Skip to content

Instantly share code, notes, and snippets.

View linuxpld's full-sized avatar

LinuxPld linuxpld

1 follower · 3 following
View GitHub Profile
@linuxpld
linuxpld / Gentoo-NFTables-Readme.md
Created December 13, 2020 08:58 — forked from 4np/Gentoo-NFTables-Readme.md
Gentoo Linux NFTables

Basic firewall / network router using Gentoo Linux.

After compiling the 4.19.66-gentoo kernel, udev renamed the network interfaces of my home linux Router / Firewall and my iptables setup stopped working due ip-conntrack kernel deprecations. I decided to move over to nftables, the new packet classification framework that replaces the existing {ip,ip6,arp,eb} tables infrastructure.

Even though nftables has been in the Linux kernel since 2014, the documentation is extremely sparse. As such this gist :)

Subjectively, using nftables setting up connections to my machine seems to be more responsive compared to using iptables. Connections seem to be made more quickly and ssh-ing into my machine seems more responsive. There always used to be a bit of a lag when I was using iptables, not anymore.

Preperations

@linuxpld
linuxpld / mssqld-auth.conf
Created November 14, 2020 13:03 — forked from jkljajic/mssqld-auth.conf
fail2Ban filter for MSSQL LInux
# Fail2Ban filter for unsuccesfull MSSQL authentication attempts
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
@linuxpld
linuxpld / fail2ban-manually-create-jail.md
Created November 14, 2020 13:01 — forked from deatharse/fail2ban-manually-create-jail.md
Create Fail2ban jail Manually

Manually create a Fail2Ban jail using fail2ban-client (pre-0.10)

N.B. any syntax / function changes made within fail2ban-client will alter the commands used. The commands used here worked with versions 0.8.6-3wheezy3 and 0.8.13-1. 0.9 may or may not work exactly using the below.

For anyone visiting this and stuck on a version pre 0.10 where you want to add a jail but do not want run reload (which pre 0.10 stops and starts all enabled jails as well as reparsing the config

@linuxpld
linuxpld / php-memcached-test.php
Created November 11, 2020 13:38 — forked from ansulev/php-memcached-test.php
PHP Memcached Server Test
<?php
// Test default memcached server. Load, then refresh.
if (class_exists('Memcache')) {
$meminstance = new Memcache();
} else {
$meminstance = new Memcached();
}
$meminstance->addServer("127.0.0.1",11211);
@linuxpld
linuxpld / ifcfg-vlan-bridge-example
Created November 11, 2020 11:12 — forked from dutchiechris/ifcfg-vlan-bridge-example
CentOS 7 ifcfg syntax for VLAN tagged interface + bridge for KVM (referenced from http://www.beginswithdata.com/2016/12/30/centos7-kvm-coreos/)
[root@server02 network-scripts]# cat ifcfg-enp14s0
DEVICE=enp14s0
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
NM_CONTROLLED=no
[root@server02 network-scripts]# cat ifcfg-enp14s0.35
DEVICE=enp14s0.35
TYPE=Ethernet
@linuxpld
linuxpld / test-memcached.php
Created November 11, 2020 10:55 — forked from maartendekeizer/test-memcached.php
Memcached test script
<?php
/**
* @license MIT License
* @copyright maartendekeizer
*/
$memcached = new Memcached();
$memcached->addServer('127.0.0.1', 11211);
@linuxpld
linuxpld / luks_crypt.md
Created October 10, 2020 14:48
create a simple LUKS partition on a single physical volume

LUKS crypt

In this guide, I'm going to setup a keyfile-encrypted LUKS partition. I will be using a single, max-size partition on a single physical device. My physical device is located at /dev/sde

partition the physical device

parted /dev/sde
@linuxpld
linuxpld / blog20180913-01.cfg
Created July 28, 2020 17:36 — forked from haproxytechblog/blog20180913-01.cfg
Introduction to HAProxy ACLs
acl is_static path -i -m beg /static/
@linuxpld
linuxpld / 99-network-tuning.conf
Created April 7, 2020 21:02 — forked from hrchu/99-network-tuning.conf
Linux Web Server Kernel Tuning
# Configuration file for runtime kernel parameters.
# See sysctl.conf(5) for more information.
# See also http://www.nateware.com/linux-network-tuning-for-2013.html for
# an explanation about some of these parameters, and instructions for
# a few other tweaks outside this file.
# See evil packets in your logs.
net.ipv4.conf.all.log_martians = 1
@linuxpld
linuxpld / wireguard.conf
Created April 4, 2020 15:31 — forked from nealfennimore/wireguard.conf
Wireguard VPN - Forward all traffic to server
# ------------------------------------------------
# Config files are located in /etc/wireguard/wg0
# ------------------------------------------------
# ---------- Server Config ----------
[Interface]
Address = 10.10.0.1/24 # IPV4 CIDR
Address = fd86:ea04:1111::1/64 # IPV6 CIDR
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # Add forwarding when VPN is started
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE # Remove forwarding when VPN is shutdown