Comprehensive and example rich reference on Firewalld, the default firewall for RHEL/CentOS/Fedora…
read more...Firewalld Tutorial
on
Migrating the Blog (Ghost+Caddy+Docker)
on
In this post, I'll discuss how I migrated this Ghost blog to a new server, and its configuration using docker-compose and Cloudflare.…
read more...Dnsmasq Cheat Sheet
on
Comprehensive documentation of all of the options for the dnsmasq DNS/DHCP server, with practical examples…
read more...Self Hosted DNS using NSD
on
In this tutorial, I'll be setting up a pair of authoritative DNS servers using the NSD DNS server daemon.…
read more...Cloud based Two Factor Authentication with gpg+s3
on
This is an experimental script I made to store encrypted TFA credentials in the cloud. It uses GPG to protect the the uploaded data. The tokens can be accessed anywhere on anything that has access to the GPG key.…
read more...Command line Pastebin using curl
on
In this post, I will demonstrate how to use the Ubuntu Pastebin utility with cURL to make pastes from the command line.…
read more...Setting up Tor and Hosting a Hidden Service
on
This tutorial will show you how to set up TOR as a daemon and host hidden services. Hidden services are only available on the TOR darknet and allow you to host services without revealing your IP. Tor hidden services can be accessed via a special .onion domain. Although it hides your IP address, Tor isn't completely untracable. If using Tor for illegal activity, you CAN and WILL get tracked down and held accountable. Table of contents Introduction to Tor Setting up and testing Tor Setting up a Hidden Service Redirect user traffic through Tor Conclusion Introduction to TOR Tor is…
read more...Customizing Digitalocean Floating IPs
on
Digitalocean allows, for free, the option to add an additional IP address to your virtual machine ("droplet"). These floating IPs are similiar to Amazon AWS Elastic IPs and are tied to your account and location, rather than any specific instance This means that when an instance is destroyed, you can still preserve the floating address and migrate it to your new instance, providing it's in the same datacenter location. Floating IPs also have load balancing features, where if a site/instance goes down, it can automatically redirect to a backup instance. It is for these reasons it is…
read more...Migrating Nginx to a Docker Container
on
This is a write-up of how I migrated my Nginx web server from running as a standard service to running inside a Docker container. We will also see how to customize logging and network options, including configuring docker for IPv6 Preparing nginx.conf For me, I find it easier having a single nginx.conf file, appending the single flat file with vhosts generated from a template. For example, for additional vhosts, you could use this template The main things you'll need to comment out any access_log or error_log entries, created on a per-vhost basis. For now, I'm just…
read more...Running your own DNS with Unbound (and block ads)
on
Today we will learn how to create your own recursive DNS server using Unbound. This will improve performance through caching. We will also look at ad-blocking.…
read more...Routeable Loopback Addresses
on
Today we will learn about loopback addresses that can be reached from the outside via routing. This is useful for running services on a router In a previous post, I talked about the loopback interface and how we can locally bind services to any address in the range 127.0.0.1-127.255.255.254. This is useful if 127.0.0.1 is already in use on a particular port. The main advantages of loopback addresses are: Adding additional addresses without the need to add extra interfaces Better availability of services, as long as you have a route to…
read more...Using Ferm to sweeten IPTables
on
Ferm is a 'frontend' for iptables written in Perl. The best way to describe it is a firewall compiler (although it can do more than that, as we'll see later). Ferm provides a syntax that is simple, rich, and flexible for writing rules, ferm then generates a list of iptables rules.…
read more...Pretty printing terminal output into JSON/CSV
on
There is a command called column which allows you to format the lines produced by a command into symmetrical rows/columns, which can then be easily converted into CSV or JSON. This will be quite handy for reading and populating files. In this case, I needed to populate /etc/ethers/ from the arp table More info on column Note: This is based on the column command in fedora linux, it may be different in other distros Creating a table This bit is simple enough, we delete unneeded fields with awk, and then use the command column -t to turn it…
read more...Dynamic Rules with IPSet
on
Wouldn't it be good if port scanning IPs could trigger a rule that adds themselves to a 'known offenders' firewall list? Wouldn't it be good if you could combine white and black ACLs into single unified rules. Typically IPTables operates statically from a predefined collection of rules. This has the advantage of allowing you to filter packets to very exact parameters. However at the cost of a lot of tedious and manual work, and when you're manually adding a bunch of these, easy mistakes are all to common with potentially quite severe consequences on a production system. The idea is…
read more...