Monthly Archives: July 2011

Cisco ASA Firewalls and IP Ranges in ACLS

I’ve google’d and I cannot find a way of creating a firewall range style object in an ASA, you know the kind of thing whereby you want to allow IP addresses 192.168.1.10 thru 192.168.1.20 in an ACL.

In my frustration I have given up and created a shell script which converts a CSV into an ASA output, simply create a two column CSV with Col A containing your starting IP and Col B containing you end IP.

The script is a recursive loop so should support large outputs such as 10.1.2.10 to 10.2.1.20 howvere I’m not actually sure you’d want that in your firewall config but I wrote the computability for the fun it!

Have fun, click “more” below if you can’t see the script!

Continue reading

F5 BigIP LTM VE works in Virtual Box

Something I discovered ages ago (so long ago that my trial license expired) but forgot to post is that you can get an LTM VE to work in Virtual Box.

To get started download the ESX image from the F5 VE Trial Page, when you get the download import the OVA into virtualbox.

The only thing I needed to tweak after the import was the interface settings, you need two intels and a PCNet, the PCNet is the management interface. Set the PCNet to host only networking, give your laptop/pc an ip address on the host only network a 192.168.1 address and you’re good to go!

You may experience HIGH CPU issues after boot, but since these boxes are based on linux, you can use the divider=10 centos trick.

Enjoy your virtual load balancing!

Secret Keys for the Cloud

I’ve had an idea, whether it’s a good one or not is yet to be seen; one of the big issues to cloud application and servers is encryption key management, there is a simple chicken n egg issue, if the secret key is on the server/application then it’s a vector to be attacked if the key isn’t then usability issues exist.

My idea is a CA / DH kinda thing, what if the actual key used for encryption was derived from the cloud it’s self, the basic premise is adding an extra layer to be compromised in order for an attacker to decypt the data.

Using RedHat’s new OpenShift service I’ve knocked up a demo -> secretkey-linickx.rhcloud.com. The demo is over HTTP (not HTTPS) so You wouldn’t use the demo in production probably because you do not trust me but I’ve pushed the code to github -> github.com/linickx/secretkey for users/dev/people/someone to take a copy and have a play.

Comments welcome, Pull requests preferred!

2011-07-26 UPDATE: Openshift has SSL termination, HTTPS does work, however as seen in my commit log the PHP cannot detect it as the SSL is being handled by a proxy.

Getting started with JunOS?

Link

Reply

Apparently I need learn a 4th firewall vendor – Junipers SRX JunOS

If you’re new to the world of Juniper (like me) then I can’t recommend the Day One guides enough, I’m finding them to be an excellent balance of information and example.

Maybe I will look at their accreditation after all :)

phpbb_recent_topics version 0.7

PHPbb Recent Topics LogoA little later than planned but the annual release of phpbb_recent_topics is finally here!

I actually started on this release a couple of months ago but couldn’t find the time to write this post and tag the release :-$ The good news is that there have been lots of changes since 0.6, basically I’ve implemented as many bug fixes and feature as I can in the WordPress-Plugin bug tracker.

If you have a feature request or patch, please submit here.

Support questions and requests for help should be directed at the forum.

Without further ado… What’s New?

  • WordPress 3.1.4 Testing
    Yep, with such a slow development cycle I can confirm that PRT works with WordPress version 3, but you knew that right ?
  • CSS Styleable output
    A common request, there is now a UL class called prt_ul and a LI class called prt_li which can be used to make you sidebar look pretty!
  • Plugin Options Modernisation
    I follow planet.wordpress so any tips, tricks and modern ways of doing things have been implemented i.e.
  • Resolved: Missing argument 1 for phpbb_topics()
    This was a stoooopid bug that has been in the code for ages, I finally found the time to squish it!
  • Code clean-up (Lots of changes)
    I’ve put a lot of effort in 0.7 to remove all the un-necessary code, the kind of stuff that get’s pasted in as a good idea but not needed, hopefully this has some positive impact in your site as well as my kama
  • Timezone/Off-Set fix (Reads +/- hours from WordPress Settings)
    This was perhaps the most requested feature, I figured out a neat way of doing it by reading the WordPress options.
  • Localisation of date/time fix (http://plugins.trac.wordpress.org/ticket/1173)
    I’m planning to complete localisation in 0.8, but this is a start right?
  • Callback functionality
    Do you want to do something cool with PRT? Check out phpbb_topics_callback in the readme!
  • Contextual Help in the admin dashboard
    In the past, this blog post has contained the instructions for getting going, I’ve now put everything either in the readme or actually in the wordpress help, keep a weather eye out for the “help” in the top right hand corner of the WordPress dashboard.

Where do I get it?
Download phpbb_recent_topics version 0.7 from WordPress.org

I hope you enjoy this release!

Footnote: Version 0.7.1 has been pushed out which fixes the date display issue reported below!