Setting Up An iptables Firewall: Part 6

Posted on 30 August 2016 by Kromey

It’s been a long journey, and we’ve learned a lot along the way. We’ve created a robust firewall configuration that includes proactive and reactive defenses, as well as incorporated advanced port knocking protections to guard our restricted services more strongly. Everything up until now, however, has been strictly IPv4; if your server is also on the IPv6 network, it is still wide-open to all! This post will be shorter than the others in this series, because all we’re doing is adapting our current IPv4 rules to IPv6. Continue reading

Posted in How-to | Tagged , , , , , , | Comments Off on Setting Up An iptables Firewall: Part 6

Setting Up An iptables Firewall: Part 5

Posted on 25 August 2016 by Kromey

If you’ve followed along with the previous posts so far, you’ve already got yourself a solid firewall configuration: We only allow traffic to the ports we’re actually running services on; we proactively guard against common attacks; and we reactively blacklist the bad guys. But there’s still more we can do, and in this part we’re going to use a technique called port knocking to make it even more difficult for anyone to access our SSH service. Continue reading

Posted in How-to | Tagged , , , , , , | Comments Off on Setting Up An iptables Firewall: Part 5

Setting Up An iptables Firewall: Part 4

Posted on 28 July 2016 by Kromey

In Part 1, we set up a very basic firewall. Part 2 added some basic additional protections to our server. Part 3 started to get more proactive against certain types of potential attacks. In this part, we’re going to introduce the recent module, and leverage it to make our firewall reactive to shield us from even more attacks. Continue reading

Posted in How-to | Tagged , , , , , | Comments Off on Setting Up An iptables Firewall: Part 4

Setting Up An iptables Firewall: Part 3

Posted on 21 July 2016 by Kromey

In Part 1, we created a very basic firewall setup that only allowed traffic to the services our server actually provides. In Part 2, we took it up a notch by proactively blocking traffic that had no business reaching our server in the first place. Now, we’re going to augment our configuration to be even more proactive, introducing the limit module to slow down potential attackers. Continue reading

Posted in How-to | Tagged , , , , , | Comments Off on Setting Up An iptables Firewall: Part 3

Setting Up An iptables Firewall: Part 2

Posted on 20 July 2016 by Kromey

In Part 1 of this series, we set up a very basic firewall that essentially just restricts what ports we can connect to without doing much else to defend our server. In this part, we’re going to build from there and add additional restrictions to block a substantial portion of potentially malicious traffic that simply has no business being on the internet at all. Continue reading

Posted in How-to | Tagged , , , , , | Comments Off on Setting Up An iptables Firewall: Part 2

Setting Up An iptables Firewall: Part 1

Posted on 19 July 2016 by Kromey

This is the first in a series of blog posts that will walk you through how to set up a secure firewall to help protect your internet-facing Linux machines. All you have to know to be able to follow along is how to log into your machine and run command line programs, including how to use sudo; everything else we do will be explained along the way. Continue reading

Posted in How-to | Tagged , , , , , | Comments Off on Setting Up An iptables Firewall: Part 1

Blocking httpoxy Requests In nginx

Posted on 18 July 2016 by Kromey

With the httpoxy vulnerability making headlines in the security circles right now, I decided to get more aggressive in guarding my own sites against it, specifically by outright blocking any such requests. Turns out, it’s not hard to do at all! Continue reading

Posted in Security | Tagged , , , , | Comments Off on Blocking httpoxy Requests In nginx

Using a Raspberry Pi as a Network Gateway

Posted on 24 January 2016 by Kromey

The Raspberry Pi is an amazing little piece of hardware, an entire computer in a form factor not much larger than your wallet. While not boasting specs to make it the envy of your household, it is nonetheless quite the capable little device, and with just a couple of simple accessories you can even use it to run your entire home network!

I’ve done precisely that, and in this lengthy, record-setting post, I’m going to share precisely how I turned a Raspberry Pi B+, with nothing more than a power supply and USB-to-Ethernet adapter, into the “Command & Control” center of my entire home network. Continue reading

Posted in How-to | Tagged , , , , , , | Comments Off on Using a Raspberry Pi as a Network Gateway

Exchange 2013 CU9: KB3087126 won’t install?

Posted on 10 September 2015 by Kromey

Microsoft has released update KB3087126 to address some important security flaws in OWA. Upon installing this update into my Exchange 2013 CU9 environment, however, I encountered some significant problems that left some of my servers in a completely non-working state! Continue reading

Posted in How-to | Tagged , , , | 4 Comments

PyPi Doesn’t Like Your Markdown

Posted on 9 January 2015 by Kromey

I’ve been putting all my projects onto GitHub, and as part of that I’ve gotten used to using (GitHub-flavored) Markdown to produce my README files. And it was good!

Now I have a project that I’m getting ready to publish to PyPi. Which is a great service, but it comes with a significant handicap: Your documentation needs to be in reStructuredText. Continue reading

Posted in How-to | Tagged , , | 1 Comment