OpenWrt has recently released version 22.03, and one of the biggest changes is the switch to nftables. I've noticed though that nftables doesn't use ipsets as I was used to, but it has a new concept of sets inside the nftables ruleset. I wanted to create a firewall rule to filter a list of IPs … Continue reading IP sets in OpenWrt 22.03
SNI-based load balancing with HAProxy
In a bare-metal Openshift installation you need to use an external load balancer to access the API and other services. In my hone lab I also have a webserver accesible from the Internet. I also don't want to terminate the TLS connections in the load balancer to keep using the existing certificates in my webserver … Continue reading SNI-based load balancing with HAProxy
PXE server in Fedora with dnsmasq
I'm currently doing many tests with the Openshift bare-metal installation, and as I'm creating and destroying the VMs again and again, having a PXE server to provide the installation images and configuration to the VMs is very handy and saves a lot of time. This is an example of my PXE configuration mounted on a … Continue reading PXE server in Fedora with dnsmasq
Block non-https scripts with uBlock Origin
Inspired in the default NoScript setup of the Tor Browser, I've added this rule to my list of static filters in uBlock Origin to block any script or other objects served by http. Some pages load 3rd party scripts over a http connection, posing a risk of a man-in-the-middle attack. I've explicitly excluded the .onion … Continue reading Block non-https scripts with uBlock Origin
Installing and configuring Folding@Home in Fedora
I've recently joined the computational effort of Folding@Home for disease research, I want to share some of the modifications I've done to run it in Fedora more comfortably. First, download and install the 3 RPM packages in the Start Folding section. # dnf install fahclient-7.5.1-1.x86_64.rpm fahcontrol-7.5.1-1.noarch.rpm fahviewer-7.5.1-1.x86_64.rpm As it uses a old init script, stop … Continue reading Installing and configuring Folding@Home in Fedora
Capture Raspberry Pi kernel crashes
I'm experiencing kernel panics in a headless Raspberry Pi with Fedora 29 Server and need a way to capture what is happening. First I tried to enable kdump, but this doesn't seem possible. If someone has done it, I'd like to hear. What I'm using now, is enabling netconsole to log all the kernel messages … Continue reading Capture Raspberry Pi kernel crashes
Run a OpenStack all-in-one in Google Cloud
With this recipe I have installed a VM in Google Compute Engine with an all-in-one OpenStack setup for testing purposes. I assume you already have the gcloud command line client working, and have created a new project, called openstack-123456 in this example. I'm going to create a Ubuntu 16.04 VM with an extra 100 GB … Continue reading Run a OpenStack all-in-one in Google Cloud
Set window title in tmux or screen to the hostname you are connecting by ssh
To set the window title in tmux or screen to the hostname you are connecting by ssh, add this to your ~/.bashrc: settitle() { printf "\033k$1\033\\" } ssh() { local sshargs=("$@") local do_settitle=1 tty -s || local do_settitle=0 if [ "${TERM:0:6}" != "screen" ]; then local do_settitle=0 fi if [ $do_settitle -eq 1 ]; then … Continue reading Set window title in tmux or screen to the hostname you are connecting by ssh
Configure an instance of old versions of Java and Firefox
Everyday is harder to manage old hardware or access outdated intranet websites because the browser security is tighter with every release. Many appliances use unsigned Java applets or insecure ciphers and protocols. My first solution to this problem was to have a Windows VM in my laptop with old versions of everything: Firefox, Java, Flash... … Continue reading Configure an instance of old versions of Java and Firefox
Internet connection sharing with NetworkManager
With this recipe we will create a wireless access point in our laptop to share our wired Internet connection. This is quite useful where you only have a wired Internet connection (e.g. my work place) for giving access to your phone. This is done in Fedora 25 Workstation with NetworkManager. In my laptop I have … Continue reading Internet connection sharing with NetworkManager