zerwes / haproxy block all requests except one IP

Created May 10, 2025 05:20

	frontend front_https
	acl network_allowed src 100.111.222.100
	acl host_www hdr(host) -i zero-sys.net
	http-request deny if host_www !network_allowed

zerwes / gist:37c07f58757c7b22387787a22a2b036f

Created January 6, 2025 07:25 — forked from rxaviers/gist:7360908

Complete list of github markdown emoji markup

People

zerwes / tcpdump dhcp

Last active November 22, 2024 10:10 — forked from mattm7n/gist:1405067

Monitor DHCP traffic with tcpdump

	# Monitoring on interface eth0
	tcpdump -i eth0 -n port 67 and port 68

zerwes / output.log

Last active September 10, 2024 13:24

ansible community.general.xml strange behavior on empty tags

	# ansible-playbook -D testxmlemptytag.yml

	PLAY [localhost] ************************************************************************************************************************************************************

	TASK [Gathering Facts] ******************************************************************************************************************************************************
	ok: [127.0.0.1]

	TASK [ansible.builtin.copy] *************************************************************************************************************************************************
	changed: [127.0.0.1]

zerwes / demoWG+VXLAN.md

Last active May 12, 2024 04:18 — forked from pamolloy/README.md

Mesh network using VXLAN over Wireguard

Wireguard + VXLAN demo

Scripts to confgire a group of hosts on a LAN to use VXLAN over Wireguard.

Wireguard routing

zerwes / ocsp_check.sh

Last active December 17, 2023 19:59

test script for ocsp support for openvpn @ opnsense

	#!/bin/sh

	# based on https://github.com/OpenVPN/openvpn/blob/master/contrib/OCSP_check/OCSP_check.sh
	# for testing ocsp support in openvpn @ opnsense

	# OCSP responder URL (mandatory)
	# you can extract this from the cert ...
	ocsp_url=`openssl x509 -in /var/etc/openvpn/server${1}.ca -noout -ocsp_uri`

	# CA CERTIFICATE

zerwes / RT_SiteConfig.pm

Last active December 1, 2023 11:16 — forked from trev71/RT_SiteConfig.pm

Best Practical Request Tracker (RT) LDAP User Import and Authentication RT_SiteConfig.pm

	# Any configuration directives you include here will override
	# RT's default configuration file, RT_Config.pm
	#
	# To include a directive here, just copy the equivalent statement
	# from RT_Config.pm and change the value. We've included a single
	# sample value below.
	#
	# This file is actually a perl module, so you can include valid
	# perl code, as well.
	#

zerwes / check_redis_ping.sh

Created May 12, 2023 04:39

simple checkmk local plugin to check redis server state using a redis ping: expected response = pong

	#!/bin/bash
	# vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4 smartindent nu ft=bash

	declare -i RET=0
	STATUS="OK"
	O=$(REDISCLI_AUTH="$(sed '/^masterauth/!d;s/.* //g' /etc/redis/redis.conf)" redis-cli ping 2>&1)
	RET=$?
	if [ $RET -gt 0 ]; then
	RET=2
	STATUS="CRITICAL"

zerwes / sync-fail2ban-opnsense.sh

Last active January 27, 2024 01:40

opnsense fail2ban sync script

	#! /bin/bash

	# complementing https://github.com/zerwes/opnsense-fail2ban
	# script will check all banned IPs listed in a list of fail2ban jails
	# and compare them against a opnsense alias,
	# removing the elements that are not in the ban list from fail2ban
	#
	# this will ensure that banned IPs that for what reaseon ever are left
	# in the opnsense alias are cleaned up (avoiding neverending bans)

zerwes / aptupgrade.yml

Last active February 13, 2023 20:42

keep the debian zoo updated ...

	---
	# vim: tabstop=2 expandtab shiftwidth=2 softtabstop=2 smartindent nu ft=yaml

	# run a upgrade and optional
	# check later if the expected version of a desired package is installed
	# run needrestart
	#
	# example: ansible-playbook -e run_versioncheck=true -e apt_upgrade=full aptupgrade.yml

	- name: run apt upgrade