A collection of 23 posts

Jan 2, 2019

OpenWRT/LEDE Bridging Firewall

It would be neat if my wireless access point could bridge directly to my cable modem so that clients would have proper public IP addresses. Being directly connected to the internet significantly increases vulnerability so the aim is to address this with a bridge firewall.

Dec 27, 2018

Bash port scanner

The script, using only Bash, will scan common ports, and if an open port is found, it will display a base64 encoded output of the servers response.

Dec 19, 2018

Reactive malware blocking with ipset

This tutorial will demonstrate how to create reactive firewall rules. If a device attempts to communicate with known malware command-and-control servers, the potentially compromised device will be added to a blacklist, and its internet access will be immediately disabled.

Oct 29, 2018

OpenVPN with Dual CA

This tutorial will look at how to configure an OpenVPN server using a certificate issued by a recognized certificate authority. An internal CA will still be used to verify clients

Nov 26, 2017

Using Ferm to sweeten IPTables

Ferm is a 'frontend' for iptables written in Perl. The best way to describe it is a firewall compiler (although it can do more than that, as we'll see later). Ferm provides a syntax that is simple, rich, and flexible for writing rules, ferm then generates a list of iptables rules.

Oct 7, 2017

Secure SSL configuration for Nginx

Here is a handy snippet for configuring a hardened SSL/TLS on Nginx. It receives a A+ rating when tested at Qualys. A later post will discuss the configuration options in detail, what

Sep 18, 2017

Writing a port scanner in Bash shell

A primitive port scanner can be constructed using solely the bash shell via its /dev/tcp virtual file. The script will scan common ports, and if an open port is found, it will display a base64 encoded output of the servers response.

Sep 9, 2017

Securing services with stunnel

Stunnel is a tool that allows you to seamlessly add TLS to most existing services. Stunnel listens on a port, and can either receive encrypted traffic and pass it to an unencrypted destination,

Jul 16, 2017

sshuttle - a VPN for the lazy

sshuttle is a Python based script that allows you to tunnel connections through SSH in a far more efficient way then traditional ssh proxying. By far the greatest perk of sshuttle is that

Jul 11, 2017

My IPTables Configuration Script

I've talked quite a lot about iptables but haven't really shown how I actually put it into practice. Today I'll share a shell script I wrote to set up IPTables on my Fedora

May 10, 2017

Secure your infrastructure with SSH bastions

This tutorial will be a short and sweet introduction into setting up ssh bastion hosts. What is a SSH bastion: SSH bastions (jump hosts) are used to middleman SSH connections between isolated networks.