Skip to content

Instantly share code, notes, and snippets.

View kyle0r's full-sized avatar

Kyle kyle0r

  • Independent Consultant
  • Earth
View GitHub Profile

Capturing my steps for creating CIDR network lists (ipset) suitable for use with firewalls such as iptables and nftables.

For example, I reference this approach in my Secure defaults for Debian sshd_config and MFA gist.

The ipsets that I build in this gist reduce the permitted IPv4 hosts from ~4.28 billion to ~47 million, a reduction of ~98.88%, which helps to reduce the attack surface but still lets in some traffic including your preferred IPS/networks.
This approach is not as good as, or a replacement for, setting up a VPN or Bastion setup, or implementing Zero Trust Network Access (ZTNA), or reducing the host list to only trusted hosts/networks. These topics can be tricky for dynamic IP addressing setups and will be the subject of a future Gist.

Step 1 - determine relevant ASN(s)

Glossary: AS refers to the network itself, and ASN refers to the number that identifies tha

@kyle0r
kyle0r / HOWTO Easily edit any part of a git repos history or content.md
Created April 7, 2025 06:30
HOWTO easily edit any part of git repos history, file content, commits, authors, timestamps etc - from tail to tip

💡 Public Service Announcement: Editing a git repos history will cause the repo hashes to be recomputed, resulting in a divergence in remote refs/branches. A fetch followed by a force push will be required to update remotes.
This can wreak havoc on a project if contributors and maintainers are not "in the know".
Please think carefully about the implications for public repos and repos that you collaborate on with others.
I strongly encourage you to announce, in good time, that you intend to proceed with making such changes.


The anatomy of a git repo has various facets, including:

  • The file content
@kyle0r
kyle0r / Firefox Quick Tabs Ported 1.0.6.md
Last active April 6, 2025 18:55
Firefox Quick Tabs Ported 1.0.6 - fix popup search field focus issue

Modification of this XPI: https://addons.mozilla.org/firefox/downloads/file/3467566/quick_tabs_ported-1.0.6.xpi
Extension page: https://addons.mozilla.org/firefox/addon/quick-tabs-ported/

A recent version of Firefox caused issues with the extensions search field.
The search field intermittently stopped receiving focus when the popup was activated, especially when activating the extension via the configurable keyboard shortcut.

This code change to the popup.js should resolve the issue. Tested on Firefox 131.

Related issue thread from the original Quick Tabs Chrome project:
babyman/quick-tabs-chrome-extension#189 (comment)

@kyle0r
kyle0r / kostal-parse-actuals.md
Last active April 6, 2025 21:22
kostal-parse-actuals

First version: 2024.38.1
Current version: 2024.38.1

Description

I'm sharing my research and development script, the knowledge could be used to create a more mature script using Perl or Python, or your preferred development language.

The purpose of this script is to parse log data from Kostal PV inverters. The primary objective is to learn about the data available in the log and how it can be used, and to summerise the data, and provide data insights. The secondary objective is to produce summerised results and compare them with the Kostal Solar Portal or other PV analytics portals to verify the correctness of the script logic and mathematics. I've hosted an intro video on YouTube.

First version: 2024.20.1
Current version: 2024.21.1

Run iostats-for-zpool --help for usage.

iostats-for-zpool will attempt to show you a side-by-side iostat and zpool iostat with pool devices grouped together.

Intro video:

iostats-for-zpool.example.mp4
@kyle0r
kyle0r / dpkg-diff-pkg-file.md
Last active April 6, 2025 21:35
dpkg-diff-pkg-file - diff between original package file vs. local file

First version: 2024.18.1
Current version: 2024.18.4

Run dpkg-diff-pkg-file --help for usage. Also available at the top of the script.

dpkg-diff-pkg-file will attempt to show you a visual difference between an original package file vs. your local file. This can help resolve config drift and conflicts ahead of attended/unattended upgrades.

Intro video: https://www.youtube.com/embed/19wm3gI4LfI

INSTALL

@kyle0r
kyle0r / Secure-defaults-for-Debian-sshd-incl-MFA.md
Last active April 22, 2025 01:39
Notes around secure defaults for Debian sshd_config and MFA

Disclaimer: Your mileage may vary. Rigorous testing (e.g. pen-testing) is recommended to validate that your config behaves according to your use cases, that it is secure, locked down and not exploitable.

The following configs provide a "secure by default" configuration for sshd and enforces MFA authentication from public ip space.

A screencast walking-through and demonstrating the configuration has been posted on YouTube here: https://youtu.be/m_MCVm79xyY

In theory, the strategy/concept and configuration should work on most distros running sshd. The screencast was recorded on an instance of Debian 12 aka bookworm. OpenSSH_9.2, OpenSSL 3.0.9.

@kyle0r
kyle0r / Integrating-Nets-AFCR.md
Last active April 6, 2025 21:58
Integrating Nets AFCR - Automated Fraud and Chargeback Reporting
@kyle0r
kyle0r / zed-scheduled-zpool-scrub-MAX_PARALLEL_SCRUBS.md
Last active April 6, 2025 22:06
zed scheduled zpool scrub support for MAX_PARALLEL_SCRUBS

Check the inline code docs.

The revision of the script on my system was this one.

I don't have the time at the moment to submit a bug and/or patch and/or commit directly to HEAD.
I did a quick study of the Debian bug reporting process and the reportbug tool.
cite: https://www.debian.org/Bugs/Reporting
I will try to find the time to report the improvement and link the maintainers to this gist.

example of the xargs process pool with MAX_PARALLEL_SCRUBS=3

@kyle0r
kyle0r / git-committing-with-a-specific-author-or-committer-or-timestamp.md
Last active April 6, 2025 22:22
How to specify a transient git author and/or committer, and/or provide a specific timestamp

specify a transient git author and committer, and optionally specific commit dates

This worked for me on git version 2.23.3.

git -c [email protected] -c user.name="Joe B" commit <path>

Pay attention to the docs on user. as it determines both the author and committer fields.

This approach can be useful when you find yourself having to make a commit to someone else's repo or an anonymous repo, where you don't want to modify the persistent git config.

I had issues using GIT_AUTHOR_EMAIL and GIT_AUTHOR_NAME env vars to work, so I was probably doing something wrong, maybe I was having a mix up with GIT_COMMITTER_EMAIL and GIT_COMMITTER_NAME. Feel free to experiment with them and check the docs.