Block Internet per User/Service
If you like to block network access for certain users on a linux box it’s as simple as that: /sbin/iptables -I OUTPUT -m owner –uid-ower <USERNAME> -j DROP Username might also be the username of a running service.
Archive of entries posted by alex
Chrome Destroys URLs in the Location Line
Problem: current Chrome browsers cut URl parts and hide the correct URL. https://www.derstandard.at/ is shown as derstandard.at. This is simply wrong from the technical point of view. And it might even be dangerous for some URLs form a security standpoint. Solution: there is an option to disable this bug:chrome://flags/#omnibox-ui-hide-steady-state-url-trivial-subdomains Update: oogle ropped his ption. The …
Continue reading ‘Chrome Destroys URLs in the Location Line’ »
APT sources list
Problem: when debian goes from “testing” to “stable” to “oldstable” the package sources change. eg. jessie-updates are remove, same happened to jessie-backports The current file /etc/apt/sources.list for jessie (currently oldstable) could look like this deb http://ftp.debian.org/debian/ jessie main contrib non-freedeb http://security.debian.org/ jessie/updates main contrib non-free
Configure WLAN Statically in Debian/Linux
If you want to configure WLAN settings on a Linux machine statically you can use the normal /etc/network/interfaces configuration method of Debian. For WPA-PSK you can use this 3 steps: Install the “wpasupplicant” package Generate a psk line with “wpa_passphrase” and copy the hex string after “psk=” root@server:~# wpa_passphrase WLANNAME# reading passphrase from stdinthepasswordnetwork={ ssid=”WLANNAME” …
Continue reading ‘Configure WLAN Statically in Debian/Linux’ »
Debugging Akamai
Akamai just works, … most of the time. But sometimes you have to check what’s going on, and Akamai gives you a handy tool for this. There is an HTTP request header that tells Akamai to respond with some internal information. Pragma: akamai-x-cache-on, akamai-x-cache-remote-on, akamai-x-check-cacheable, akamai-x-get-cache-key, akamai-x-get-ssl-client-session-id, akamai-x-get-true-cache-key, akamai-x-get-request-id With this request header Akamai includes …
MikroTik Automatic IPSec Failover
Problem: Mikrotik allows only one ipsec policy per network-to-network pair. If you want to have redundant tunnels between two locations with two upstreams you cannot configure ipsec redundancy on Mikrotik because one ipsec policy is always marked as “invalid” by the OS. Solution: I made a Mikrotik script that checks the status and reachabilty of …
Control a Rotel Amp with a Panasonic Remote
I released a small open source DIY project that converts Panasonic LCD TV IR remote signals to serial control signals for a Rotel RA-12 amp. If anybody needs that (?), have fun! https://github.com/alexte/PanasonicRotelRemote
FortiGate HA Synchronization Fail
Problem: Two FortiGate firewall show “not synchonized” in the HA status. Discussion: the problem with this is, that FortiGate does not show why it fails. I found no log file with a reasonable error message. So I tried to synchronize the config myself, which is exactly what should NOT be necessary when using HA synchronization. Solution: When an …
My Contact was Shared with Facebook
Facebook gives a list of companies who run Facebook ads, and sent my contact information (tel, email) to Facebook. This list for my account lists some obvious companies, some companies I never heard of, and some companies who really should never have forwarded my contact information to Facebook! Look up your own list by: Click …
Annoyances While Setting Up FortiGate 100E
After unboxing and starting two Fortigate 100E firewalls the following things failed. Fortinet should really work on QA I think: When starting the Webgui for the first time the box asks to register or login to activate the box. I tried to register and the box asks so many questions, doesn’t Fortinet know GDPR ? …
Continue reading ‘Annoyances While Setting Up FortiGate 100E’ »