Geoip filtering can be somewhat controversial. Rather than delve into any supposed benefits or effectiveness of the practice, this post is going to describe how to accomplish geoip filtering via nftables. The concept is simple. Create a set for the blocked IP ranges and simply drop traffic to or from the IPs in the set. […]

I will not run a consumer grade router as my border firewall. There are a number of reasons, but the largest is that manufacturers often quickly stop supporting the devices.  This translates to a lack of updates and patches leaving many systems vulnerable.  The recent NetUSB flaw is a prime example.  How many devices are

I use a non-standard port for SSH.  I don’t want to delve into the whole obscurity arguments, so I will simply say that it worked very well for me for many years.  I would often show people the number of attempts to access port 22 and the complete lack of attempts to access my chosen

Print servers are generally the opposite of exciting.  Environments that only use AD connected Windows clients simply add Print Services and go.  Users can use point and print, or admins can deploy printers via GPO.  The Windows print server will even install drivers for the client systems and update them if needed.  What happens when

This marks the beginning of a new site design for ixeous.net. This site is transitioning to a CMS. Until now, I’ve been hesitant to take on the additional overhead. Regardless of the CMS system used, they simply are not as fast, compact, clean, or pure as HTML, PHP, JavaScript, etc. can be. It’s going to