Skip to content

Instantly share code, notes, and snippets.

Avatar

Richard S. Leung richardevs

View GitHub Profile
@richardevs
richardevs / iptables.sh
Last active Sep 1, 2020
Foward traffic (filter by source ip and dst port) to other public ip
View iptables.sh
# run all these on the bastion vm
# iptables can not directly route traffic to public ip ( in my test )
# so I insert a socat here to help get the job done
iptables -t nat -F # flush all the current NAT rule ( be careful )
iptables -t nat -A PREROUTING -s 1.1.1.1 -p tcp --dport 443 -j DNAT --to-destination :4433 # all traffic to port 443 from 1.1.1.1 get routed to port 4433
iptables -t nat -A POSTROUTING -j MASQUERADE # let iptables do the NAT work
iptables -t nat -nL # double check if iptables are correctly showing the rules
nohup socat TCP4-LISTEN:4433,reuseaddr,fork TCP4:2.2.2.2:443 & # use socat to forward traffic to final destination, in the demo here, 2.2.2.2:443
View keybase.md

Keybase proof

I hereby claim:

  • I am richardevs on github.
  • I am r4ds (https://keybase.io/r4ds) on keybase.
  • I have a public key whose fingerprint is 8C09 5E60 0D83 C696 586E 0BAA F41C 815A CDD2 2938

To claim this, I am signing this object:

@richardevs
richardevs / b64decode.py
Created Dec 2, 2019
Simple python application to decode base64, just run and input any base64 string.
View b64decode.py
import base64
def base64_decode(strg):
res = base64.urlsafe_b64decode(strg + '=' * (-len(strg) % 4))
print(str(res.decode('utf-8')))
print("")
while True:
strg = input()
if strg == "exit":
@richardevs
richardevs / CentOS7_YUM_UPDATE_IPv6_ENABLE_BBR.sh
Created Nov 30, 2019
さくらのVPS CentOS7 専用スクリプト - Yum update + IPv6 有効化 + 最新カーネル + TCP BBR + SYN フラッド攻撃対策
View CentOS7_YUM_UPDATE_IPv6_ENABLE_BBR.sh
#!/bin/bash
## ScriptName: CentOS7_YUM_UPDATE_IPv6_ENABLE_BBR
set -x
main_script() {
yum clean all
yum -y install yum-plugin-fastestmirror
yum -y update
@richardevs
richardevs / renew-certs.sh
Created Nov 28, 2019
Renew all acme.sh certs and restart nginx
View renew-certs.sh
export LE_WORKING_DIR="/root/.acme.sh"
alias acme.sh="/root/.acme.sh/acme.sh"
[ -d /root/acme_logs ] || mkdir /root/acme_logs
for i in $(/root/.acme.sh/acme.sh --list | sed 1d | awk '{print $1}'); do
touch /root/acme_logs/$i.$(date +%Y%m%d)
# If you do not have ecc certificate, remove the "--ecc" option below
/root/.acme.sh/acme.sh --renew -d $i --ecc >> /root/acme_logs/$i.$(date +%Y%m%d)
done
View keybase.md

Keybase proof

I hereby claim:

  • I am richardevs on github.
  • I am r4ds (https://keybase.io/r4ds) on keybase.
  • I have a public key whose fingerprint is 330C DE83 C333 7CEA DA44 CE70 BB18 0B94 15CD C81B

To claim this, I am signing this object: