Geoip blocking using nftables
Since iptables are deprecated and most Linux distributions now supports nftables, I have added nftables format to my country IP lists. This lists can be… Read More »Geoip blocking using nftables
Debian on Amlogic
I have few chinese Android TV boxes, two with flashed CoreELEC. One oldest which was not compatible with CoreELEC was unused, partialy bricked (OS loader… Read More »Debian on Amlogic
Blocking Facebook in nginx
How to block Facebook complete from your site? It is easy using geoip2 module in nginx. In Debian / Ubuntu install libnginx-mod-http-geoip2 and we need… Read More »Blocking Facebook in nginx
How to download VMware patches from Broadcom
After WMware was merged into Broadcom systems, it is very difficult to find VMware patches. Broadcom published this howto (because it is so non-intuitive). These… Read More »How to download VMware patches from Broadcom
Mikrotik Letsencrypt SSL certificate using new cloud-dns challenge feature
RouterOS version 7.16 changelog mention this new feature
certificate - added support for cloud-dns challenge validation for sn.mynetname.net (CLI only);
But there is no documentation yet. How this feature works? Let’s find out.
Read More »Mikrotik Letsencrypt SSL certificate using new cloud-dns challenge featureNew country IP ranges generator
Ten years ago I have published my IP ranges generator and few other articles how it can be used to generate mikrotik firewall address lists or Haproxy ACLs This articles gets many comments about missing or wrong IP ranges. Yes, I know about it, but I can’t do anything with that – source data delegated blocks have country assigned by RIRs. Manually doing exceptions is no way to go…
Read More »New country IP ranges generatorLayer 2 VPN from Mikrotik to linux – Proxmox PVE
Mikrotik version 7 brings many new features, including wireguard vpn. Wireguard vpn is fine, but it is layer 3 VPN – can not be bridged. What if you need L2 VPN, for example to migrate local server to datacenter and from network view keep it in your local network?
In my setup I wanted to be able migrate VMs from local Proxmox PVE to PVE runningĀ in Hetzner in datacenter. PVE in datacenter was dedicated server.
Mikrotik 7.1 also supportĀ l2tpv3, which is not very well documented in Mikrotik wiki yet, but it enables Layer 2 VPN. L2tpv3 is also supported in linux. How to create bridge between them?
Do not use consumer SSD with ZFS (for virtualization)
I have been successfully using consumer SSD in my ESXi for few years. After migration to Proxmox, I have tried to use ZFS for virtual machines. First few weeks I was very happy about it. Then I noticed very fast increasing SSD wearout levels on my new SSDs. Proxmox support forums and reddit are full of users mentioning proxmox is destroying SSD, but I thought this is just rumor. Where is the true?
Read More »Do not use consumer SSD with ZFS (for virtualization)
Using desktop SSD in server
Five years ago before Christmas I bought my first SSD – Crucial MX300 750GB. I have put it into my linux server running some web hosting (running this blog for example), my emails. Second MX300 was put into Linux MD Raid1. Disk were running two years in this setup, then I have migrated into virtualized setup, running ESXi, booted from USB drive. SSD were re-used and running as hw Raid 1 using LSI-9211 card.
HAProxy Country filtering ACL
It is few years since I have written my IP Country generator. As I recently added new file geoip.txt (warning, big file!) for use with haproxy, I will show you how you can easily create ACL in HAproxy to filter specific country.
Read More »HAProxy Country filtering ACL