Posted by jpluimers on 2025/12/19
Since GL.iNET does not support site-to-site “Peer to Peer” OpenVPN (only “Remote Access” is supported) which is needed to route to/from the networks on both sides of the connection. the below did fail.
Below was what I hoped to function.
Some links that should get me started (though my situation is a tad more difficult, see below):
Posted in Ethernet, Firewall, Fritz!, Fritz!Box, GL-AR300M, GL.iNet, GL.iNET GL-SFT1200, Hardware, Infrastructure, Network-and-equipment, pfSense, routers | Leave a Comment »
Posted by jpluimers on 2024/10/31
[Wayback/Archive] Friendica Social Network | Sven222 @ Friendica Social Network:
Also, falls jemand UFW am laufen hat und keinen Bock auf criteo hat:
edited: UFW Regel nach Hinweis aus Kommentaren angepasst.
ufw deny out from any to 185.235.84.0/22
Or [Wayback/Archive] Tobias Klausmann: “@sven222 Bei mir ist nftables …” – mas.to:
@sven222 Bei mir ist nftables statt ufw, ich hab dann das hier gemacht:
ip daddr 185.235.84.0/22 tcp dport 443 jump rd
ip daddr 185.235.84.0/22 tcp dport 80 jump rd“
rd” it eine chain, die normal rejectet (also wie “port ist zu” aussieht), aber bei hohen Paketraten zu “drop” wechselt.
Oh, and WetterOnline were the ones that forced the German state weather agency to limit the usability of their free app: [Wayback/Archive] BGH-Urteil: Staatlicher Wetterdienst muss Gratis-App beschränken | heise online.
For that reason alone, WetterOnline and their obvious local brands are blocked here, as is criteo.
If you want to read more: [Wayback/Archive] WetterOnline | DE – Criteo.com
--jeroen
Posted in Firewall, Power User | Leave a Comment »
Posted by jpluimers on 2024/07/25
A few years ago I asked for some help figuring out what to whitelist so that winget can update its sources and install packages.
This is how I found out.
The queste started with [Wayback/Archive] Need help trying to figure out what domains/IPs to whitelist for installing packages · Discussion #2304 · microsoft/winget-cli
Posted in Batch-Files, Development, Firewall, Fritz!, Fritz!Box, Hardware, Network-and-equipment, Power User, Scripting, Software Development, Windows, Windows 10, Windows 11, winget | Leave a Comment »
Posted by jpluimers on 2024/01/05
Deze moet je in een Fritz!Box zetten om TV-West op een PC te kunnen:
cloudfront.net omroepwest.bbvms.com i.regiogroei.cloud static.regiogroei.cloud cdn.primed.io omroepwest.nl
Via [Wayback/Archive] Jeroen Wiert Pluimers on Twitter: “Zet deze domain in je @AVM_NL #FritzBox op de whitelist om TV West van @omroepwest op je PC te kunnen bekijken: cloudfront.net
omroepwest.bbvms.com i.regiogroei.cloud static.regiogroei.cloud cdn.primed.io omroepwest.nl” / Twitter
–jeroen
Posted in Firewall, Fritz!, Fritz!Box, Hardware, Infrastructure, Internet, Network-and-equipment, Power User | Leave a Comment »
Posted by jpluimers on 2021/07/02
Having it accidentally made it to the CBL (Composite Blocking List – Wikipedia) a long time ago, I discovered the page started with (WayBack link mine):
IMPORTANT: Many CBL/XBL listings are caused by a vulnerability in Mikrotik routers. If you have a Mikrotik router, please check out the [WayBack] Mikrotik blog on this subject and follow the instructions before attempting to remove your CBL listing.
It wasn’t one of my Mikrotik devices, as first of all they had all being patched out of the box from a really empty internal network before being externally exposed to the internet or more busy internal networks, and second because the CBL entry was a one off on one specific day where someone used our guest network.
Some CBL entries in the range where it was displayed, quite a while after CVE-2018-14847 became public:
Posted in Firewall, Hardware, Infrastructure, Internet, MikroTik, Network-and-equipment, Power User, routers, SPAM, WinBox | Leave a Comment »
Posted by jpluimers on 2020/07/31
For my link archive: networking – Whitelist Windows Update Servers – Super User
Because there are brain dead routers that do not allow for wildcards, or whitelisting only a certain protocol for a URL, call windowsupdate.microsoft.com a URL, but then also accept http://www.windowsupdate.microsoft.com.
–jeroen
Posted in Firewall, Infrastructure, Power User, Windows | Leave a Comment »
Posted by jpluimers on 2018/07/16
It seems netsh is something different than bash or csh as it is the command-line interface to many (all?) Windows Firewall settings.
So I need to put some time into learning it.
This gives you all the names of firewall rules, ready for text searching it (with find, grep, etc):
netsh advfirewall firewall show rule name=all
An alternative might be PowerShell as it too has a lot of Windows Firewall plumbing: [WayBack] How to manage the Windows firewall settings with PowerShell – James O’Neill’s blog
Choices, choices.
–jeroen
via: [WayBack] windows firewall – How can I use netsh to find a rule using a pattern – Server Fault
Posted in Firewall, Power User, Windows | Leave a Comment »
Posted by jpluimers on 2018/05/07
Reminder to self for Windows Firewall: Block rules take precedence over Allow rules (see * below as actually it is even more complex); [WayBack] Firewall Rule Properties Page: General Tab has
Firewall rules are evaluated in the following order:
- Allow if secure with Override block rules selected in the Customize Allow if Secure Settings dialog box.
- Block the connection.
- Allow the connection.
- Default profile behavior (allow or block as specified on the applicable Profile tab of the Windows Firewall with Advanced Security Properties dialog box).
Within each category, rules are evaluated from the most specific to the least specific. A rule that specifies four criteria is selected over a rule that specifies only three criteria.
Which means that this will block TCP port 1024 traffic to bar.exe:
The Block rules are inserted by Windows if you click “Cancel” on a dialog like this (note the lowercase path, despite the application being at C:\Program Files (x86)\Foo\Bar.exe):
Posted in Firewall, Infrastructure, Power User, Windows | 1 Comment »
Posted by jpluimers on 2017/11/28
Using the TRACE target: [WayBack] iptables debugging « \1 via [WayBack] iptables Debugging using the TRACE chain – Kristian Köhntopp – Google+
Docs:
TRACE
This target marks packes so that the kernel will log every rule which match the packets as those traverse the tables, chains,
rules. (The ipt_LOG or ip6t_LOG module is required for the logging.) The packets are logged with the string prefix: “TRACE:
tablename:chainname:type:rulenum ” where type can be “rule” for plain rule, “return” for implicit rule at the end of a user
defined chain and “policy” for the policy of the built in chains.
It can only be used in the raw table.
Way more details in the linked article.
–jeroen
Posted in *nix, *nix-tools, Firewall, Infrastructure, iptables, Power User | Leave a Comment »
Posted by jpluimers on 2017/06/30
It’s such an all time classic from 2006 that people even kept scans of the original 2006 Computer World publication by [WayBack] John Klossner.
Over the last few years, it has done its round over the internet a few times, so I did some digging for the scans, colour and mono originals.
Data security versus Human Error.
In this corner, we have firewalls, encryption, antivirus software, etc. And in this corner, we have Dave!!
[WayBack] John Klossner Cartoons: Computer World has the original black and white version: it’s even a gif!
Way better than the scan from paper: [WayBack] ShackF00 » Weekend Round-up: Google Issues and a Sad-but-True Comic
In 2014, Spiceworks re-ran the black and white one: [WayBack] And in THIS corner we have Dave! (Funny cartoon) – IT Security – Spiceworks
In 2015, Wombat Security published a coloured version on social media, and even bigger too: not just large, huge as well (:
–jeroen
via: [WayBack] Dave – CodeProject – Google+
Posted in Encryption, Firewall, Fun, Power User, Security | Leave a Comment »
The Wiert Corner - irregular stream of stuff 
