Skip to content

Instantly share code, notes, and snippets.

View TGion's full-sized avatar

Tobias Gion TGion

1 follower · 18 following
View GitHub Profile
@TGion
TGion / adguardhome_custom_filter.txt
Last active February 5, 2023 19:48
AdGuard Home custom DNS rewrite for internal (vpn) access to the VPS
# The idea is to use the internal VPN host IP address of the server once we are connected to VPN.
# Domain name stays the same and should also be accessible, even when not connected to the VPN.
#
# Rewrite DNS of gion.io and every subdomain to the internal VPN host IP for every client with IP 192.168.100.*
||gion.io^$dnsrewrite=NOERROR;A;192.168.100.1,client='192.168.100.1/24'
# Exception for sub domain somedomain.gion.io - which is on another server
@@||somedomain.gion.io^$dnsrewrite
@TGion
TGion / sysctl.conf
Created February 1, 2023 13:45
FreeBSD 13 sysctl settings to prevent port scanning
# /etc/sysctl.conf
# Against port scanning
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
net.inet.icmp.icmplim=50
@TGion
TGion / rc.conf
Last active June 12, 2023 15:10
FreeBSD 13 RC config file for my VPS with SSH, Wireguard and several services
# Misc
dumpdev="NO"
cloudinit_enable="YES"
swapfile="/usr/swap0"
dbus_enable="YES"
# Network Stuff
hostname=HOSTNAME.DOMAIN.TLD
defaultrouter=X.X.X.X
ifconfig_vtnet0=X.X.X.X
@TGion
TGion / pf.conf
Last active August 10, 2023 04:47
Different BSD packet filter (pf) rule snippets - IPv4 only
ext_if = "vtnet0" # Our external interface.
vpn_if = "wg0" # Wireguard interface
gsd_if = "wg-gsd" # Wireguard GSD interface
# TCP ports allowed for external / public interface.
TCP_EXT_OK = "{ domain-s, http, https, docsrv }"
UDP_EXT_OK = "{ domain-s, wireguard }"
# Stateful TCP options.
TCP_STATE = "flags S/FSRA keep state"