IP sets in OpenWrt 22.03

OpenWrt has recently released version 22.03, and one of the biggest changes is the switch to nftables. I've noticed though that nftables doesn't use ipsets as I was used to, but it has a new concept of sets inside the nftables ruleset. I wanted to create a firewall rule to filter a list of IPs … Continue reading IP sets in OpenWrt 22.03

Advertisement

SNI-based load balancing with HAProxy

In a bare-metal Openshift installation you need to use an external load balancer to access the API and other services. In my hone lab I also have a webserver accesible from the Internet. I also don't want to terminate the TLS connections in the load balancer to keep using the existing certificates in my webserver … Continue reading SNI-based load balancing with HAProxy

Block non-https scripts with uBlock Origin

Inspired in the default NoScript setup of the Tor Browser, I've added this rule to my list of static filters in uBlock Origin to block any script or other objects served by http. Some pages load 3rd party scripts over a http connection, posing a risk of a man-in-the-middle attack. I've explicitly excluded the .onion … Continue reading Block non-https scripts with uBlock Origin

Installing and configuring Folding@Home in Fedora

I've recently joined the computational effort of Folding@Home for disease research, I want to share some of the modifications I've done to run it in Fedora more comfortably. First, download and install the 3 RPM packages in the Start Folding section.  # dnf install fahclient-7.5.1-1.x86_64.rpm fahcontrol-7.5.1-1.noarch.rpm fahviewer-7.5.1-1.x86_64.rpm As it uses a old init script, stop … Continue reading Installing and configuring Folding@Home in Fedora

Run a OpenStack all-in-one in Google Cloud

With this recipe I have installed a VM in Google Compute Engine with an all-in-one OpenStack setup for testing purposes. I assume you already have the gcloud command line client working, and have created a new project, called openstack-123456 in this example. I'm going to create a Ubuntu 16.04 VM with an extra 100 GB … Continue reading Run a OpenStack all-in-one in Google Cloud

Set window title in tmux or screen to the hostname you are connecting by ssh

To set the window title in tmux or screen to the hostname you are connecting by ssh, add this to your ~/.bashrc: settitle() { printf "\033k$1\033\\" } ssh() { local sshargs=("$@") local do_settitle=1 tty -s || local do_settitle=0 if [ "${TERM:0:6}" != "screen" ]; then local do_settitle=0 fi if [ $do_settitle -eq 1 ]; then … Continue reading Set window title in tmux or screen to the hostname you are connecting by ssh

Configure an instance of old versions of Java and Firefox

Everyday is harder to manage old hardware or access outdated intranet websites because the browser security is tighter with every release. Many appliances use unsigned Java applets or insecure ciphers and protocols. My first solution to this problem was to have a Windows VM in my laptop with old versions of everything: Firefox, Java, Flash... … Continue reading Configure an instance of old versions of Java and Firefox

Internet connection sharing with NetworkManager

With this recipe we will create a wireless access point in our laptop to share our wired Internet connection. This is quite useful where you only have a wired Internet connection (e.g. my work place) for giving access to your phone. This is done in Fedora 25 Workstation with NetworkManager. In my laptop I have … Continue reading Internet connection sharing with NetworkManager