Skip to content

Instantly share code, notes, and snippets.

View Thermi's full-sized avatar

Thermi Thermi

  • Switzerland
View GitHub Profile
Thermi /
Created March 22, 2019 19:01
Copy and start script for Supermicro's ipmiview tool. It makes sure you always got the latest version in your home directory.
#! /bin/bash
# check and copy files
if [ "$IPMIVIEWDIR" -nt "$USERDIR" ]
mkdir -p "$USERDIR"/BMCSecurity
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -s -p tcp --dport 22 -m limit --limit 10/min -j LOG --log-prefix "SSH_TRAFFIC "
-A INPUT -s -p tcp --dport 22 -j ACCEPT
Thermi /
Created September 13, 2018 18:28
#! /usr/bin/python3 -B
# Copyright (C) 2018 Noel Kuntze <> for VINN Gmbh
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
From a7fe5e35025227e348eaef5a15fd55f591d77206 Mon Sep 17 00:00:00 2001
From: John Safranek <>
Date: Tue, 6 Mar 2018 13:15:35 -0800
Subject: [PATCH] Fix issue with the creation of dummy fips.h header.
wolfssl/wolfcrypt/ | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/wolfssl/wolfcrypt/ b/wolfssl/wolfcrypt/
#! /bin/python3 -B
from fractions import Fraction
import pprint
class inputCase:
deltaX = 0
recursor = None
def __init__(self, deltaX, recursor):
self.deltaX = deltaX
Thermi / Best
Last active May 20, 2022 09:01
Summary page of the Netfilter related resources

Best Practices:

  1. Don't use iptables to apply your rules one at a time, use iptables-restore to apply a whole ruleset in one action.
  2. Set your INPUT and FORWARD policy to DROP.
  3. Don't set your OUTPUT policy to DROP unless you really know what you're doing.
  4. If you're going to implement a blacklist or whitelist, you should look at using ipsets if that list is going to be more than two or three addresses, and if it might be dynamic.
  5. Allow all traffic on lo.
  6. You should ALLOW traffic in ctstates of RELATED and ESTABLISHED near the beginning of your rules
  7. Don't use iptables -L
  9. Use iptables-save instead of iptables -L.
Thermi /
Last active October 23, 2020 01:29

A quick run down on iptables rules

What is it?

iptables is a cli frontend to netfilter, the Linux kernel firewall/nat implementation for OSI layer 3 and 4.

Okay, give me more details

  • When you run "iptables", the actual file being executed is "xtables-multi". That is, because the file name "iptables" is symlinked to "xtables-multi".
From eefac5786d01f1c3c4660cb218eb380eb19894a7 Mon Sep 17 00:00:00 2001
From: Noel Kuntze <>
Date: Fri, 21 Jul 2017 16:39:50 +0200
Subject: [PATCH] Fix implicit fallthrough in src/options.c
pax-3.4/src/options.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/pax-3.4/src/options.c b/pax-3.4/src/options.c
#! /bin/bash
ip neigh | while read -r i
if [ `echo "$i" | cut -d " " -f 5` == FAILED ]
ip neigh replace `echo "$i" | cut -d " " -f 1-3` nud none
From c694a83d871855bf8e26bcb6f7b3d85503753ca9 Mon Sep 17 00:00:00 2001
From: Noel Kuntze <>
Date: Mon, 19 Jun 2017 17:30:56 +0200
Subject: [PATCH] Fix compiler warnings in usl_timer.c
usl/usl_timer.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/usl/usl_timer.c b/usl/usl_timer.c