Linux

Getting started with firewalld

I'm mostly writing this for my own reference as I spent a bunch of time figuring this out while I was on holidays with some serious oVirt misadventures and didn't document any of what I did, so since I had to reinstall CentOS 7, I'm stuck doing this all over again.

Effectively I'm migrating from CentOS 6 to CentOS 7 and trying to take advantage of the new way of doing things. I could easily ...

Read More

macOS

Enhance security on your Mac with Hands Off!

This week's mac techmail was Enhance security on your Mac with Hands Off! which is a neat security tool for OS X. I've been using Little Snitch for years, and Hands Off! is quite similar except that it provides more features and functionality, including the ability to protect files and directories on the hard drive with applicable policies to programs. Want to default deny access to files, and allow only trusted applications ...

Read More

Linux

Use APF to manage your firewall

Last week's techmail was Use APF to manage your firewall which takes a look at using the APF (Advanced Policy Firewall) set of scripts to configure an iptables-based firewall on Linux. I was always a big Shorewall user; used it on my servers whether they ran Mandriva or Annvix. Recently I've been fiddling with /etc/sysconfig/iptables directly on Red Hat Enterprise Linux and CentOS, but I got wind of APF because that is ...

Read More

Linux

Use Fail2ban to blacklist IP addresses and alert you to attacks

This week's techmail was Use Fail2ban to blacklist IP addresses and alert you to attacks which takes a look at the fail2ban tool. Fail2ban is a program that will watch log files and if it notices failed login attempts on any configured services (ssh, smtp, etc.) it will ban that IP address for a certain amount of time by manipulating firewall rules. Really useful tool to keep the script kiddies out, and ...

Read More

Linux

Firewall configuration with system-config-firewall

This week's techmail was Firewall configuration with system-config-firewall which discusses the niceties of using Fedora's system-config-firewall to configure iptables. I'm not much of a GUI guy, but the interface for the firewall configuration is really slick. Will it replace my use of editing iptables rules in /etc/sysconfig/iptables? Probably not. But if you were afraid of editing a text file to setup your firewall rules, then using system-config-firewall will be welcome ...

Read More

macOS

Protect your privacy with Little Snitch for Mac

Last week's mac techmail was Protect your privacy with Little Snitch for Mac which talks about Little Snitch, one of my absolute favourite and essential mac software tools. Little Snitch is an outbound firewall, so it will alert you if any applications try to make outbound connections (anything from a new browser trying to get out and connect to port 80, or curl from the command line). So many apps try to ...

Read More

Linux

DIY pfSense firewall system beats others for features, reliability, and security

This week's TechMail was DIY pfSense firewall system beats others for features, reliability, and security which takes a look at pfSense which is, in my opinion, one of the best open source firewall systems around. I've used quite a few, and for a long time when I was developing Annvix, used it as a firewall (using shorewall), but pfSense has so much slick awesomeness to it that once I found it and played ...

Read More

Linux

Using Corkscrew to tunnel SSH over HTTP

This week's TechMail is Using Corkscrew to tunnel SSH over HTTP which talks about creating an SSH tunnel using HTTP and the Corkscrew tool. Very cool and interesting stuff. Fortunately I've never been in such a restrictive environment where I've needed to use it, but it's good to know in case I'm stuck in a hotel or something that has silly firewall rules.

Read More

Linux

Secure remote firewall administration via SSH

This week's TechMail is Secure remote firewall administration via SSH which talks about using ssh to create a secure tunnel to a remote network/system to use with configuring a remote firewall. I use this quite a bit with remotely-deployed pfSense boxen to configure it using the web interface and it works great. Of course, the nice thing with ssh tunnels is you can use them for darn near everything, but this is ...

Read More