Blog

  • fail2ban and nftables – Useful Tips

    Troubleshooting Fail2Ban Issues with nftables

    Fail2Ban may sometimes cause issues. In many cases, it’s enough to delete the nftables rules created by Fail2Ban, briefly stop the service, and then restart it. On restart, Fail2Ban will automatically recreate all necessary nftables sets and rules.

    I’ll omit sudo in the following examples. It will be required when running nft commands.

    Example to delete the f2b-table in the inet family context:

    Bash
    nft delete table inet f2b-table
    (more…)

  • nftables Cheat Sheet: Useful Commands for nft Part 2

    After explaining the basic nft concepts in Part 1, I’ll now present the most important commands in Part 2..

    I’ll omit sudo in the following examples. It will be required when running nft commands.

    Display the complete configuration:

    Bash
    nft list ruleset

    This command displays the entire current nftables ruleset.

    Since the ruleset can become quite large depending on its complexity, I’ve created a custom script that trims the output to the essentials: for multiline blocks within curly braces, only the first and last line are shown.

    (more…)

  • nftables Cheat Sheet: Useful Commands for nft Part 1

    nftables is a modern packet filtering framework for Linux and is set to replace iptables in the long term. In this post, I present the most useful commands that have proven effective in my daily admin work.

    The creation of new tables and chains is rarely needed in my practice, so I won’t cover that here.

    In Part 1, I explain the basic concepts. In Part 2, I go over the most important commands.

    (more…)

  • NGINX + ModSecurity v3 + OWASP CRS on Ubuntu 24.04 LTS – Step by Step – Part 3

    Part 3 – Defining Proper Exceptions for WordPress

    After successfully integrating and testing ModSecurity with the OWASP Core Rule Set (CRS), you’ll quickly run into a common issue when using dynamic applications like WordPress: false positives — legitimate requests incorrectly classified as attacks and blocked.

    WordPress uses modern features like the REST API, AJAX, dynamic block editors (Gutenberg), and sometimes specific HTML comments. These mechanisms often trigger security rules when CRS is active — particularly in the areas of XSS, LFI, or anomaly detection. To ensure that these protections don’t interfere with the admin interface, we need to define targeted rule exceptions for WordPress.

    (more…)

  • NGINX + ModSecurity v3 + OWASP CRS on Ubuntu 24.04 LTS – Step by Step – Part 2

    Part 2 – Installing the OWASP Core Rule Set (CRS)

    After successfully installing ModSecurity v3 in Part 1, this guide will now show you how to install and activate the OWASP Core Rule Set to enable protection rules for ModSecurity.

    Download and Activate the OWASP CRS

    The following commands will let you download and activate the rule set. Change to the modsec directory, clone the Git repository, and create the crs-setup.conf file:

    Bash
    cd /etc/nginx/modsec
sudo git clone https://github.com/coreruleset/coreruleset.git
cd coreruleset
sudo cp crs-setup.conf.example crs-setup.conf
    (more…)

  • NGINX + ModSecurity v3 + OWASP CRS on Ubuntu 24.04 LTS – Step by Step – Part 1

    Part 1 – Compiling and Installing the Modules and Enabling ModSecurity v3

    This guide shows the complete installation of ModSecurity v3 with NGINX and the OWASP Core Rule Set (CRS) on an Ubuntu server – including correct module paths, symlink conventions, and example tests.

    • In Part 1 you install the necessary modules and enable ModSecurity v3.
    • In Part 2 we add the OWASP Core Rule Set (CRS).
    • In Part 3 we cover the required exceptions for the OWASP Core Rule Set to run a WordPress website.

    1. Install Dependencies

    Bash
    sudo apt update
sudo apt install -y git g++ build-essential autoconf automake libtool \
  libpcre3 libpcre3-dev libpcre2-dev libxml2 libxml2-dev libyajl-dev \
  pkg-config zlib1g zlib1g-dev libcurl4-openssl-dev \
  liblua5.3-dev libgeoip-dev doxygen
    (more…)

  • Full Linux System Backups with the dd_image.sh Script – Compressed, Remote, Automated

    Repository: https://github.com/andreas-schwab-swx/dd_image

    If you’re looking for a simple yet powerful solution for full disk image backups on Linux, the dd_image script offers a versatile tool: it creates complete disk images, compresses them on-the-fly, and transfers them automatically via SSHFS to a remote server – with logging, retention logic, and optional notifications.

    Features at a Glance

    • Full disk backups using dd
    • On-the-fly compression with xz
    • Remote storage via sshfs
    • Automatic cleanup of old backups
    • Progress monitoring and detailed logging
    • Prevents concurrent runs using a lock file
    • Optional email notifications on success or failure
    • Optional zero-fill for better compression
    (more…)

  • Configuring the Tailscale Exit Node in the Admin Console

    Step 7 of the series: Bypass internet restrictions and protect your privacy on public Wi-Fi

    IIn the final step of the series, the Tailscale exit node is declared within the Tailnet. After this, you’re ready to use Tailscale.

    You can view all Tailscale machines in the overview: https://login.tailscale.com/admin/machines.

    (more…)

  • Configuring Tailscale as an Exit Node in Detail

    Step 6 of the series: Bypass internet restrictions and protect your privacy on public Wi-Fi

    In this part of the series, each step of the setup script from the previous article is explained in detail.

    If you’re not interested in the technical background, you can skip this part.

    (more…)