This script will detect if SSH has inadvertently been exposed to the outside world.
It would be neat if my wireless access point could bridge directly to my cable modem so that clients would have proper public IP addresses. Being directly connected to the internet significantly increases vulnerability so the aim is to address this with a bridge firewall.
The script, using only Bash, will scan common ports, and if an open port is found, it will display a base64 encoded output of the servers response.
This tutorial will demonstrate how to create reactive firewall rules. If a device attempts to communicate with known malware command-and-control servers, the potentially compromised device will be added to a blacklist, and its internet access will be immediately disabled.
This tutorial will show how to route all the traffic belonging to particular user account through an OpenVPN tunnel
This tutorial is a beginner friendly introduction to the iptables firewall and includes a number of practical examples.
Digitalocean allows, for free, the option to add an additional IP address to your virtual machine ("droplet"). These floating IPs are similiar to Amazon AWS Elastic IPs and are tied to
Today we will learn about loopback addresses that can be reached from the outside via routing. This is useful for running services on a router In a previous post, I talked about the
This tutorial creates rules to limit traffic (both ingress/egress) only to gateway. This prevents traffic from other patrons reaching you when using public wifi
Ferm is a 'frontend' for iptables written in Perl. The best way to describe it is a firewall compiler (although it can do more than that, as we'll see later). Ferm provides a syntax that is simple, rich, and flexible for writing rules, ferm then generates a list of iptables rules.
In this tutorial, we will look at managing an openvpn server and certificate authority and will provide a detailed breakdown of the configuration options Table of contents Setting up a CA Build the
The Ubiquti Edgerouter Lite has an iptables based firewall. For each firewall rule (and named set of ules) there is a is an option to enable LOG. Unsolicited traffic to tcp ports, especially
Intro I have a Docker container that has a port unconditionally published (e.g. -p 2368:2368). I've changed my mind and decided I don't want this port exposed to the entire internet;
I've talked quite a lot about iptables but haven't really shown how I actually put it into practice. Today I'll share a shell script I wrote to set up IPTables on my Fedora
In this tutorial, we will learn how to make automatically updated block lists of known bad addresses using ipset and iptables. This provides a proactive security approach that can use external datasets to
Now that we are familiar with how iptables is organized we can start defining our own chains. This allows for greater control, flexibility, and in some cases, better efficiency. The most profound efficiency
In my last post, we introduced ipset and how it can be used to create aggregated rules for multiple source/destination parameters. Now we will look at how we can create a set
Wouldn't it be good if port scanning IPs could trigger a rule that adds themselves to a 'known offenders' firewall list? Wouldn't it be good if you could combine white and black ACLs