by providing a scalable and efficient method for translating domain names to IP addresses, enabling seamless communication and accessibility across the network.

Wow! That’s pretty accurate. I’d have just resorted to describing DNS as the telephone book of the internet. You look up the name you want to reach and DNS tells you the number. In this case, the number is the IP address.

All in all, I’d say ChatGPT did a pretty fine job.

Change DNS Servers:

There are a variety of reasons why someone would want to change DNS servers to something else. They may get updated more quickly, weed out junk domains, or even remove ads and things like that. Maybe you want to weed out inappropriate material because you have children. Perhaps you have some custom configurations needed to traverse your complex local network. There are all sorts of reasons why you might want to change DNS servers.

See, as alluded to above, it’s perfectly possible to run your own DNS server (see Pi-hole for one such example). You can also use DNS servers provided by various third parties. For example, CloudFlare and Google offer their own DNS servers that are free for you to use. There are other choices, but this isn’t an encyclopedia writ large, so I’m going to just include those two. You can use your favorite search engine to find more.

So, let’s say you don’t like using a DNS server provided by your ISP. Perhaps you do this because of privacy issues, though you can look into DNS over HTTPS if you’d like. Perhaps you just don’t find them updated quickly enough or you’ve found they contain errors. (They do sometimes have issues and have even been known to be exploited in the past.)

NOTE: We’ll be using ‘nano‘ for this exercise. We’ll also default to Google’s public DNS servers, but you can substitute with whatever you find available.

Well, the first step you’re going to take is opening your terminal. You can do that by just pressing CTRL + ALT + T. In most distros, that will open the default terminal emulator. If your distro doesn’t do so, start mucking about with the keybindings until it does!

The file we’ll be editing doesn’t actually exist on most distros. That’s not a problem, because we’ll be making that file with nano. With your terminal open, enter the following command:

sudo nano /etc/resolv.conf

1	sudo nano /etc/resolv.conf

That should be a perfectly blank file and you’ll want to enter the following (again, using Google’s public DNS servers) to change DNS servers:

nameserver 8.8.8.8
nameserver 8.8.4.4

1 2	nameserver 8.8.8.8 nameserver 8.8.4.4

Then, you’ll save the file with Nano. That’s pretty easy. To save this new resolv.conf file with nano, you just press CTRL + X, then Y, and then ENTER.

Next, you’ll need to reboot. I know this will pain some of you, but I’ve yet to have a sure way to effect these changes other than rebooting. So, you’ve gotta do that. Try this command:

sudo reboot

1	sudo reboot

Now that you’ve managed to change DNS servers, you should be able to browse around much as you normally would. Remember, the people in charge of the DNS servers are the ones that decide where you go when you enter an address into the address bar and smash that enter button.

Be sure to use a company you trust to provide those services and be sure to verify your internet is still working properly. If it’s not working, you can remove the file and reboot or you can edit it again and try rebooting again. It shouldn’t be a problem in reality, this isn’t anything all that complicated.

Closure:

So, there you have it. It’s yet another article. This time around we discussed how to change DNS servers – along with some reasons as to why you might want to. If you have a spare bit of hardware kicking about, you can make your own DNS server and point to that with the internal addresses you’d be using. It’s nothing too painful and I think even beginning Linux users can follow along easily enough.

Show A Specific Networking Interface

Today, I’m just going to write about a simple task, how to show a specific networking interface. This seems like a good short article. It won’t be too complicated and it’s suitable for a beginner. Read on, if you are interested in learning how to get the information for just a specific networking interface.

It’s also suitable for most people, as most people only need information from a single, specific networking interface. Most folks reading this site are home users of Linux and it’s quite likely that they’re only connecting over one network interface, be it ethernet or wifi. Frequently, you only need to show a specific networking interface when gathering information from the terminal.

If you’re still using ‘ifconfig’ you can close this tab immediately. The tool is deprecated and we’ll just be using the ‘ip’ command. Odds are good that your distro has already moved away and is using the ip command. If your distro hasn’t done so, it should be noted that the process of deprecating ‘net-tools’ (from which you get ifconfig) started in like 2001. You may still have the legacy tool, but we won’t be covering it.

Anyhow…

That’s a long intro for something this short…

Show A Specific Networking Interface:

This is yet another article that requires an open terminal. So, crack open your favorite terminal. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.

With your terminal open, you can run the following command:

ip link show

1	ip link show

You can even run:

ip a

ip a

Or, you can get that information for a specific networking interface. To do so, we just use the first command, like so:

ip link show <network_device_name>

1	ip link show <network_device_name>

For example, if your NIC is called ‘eth0’, the command would look like this:

ip link show eth0

1	ip link show eth0

The output from that command will be just the information about that specific networking interface. You won’t have the clutter of the first two commands listed and it will only show the device you specify. If you’ve only got one network interface in use, you can just store the final command in your memory for when you need to check some of your networking information.

Closure:

See? I told you that it’d be quick and easy. Not all of these articles need to be long and complicated. Besides, my 2-year anniversary is coming up, meaning a short and simple article is a good thing. I don’t want to burn out or anything, not at this stage of the game.