My last post detailed how to install and configure Fail2Ban on a Ubiquiti EdgeRouter to thwart brute force attacks against an OpenVPN server. Unfortunately, programs installed on EdgeRouters do not persist through upgrades because new images overwrite the filesystem. However, using a trick outlined here, we can set up the router to automatically install Fail2Ban and restore the settings.
Tonight, I noticed numerous attempts from a variety of sources to log in to my OpenVPN server that I run on my EdgeRouter (ER-X-SFP) at home. Unfortunately EdgeRouter doesn’t support any sort of blacklisting for OpenVPN natively, but it does allow the installation of Debian packages.
After playing a bit with Fail2Ban configuration, I’ve configured my router to block these repeated attempts automatically.
Today, I stumbled upon Pi-hole, a DNS server designed for home deployments to block ads for a network. Unlike Adblock Plus or other browser-based adblockers, this applies to all devices on the network, including phones and tablets. Pi-hole also provides a web GUI with a nice dashboard to visualize your network’s use of the system (depicted below). This pet project cascaded into revisiting DNS across my home networks.
This May, I took my CCDE Practical
Want to navigate
Cisco IOS and IOS-XR support filtering output using regular expressions. Cisco’s documentation on their regular expression format is available here, but we’ll go through some of the fundamentals and some useful tricks. Regex can be used to find just the specific information you’re looking for from usually long output.