Posts Tagged ‘security’

Selective NAT with iptables

Thursday, January 6th, 2011

Here is a quick note on how to exclude one particular network from the NAT while the rest to be remained NATed. Done on Ubuntu with iptables running.

iptables -t nat -A POSTROUTING -o eth0 ! -d -j MASQUERADE

In case you need one more network to be excluded:

iptables -t nat -A POSTROUTING -o eth0 -d -j RETURN
iptables -t nat -A POSTROUTING -o eth0 ! -d -j MASQUERADE

Injecting multiple networks into VPN tunnel

Wednesday, January 5th, 2011

We have a number of IPSec tunnels running on Linux Ubuntu with Openswan installed. Here is the typical configuration for a site:


Adding extra points with Botnet

Friday, August 15th, 2008

Here is another SpamAssassin plugin that helps adding extra points to get that desired message rejected effect. It was written by John Rudd and available at This plugin does really nice job for me! Here are some numbers during eight hours of operation on a pretty low volume email server:

cat /var/spool/qscan/qmail-queue.log | grep BOTNET | wc -l

That’s great! I did faced already with a couple of false-positives, mainly because our projects host email servers on DSL lines with either no A records or client-like hostnames (which is almost fixed!), but all in all I’m pretty happy with Botnet. Keep up good work and thanks!

How to disable autorun in Windows XP

Wednesday, July 2nd, 2008

With all these nasty worms going wild nowadays disabling autorun becomes a must-have decision. It’s all mainly because of USB flash drives getting infected with bunch of stuff. Not a big deal for office environment because no one should have administrative rights, however, in a home environment, where PCs are usually shipped with admin rights granted by default, people get into a mess almost immediately. Anyways, here is what I do to disable autorun in AD environment.