You know #Nginx, #PostgreSQL, #Iptables, and #Systemd. You don't need another #AWS #tutorial. You need a translation guide. :thaenkin: 🤔
I made one: AWS concepts mapped to their traditional #Linux equivalents. Stop learning, start translating #SysAdmin #DevOps #Developers https://nskm.xyz/posts/aws-1/
Invertir en tu conocimiento es la única apuesta segura 🚀
Por los próximos 5 días, todos los cursos de #JuncoTIC están al mejor precio en Udemy!
Si tenés ganas de dominar GNU/Linux, entender cómo funcionan las redes TCP/IP, o desarrollar sitios web con #Python y #Flask, esta es la oportunidad!
👇 Todos los cursos con el descuento acá:
Dudas? Otras formas de pago?
💬 info@juncotic.com
#Linux #SysAdmin #IT #python #ssh #nftables #iptables #tcpip #flask #wireshark
After distrohopping again (this time it's #Alpine) one of the things I wanted to set-up and understand in depth is the firewall.
Although awall ("Alpine Wall") looked really interesting, I let the 'legacy' label of #iptables convince me to rather go through with #nftables. The only thing I really wanted to have was the 'automatic fallback if new rules block current ssh connection' feature of awall.
Securing Apache is critical for any production Linux server.
This guide covers iptables firewall rules, blocking unauthorized access, and protecting custom Apache ports as part of a complete Linux hardening strategy.
#Linux #Apache #HTTP #iptables #ServerHardening #DevOps #SysAdmin #CyberSecurity #aws #tech
Help, I broke my internet! #networking #iptables #ufw #curl #ping
Help, I broke my internet! #networking #iptables
Ох какое я себе весёлое родео устроил решив ради лулзов убрать всякие легаси фичи касающиеся iptables из ядра на домашнем сервере и перекатиться на nftables.
Даже Docker со всем его хозяйством перетащил.
Вы спросите зачем?
Я скажу, что почему бы и нет 🤷♂️
#log #Linux #iptables #nftables #firewall #Docker #troubleshooting
We've built another #firewall script, now running on all of our #servers. This one pulls the #Spamhaus list of spammy & malicious ASNs, uses our #ASN Lookup #API to convert each into IP lists, & adds those IPs to an #IPTables firewall chain.
Like with our other firewall scripts, this is #FOSS that you can grab for your own servers! You'll need an access key from our API portal for the lookups with this one, but they're only $8 for unlimited lookups! 😉
https://github.com/qwebltd/Useful-scripts/blob/main/Bash%20scripts%20for%20Linux/asn-firewall.sh
Alas, log does not seem to get picked up by logrotate - changed filename to /var/log/asterisk/fail2ban (already in /etc/logrotate.d and previously working) to see if thats any better (as apparently #FreePBX can alter /etc/logrotate.d but its not clear exactly where this happens!)
it turns out maybe some regexes in fail2ban may have been fine, but the full log generated by #Asterisk didn't contain "security" events so it couldn't find any to catch). I've also added "notice" to the security log and the regex *now* seems to snag these!
Turned off FreePBX software #firewall as fighting with #fail2ban #iptables rules (never worked straight anyway and didn't guard #SIP traffic), checking if config persist across reboots and services start correctly.. #VOIP
Iptables "-t nat -j LOG" inconsistent with other distros #networking #iptables #firewall
L7 маршрутизация Squid+IPTables и WireGuard, или как завернуть трафик в тоннель на основе имени домена
Многие интернет-ресурсы имеют большой пул ip-адресов, более того, этот пул может меняться. Делать nslookup для каждого интересующего сервиса и заворачивать все выдаваемые подсети — неудобно и неэлегантно. На помощь может прийти прокси‑сервер squid, настроенный прозрачно с функцией ssl_bump.
Полный путь пакета в Linux: от Ethernet-кадра до Kubernetes CNI
Сетевую часть Linux обычно «настраивают», но редко понимают. Добавляют iptables-правило, включают NAT, правят sysctl — и если трафик пошёл, считается, что задача решена. Проблемы начинаются ровно в тот момент, когда он не идёт, а поведение системы перестаёт быть очевидным. В Linux нет магии. Есть IP-пакет, его заголовки и строго определённый путь внутри ядра: маршрутизация, netfilter, conntrack, NAT, TCP/UDP стек. Если не понимать этот путь целиком, firewall выглядит как чёрный ящик, NAT — как случайный набор правил, а Kubernetes CNI — как нечто «особенное», существующее отдельно от обычной сети.
Managing firewall rules is a crucial security task on Linux systems. In #Debian 13, depending on the server configuration, different firewall tools can be installed. The most common are #UFW, #iptables, or #firewalld. You must first check if your firewall is active and what rules are in place. Also, make sure that network ports are open or blocked.🔥
Continue reading:👇
https://greenwebpage.com/community/how-to-check-firewall-status-on-debian-13/
#UFW #IPTables #Firewalld #FirewallStatus #Debian13 #LinuxAdministration #GreenWebpage
RE: https://mstdn.feddit.social/@admin/115716445396750150
本来写了很多,但是太麻烦了,就用这个最简单的方法吧:编译完Linux内核就不用了
NAT端口转发尝试:
VM1:
ifconfig
得到内外IP为192.168.122.2
Hetzner0:
sudo virsh list --all
列出虚拟机
sudo virsh net-dhcp-leases default
确认VM IP 是 192.168.122.2
sudo iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 192.168.122.2:22
设置端口转发
sudo iptables -I FORWARD -d 192.168.122.2/24 -p tcp --dport 22 -j ACCEPT
sudo iptables -I FORWARD -s 192.168.122.2/24 -p tcp --sport 22 -j ACCEPT
允许转发流量
sudo apt install iptables-persistent -y
sudo netfilter-persistent save
保存配置
其他命令:
sudo iptables -t nat -L PREROUTING -n --line-numbers
查看NAT转发规则
sudo iptables -t nat -D PREROUTING NUMBER
删除规则
@asjo I've been seeing the same pattern for months: #OpenAI's crawlers are slurping anything they can lay their clammy hands on, no matter what /robots.txt? is saying.
So now I regularly grab the IP addresses from the JSON blobs mentions on https://platform.openai.com/docs/bots/ and add them to my #iptables.
/cc #ChatGPT, #GPTBot, #OAI, #SearchBot
TIL you can use #iptables with wireguard to use one peer as a proxy for another that is not reachable... not super scalable nor dynamic, but still nice.
