During a training I gave last week, a student asked whether it is possible to protect an XFR by IP and a TSIG key. I quickly found somebody who'd done this before and have now tested with this configuration: The following (tested with a BIND 9.11.2 server) permits XFR to a client authenticated by IP and by a key (i.e. the slave must appear from a valid IP and must present a correct TSIG key)
$ tsig-keygen xfr.key > xfr.key
| use v5.16; | |
| use warnings; | |
| package HTTP::Tiny::nc; | |
| use parent 'HTTP::Tiny'; | |
| our $VERSION = v0.0.3; | |
| # Copyright (c) 2019-2023 Andrew Hewus Fresh <afresh1@openbsd.org> | |
| # | |
| # Permission to use, copy, modify, and distribute this software for any |
This is how you would create a livable FreeBSD instance on EC2 by hand. The smart thing to do is to automate most of these actions. But I do it this way so you can see and understand all the different techniques. I want to create FreeBSD instances in EC2 and I want some of the management benefits that come from native AWS technologies like CloudWatch. It can be done, but it takes a bit of extra work because FreeBSD isn't Linux, and AWS doesn't directly support FreeBSD.
Before we go far, we will want some things setup in AWS IAM and VPC. I assume you have already created a VPC, decided what network numbers you're going to use, created a subnet and so on. If you haven't done those basic things, you need to go do them. I also assume you've created an ssh key and uploaded it to your AWS account.
| # Usage: portsdiff <diff-name> | |
| # Creates a new diff from the current port cvs directory in DIR. | |
| # If no parameter is passed PKGNAME will use as filename. | |
| portsdiff () { | |
| local DIR="$HOME/patches" | |
| local SAVEFILE | |
| if [ ! -d "$DIR" ]; then | |
| echo "create $DIR" | |
| mkdir -p $DIR |
| Credit to @feldpos for providing the original version of this file, designed for inclusion into a .bashrc etc file | |
| $ ls -l /etc/pam.d/pushovernet.sh | |
| -rwxr-xr-x 1 root wheel 485 Mar 22 14:48 /etc/pam.d/pushovernet.sh | |
| $ cat /etc/pam.d/pushovernet.sh | |
| #!/bin/sh | |
| (if [ "${PAM_SM_FUNC}" == "pam_sm_open_session" ]; then | |
| P_KEY="YOUR USER KEY HERE" | |
| P_TOKEN="YOUR APP TOKEN HERE" | |
| P_MSG="${PAM_USER} logged in to $(hostname) from ${PAM_RHOST} via ${PAM_SERVICE}" |
This content has moved.
Please go to bagder/TRRprefs for the current incarnation of the docs, and please help us out polish and maintain this documentation!
| #!/bin/sh | |
| # This is an OpenBSD compatible shell script using the ftp utility | |
| # to download the latest Spamhaus DROP list IP ranges and create a | |
| # pf compatible IP list | |
| # Files (make sure the PFDROP file actually exists) | |
| PFDROP=/etc/blocklists/spamhaus | |
| # Lists |
Unfortunately CenturyLink provisions their fiber to the home with a PPPoE authentication over vlan 201, this makes replacing the router more difficult than it should be. I also had to call CenturyLink support to get the password for the PPPoE connection.
cnmac0 is the egress interface on my EdgeRouter Lite.
You also need to add match on pppoe0 scrub (max-mss 1452)
