Skip to content

Instantly share code, notes, and snippets.

View Thermi's full-sized avatar

Thermi Thermi

57 followers · 6 following
  • Switzerland
View GitHub Profile
@Thermi
Thermi / Best Practices.md
Last active May 20, 2022 09:01
Summary page of the Netfilter related resources

Best Practices:

  1. Don't use iptables to apply your rules one at a time, use iptables-restore to apply a whole ruleset in one action.
  2. Set your INPUT and FORWARD policy to DROP.
  3. Don't set your OUTPUT policy to DROP unless you really know what you're doing.
  4. If you're going to implement a blacklist or whitelist, you should look at using ipsets if that list is going to be more than two or three addresses, and if it might be dynamic.
  5. Allow all traffic on lo.
  6. You should ALLOW traffic in ctstates of RELATED and ESTABLISHED near the beginning of your rules
  7. Don't use iptables -L
  8. DON'T USE IPTABLES -L
  9. Use iptables-save instead of iptables -L.
@Thermi
Thermi / lab2_alt2.py
Created January 7, 2018 01:21
#! /bin/python3 -B
from fractions import Fraction
import pprint
class inputCase:
deltaX = 0
recursor = None
def __init__(self, deltaX, recursor):
self.deltaX = deltaX
@Thermi
Thermi / 0001-Fix-issue-with-the-creation-of-dummy-fips.h-header.patch
Created April 16, 2018 08:49
From a7fe5e35025227e348eaef5a15fd55f591d77206 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 6 Mar 2018 13:15:35 -0800
Subject: [PATCH] Fix issue with the creation of dummy fips.h header.
---
wolfssl/wolfcrypt/include.am | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am
@Thermi
Thermi / ipsecTunnelMonitoringScript.py
Created September 13, 2018 18:28
ipsecTunnelMonitoringScript
#! /usr/bin/python3 -B
# Copyright (C) 2018 Noel Kuntze <noel.kuntze@thermi.consulting> for VINN Gmbh
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
@Thermi
Thermi / gist:e01ef209652305dba1e5a60aee84499c
Last active February 28, 2019 22:13
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -s 87.128.0.0/10 -p tcp --dport 22 -m limit --limit 10/min -j LOG --log-prefix "SSH_TRAFFIC "
-A INPUT -s 87.128.0.0/10 -p tcp --dport 22 -j ACCEPT
@Thermi
Thermi / copy-and-start.sh
Created March 22, 2019 19:01
Copy and start script for Supermicro's ipmiview tool. It makes sure you always got the latest version in your home directory.
#! /bin/bash
# check and copy files
IPMIVIEWDIR=/opt/ipmiview
USERDIR="$HOME/.local/share/ipmiview/"
if [ "$IPMIVIEWDIR" -nt "$USERDIR" ]
then
OLDDIR="$(pwd)"
mkdir -p "$USERDIR"/BMCSecurity