Trust an IP address with firewalld’s rich rules

Managing firewall rules with iptables can be tricky at times. The rule syntax itself isn’t terribly difficult but you can quickly run into problems if you don’t save your rules to persistent storage after you get your firewall configured. Things can also get out of hand quickly if you run a lot of different tables with jumps scattered through each. Why FirewallD? FirewallD’s goal is to make this process a bit easier by adding a daemon to the mix....

2014-11-24 · 2 min · Major Hayden

HOWTO: Time Warner Cable and IPv6

Time Warner has gradually rolled out IPv6 connectivity to their Road Runner customers over the past couple of years and it started appearing on my home network earlier this year. I had some issues getting the leases to renew properly after they expired (TWC’s default lease length appears to be seven days) and there were some routing problems that cropped up occasionally. However, over the past month, things seem to have settled down on TWC’s San Antonio network....

2014-09-11 · 6 min · Major Hayden

httpry 0.1.8 available for RHEL and CentOS 7

Red Hat Enterprise Linux and CentOS 7 users can now install httpry 0.1.8 in EPEL 7 Beta. The new httpry version is also available for RHEL/CentOS 6 and supported Fedora versions (19, 20, 21 branched, and rawhide). Configuring EPEL on a RHEL/CentOS server is easy. Follow the instructions on EPEL’s site and install the epel-release RPM that matches your OS release version. If you haven’t used httpry before, check the output on Jason Bittel’s site....

2014-08-13 · 1 min · Major Hayden

Unexpected predictable network naming with systemd

While using a Dell R720 at work today, we stumbled upon a problem where the predictable network device naming with systemd gave us some unpredictable results. The server has four onboard network ports (two 10GbE and two 1GbE) and an add-on 10GbE card with two additional ports. Running lspci gives this output: # lspci | grep Eth 01:00.0 Ethernet controller: Intel Corporation Ethernet Controller 10-Gigabit X540-AT2 (rev 01) 01:00.1 Ethernet controller: Intel Corporation Ethernet Controller 10-Gigabit X540-AT2 (rev 01) 08:00....

2014-08-06 · 3 min · Major Hayden

Adventures in live booting Linux distributions

We’re all familiar with live booting Linux distributions. Almost every Linux distribution under the sun has a method for making live CD’s, writing live USB sticks, or booting live images over the network. The primary use case for some distributions is on a live medium (like KNOPPIX). However, I embarked on an adventure to look at live booting Linux for a different use case. Sure, many live environments are used for demonstrations or installations - temporary activities for a desktop or a laptop....

2014-07-29 · 5 min · Major Hayden

Configure static IP addresses for Project Atomic’s KVM image

Amid all of the Docker buzz at the Red Hat Summit, Project Atomic was launched. It’s a minimalistic Fedora 20 image with a few tweaks, including rpm-ostree and geard. There are great instructions on the site for firing up a test instance under KVM but my test server doesn’t have a DHCP server on its network. You can use Project Atomic with static IP addresses fairly easily: Create a one-line /etc/sysconfig/network:...

2014-04-23 · 1 min · Major Hayden

Speed up your Fedora PXE installations by hosting the stage2 installer locally

In my previous post about installing Fedora via PXE, I forgot to mention a big time saver for the installation. A Fedora PXE installation requires a few different things: initial ramdisk (initrd.img) kernel (vmlinuz) installation repository If you only specify an installation repository, then Anaconda tries to drag down a 214MB squashfs.img file in each installation. You can host this file locally by recreating a portion of a Fedora repo’s structure and dropping two files into it....

2013-11-03 · 1 min · Major Hayden

I’m on the hunt for experienced security analysts!

Want to work for a company that finds new approaches to traditional IT problems? Do you want to work with a team that provides Fanatical Support through keeping customer data safe? Our Global Security Services team is looking for experienced security analysts who can take network analysis and malware defense to the next level. The responsibilities of the role include: Monitor global NIDS, Firewall, and log correlation tools for potential threats Initiate escalation procedure to counteract potential threats/vulnerabilities Provide Incident remediation and prevention documentation Document and conform to processes related to security monitoring Provide performance metrics as necessary Provide customer service that exceeds our customers expectations Experience with tools such as Wireshark, Hex Rays, IDA Pro or Hex workshop....

2013-10-15 · 1 min · Major Hayden

PXE boot Fedora 19 using a Mikrotik firewall

Outside of the RHCA exams, I haven’t configured a PXE system for my personal needs. A colleague demoed his PXE setup for me and I was hooked. Once I realized how much time I could save when I’m building and tearing down virtual machines, it made complete sense. This post will show you how to configure PXE and tftpd in Mikrotik’s RouterOS to boot and install Fedora 19 (as well as provide rescue environments)....

2013-07-23 · 3 min · Major Hayden

Changing your ssh server’s port from the default: Is it worth it?

Changing my ssh port from the default port (22) has been one of my standard processes for quite some time when I build new servers or virtual machines. However, I see arguments crop up regularly about it (like this reddit thread or this other one). Before I go any further, let’s settle the “security through obscurity” argument. (This could probably turn into its own post but I’ll be brief for now....

2013-05-15 · 3 min · Major Hayden