iptables

Managing TTL in Ubuntu: From Theory to Practice

2026-03-04

#linux #ubuntu #iptables #networking #ttl #ipv6 #netfilter

TTL (Time To Live) — is an eight-bit field in the IP header that defines the maximum number of “hops” (nodes) a packet can traverse before being discarded. Each time it passes through any router the TTL value is decreased by 1.

Typical default TTL values

Different operating systems use different initial values. This allows remote OS fingerprinting.

Operating system	Default TTL
Windows (all versions)	128
Linux (Ubuntu, Debian, CentOS, etc.)	64
Android	64
iOS / macOS	64
FreeBSD / Solaris	255

Why change TTL? Usage patterns

The most common scenario. Mobile carriers analyze incoming traffic.

OpenVPN: setting up Ubuntu server and Keenetic client

2025-09-11

#OpenVPN #Ubuntu #Keenetic #VPN #iptables

In this guide, we’ll go through setting up an OpenVPN server on Ubuntu and connecting a Keenetic router to it. This setup is useful if you need to provide access to your home network or forward services (e.g., PBX or web server) through VPN.

1. Preparing the Ubuntu server

1.1 Installing packages

sudo apt update
sudo apt install -y openvpn easy-rsa iptables-persistent

1.2 Creating PKI (Easy-RSA v3)

make-cadir ~/easy-rsa
cd ~/easy-rsa
./easyrsa init-pki
./easyrsa build-ca nopass

Server keys

./easyrsa gen-req server nopass
./easyrsa sign-req server server
./easyrsa gen-dh

Client keys (for Keenetic)

./easyrsa gen-req keenetic nopass
./easyrsa sign-req client keenetic

TLS key (specifically `tls-auth`, not `tls-crypt`)

openvpn --genkey secret ta.key

1.3 Distribute keys

In /etc/openvpn/server/:
Read more

082 | Firewall Basics: UFW — Simple and Powerful Protection

2025-08-14

#UFW #firewall #security #Linux #iptables #nftables #network #administration

Introduction: The First Line of Defense for Your Server

Before thinking about complex intrusion detection systems such as Fail2ban or CrowdSec, you need to build the first and most reliable line of defense—a firewall. A firewall controls all network traffic entering and leaving your server and blocks unauthorized connection attempts.

Traditionally, Linux servers have used iptables to manage firewalls, but its syntax can be complicated and confusing. Fortunately, there is a simpler and more intuitive tool — UFW (Uncomplicated Firewall).

080 | Classic Brute-Force Protection: Fail2ban

2025-08-12

#fail2ban #security #server #iptables #nftables #protection #brute-force #SSH #logs

Introduction: Server Security — The First Line of Defense

Once you deploy any server or virtual machine, one of the first and most important tasks is ensuring its security. Even if your server doesn’t contain critical data, it can still be targeted by automated bots constantly scanning the internet for vulnerabilities. The most common type of attack against any server is brute-force password guessing, typically aimed at SSH access, FTP services, or web control panels.

MTU Issue on reg.ru and Its Solution via iptables

2025-08-05

#Docker #MTU #OpenStack #reg.ru #iptables #network #troubleshooting #DevOps

Introduction: A Hidden Network Issue

Developers and system administrators using servers on the OpenStack platform (for example, the C*-M*-D* hosting plans from reg.ru) sometimes encounter mysterious network problems. The internet seems to work, but when trying to transfer large amounts of data or establish connections to certain services, requests may hang or fail due to timeouts.

The provider explains this issue as a feature of their infrastructure:

Servers on the OpenStack platform use VxLAN technology, which reserves 50 bytes for service information. Because of this, the maximum transmission unit (MTU) on the server’s main network interface (ens3) is 1450 bytes.
Read more