Interactive nftables Ruleset Editor

I wrote a simple shell tool to interactively edit the current nftables ruleset using a terminal-based text editor (respecting environment variable EDITOR and defaulting to vim).

For testing purposes, it can optionally revert the changes after a timeout specified in seconds (option --timeout SECONDS, requires systemd-run).

Lesen Sie mehr »

 Other Ways

 Trabant

GRE Setup for Bacula on a Mobile Client

The way Bacula works is:

  • A backup client runs a TCP server process bacula-fd, waiting for a backup server process bacula-dir to connect and perform backup and restore jobs.
  • There is a simple authentication mechanism, where bacula-dir presents a shared secret to bacula-fd to be granted access.

Opening the bacula-fd TCP server on an exposed network interface may be fine for static backup clients with dedicated storage networking towards the backup server, but on a mobile computer bacula-fd should be reachable by bacula-dir only if the computer is connected by Ethernet to the home network. Specifically, the TCP server port of bacula-fd should not be exposed on the Ethernet NIC.

To implement this, i have defined a GRE tunnel between mobile backup client and home network backup server.

Lesen Sie mehr »

Create or Append a debian/changelog Entry

Since i always have to look this up, everytime i need it, i write it down once, as „note to self“!

NAME="John Smith" EMAIL=j.smith@example.org \
    dch --create \
        --package my-package \
        --newversion 0.1 \
        "Initial release"

And that’s it! 🙂

Generate Certificate Signing Requests (CSRs) for TLS Server Certificates

Overview

In this article, a procedure is described to generate multiple certificate signing requests (CSR) for TLS servers, such as SMTP-, IMAP- or HTTP-servers, so that we can submit them to a Certificate Authority (CA). The CA will eventually perform the signature and return a public certificate to us.

A Shell and the software OpenSSL should be available.

The subject organization (the entity the request is for) is assumed to be the same on every request, and the subject alternative names are assumed to follow the same pattern (the DNS name of some service plus a „www.“ DNS alias for that service).

The procedure can easily be expanded to make more request information configurable and allow, for example, processing a CSV file into a set of requests.

Lesen Sie mehr »

 Disco Infernale

Trying out the Synths in my upgrade of Reason …

Methods of HTTP Caching

Preface

I find the world wide web and the spectrum of methods and instruments that make it happen full of dubiousness and opportunity alike. Caching is generally known as one of the „hard problems“ of information science, and this is not different when it comes to technologies of the web. The text presented here, as unsorted and questionable as it might be, can in the least serve to document this further.

The bulk of this text was written between December 2019 and January 2020. It contains a summarization of my experience as an administrator and developer of web-based applications, some research about current subjects (specifically browser caches and reverse-caching HTTP proxies) and references to relevant IETF standards.

Lesen Sie mehr »