Install FreeBSD From Linux With Root on ZFS

Do you use a VPS which doesn’t support FreeBSD? Or your VPS supports FreeBSD but their install is trash and you want Root on ZFS? Hopefully your VPS gives you the option to boot in to a Linux rescue distribution (i.e. some kind of “live” environment). If so, you can quite easily install FreeBSD and put Root on ZFS. Introducing mfsBSD, a tiny bootable image that gives you a minimal

Integrating NetBox and PRTG

Christmas is the best (and only, for me) time to write code. This Christmas I wrote a small PHP script that acts as middleware to integrate NetBox and PRTG. I’ve made the code available via GitHub. All the details of why and how are explained there in more detail but essentially this allows you to automatically add a device in to PRTG when a device in NetBox is assigned a

Stop Documenting the Network via the Network

As humans, we like patterns and symmetry. Things mostly make sense when there’s a pattern or some logic and I think this is why a lot of network engineers seem to love documenting the network via the network. There is no substitution for proper documentation. An example – hostnames. My argument is that the hostname of switches could simply be switch1, switch2, switch3 etc. because if I want to know

A RISC OS server using RPCEmu

A very long time ago I used telnet talkers. Around the time that ICQ was popular and before MSN Messenger. gerph, who was very well known in the RISC OS scene (and went on to work for RISC OS Ltd working on RISC OS 4), wrote a telnet talker in BASIC called TalkerD to demonstrate his excellent EasySocket library and I adapted TalkerD to be more NUTS-like. This became known

Backing up a Cisco Certificate Authority

If you’re deploying something such as DMVPN using a PKI, you may well be running a Certificate Authority on an IOS device. The files that make up the CA are stored in NVRAM. The Cisco design guide talks about backup and restore but there’s no automated way to copy the files off of the device. I created a TCL script that can be run via a kron schedule that will

Python. Not as bad as I thought.

My go to languages are Perl, PHP or good old bash. Everyone else seems to be using Python and up until now I had managed to steer clear of it. Mostly because I thought I didn’t need it but also because compared to languages that I’m familiar with, it looked odd. Just the structure of Python, having to use indentation, put me off. But today I wrote my first Python

Powering a Philips Hue Bridge with PoE

I’m amazed the Philips Hue Bridge can’t be powered by PoE right out the box. Considering it requires an Ethernet connection you would think Philips would have allowed the Bridge, that only needs 5v DC and draws 1 Amp, to power itself from a PoE Ethernet port. Instead you need to find yet another power outlet. But for under ¬£20 it is possible to free up a power outlet and

Perl Module for Cisco Firepower Management Center API

I may have reinvented the wheel with this but I’ve started to write a Perl module for interacting with the Cisco FMC API using Perl. I say I may have reinvented the wheel because I didn’t check to see if someone else had already done this. I’ve published my module¬†on GitHub. At the time of writing this, the module is at version 0.01. And as per the README right now

Using acme.sh For Certificate Management

Back in 2016 I wrote some notes on issuing and renewing certificates through Let’s Encrypt and using EFF’s CertBot to facilitate this. Today I revisited this after seeing acme.sh on OPNsense. What’s super impressive with acme.sh is that it’s a shell script. And it’s super easy to use. Installing acme.sh is simple. After following these instructions you’re all set. Note that acme.sh is installed in to $HOME. It’s not installed

Simple Next Generation Firewall Manipulation Leading to Data Exfiltration

I was asked to take over a project involving implementing some Next Generation Firewalls. In this particular case it was Cisco Firepower Threat Defense. I was told that these NGFWs are all singing, all dancing and given the cost of them you’d expect that and more. I was told they understand more than just Layer 3 meaning we can do things like write rules based on FQDN, allow traffic based