A collection of 31 posts

Jan 18, 2019

Self Hosted DNS using NSD

In this tutorial, I'll be setting up a pair of authoritative DNS servers using the NSD DNS server daemon.Master : Slave : Both will receive public

Jan 2, 2019

OpenWRT/LEDE Bridging Firewall

It would be neat if my wireless access point could bridge directly to my cable modem so that clients would have proper public IP addresses. Being directly connected to the internet significantly increases vulnerability so the aim is to address this with a bridge firewall.

Dec 19, 2018

Reactive malware blocking with ipset

This tutorial will demonstrate how to create reactive firewall rules. If a device attempts to communicate with known malware command-and-control servers, the potentially compromised device will be added to a blacklist, and its internet access will be immediately disabled.

Dec 9, 2018

Per-User VPN Routing

This tutorial will show how to route all the traffic belonging to particular user account through an OpenVPN tunnel

Aug 2, 2018

Sed Substitution Cheatsheet

This is a comprehensive list of examples for the sed (stream editor command). This command is used to find, replace, refactor, and modify text.

Apr 3, 2018

Using CloudFlare with TLS

Released in April 2018 by Cloudflare, is a very attractive choice for resolving your DNS queries. It claims to be the fastest although it depends on your location. It

Dec 15, 2017

Routeable Loopback Addresses

Today we will learn about loopback addresses that can be reached from the outside via routing. This is useful for running services on a router In a previous post, I talked about the

Nov 26, 2017

Using Ferm to sweeten IPTables

Ferm is a 'frontend' for iptables written in Perl. The best way to describe it is a firewall compiler (although it can do more than that, as we'll see later). Ferm provides a syntax that is simple, rich, and flexible for writing rules, ferm then generates a list of iptables rules.

Sep 18, 2017

Writing a port scanner in Bash shell

A primitive port scanner can be constructed using solely the bash shell via its /dev/tcp virtual file. The script will scan common ports, and if an open port is found, it will display a base64 encoded output of the servers response.

Sep 9, 2017

Securing services with stunnel

Stunnel is a tool that allows you to seamlessly add TLS to most existing services. Stunnel listens on a port, and can either receive encrypted traffic and pass it to an unencrypted destination,

Aug 14, 2017

Script to send a SMS when IP changes

So this is one application of the SMS gateway. My home internet gets its address via DHCP, however, unless something goes wrong, the addresses are usually reasonably persistent (generally at least 10 days)