Florent Daignière's blog

  • Application firewalling with netfilter (part 2)

    26 Jul, 2015

    Last time we've looked into how to do application firewalling with netfilter and came up with an answer whose dependencies aren't shipped by mainstream distributions just yet. Today we will find another way of doing the same thing on with the tools everyone have.

    # install dependencies
    sudo apt-get install sudo …
  • Application firewalling with netfilter

    23 Jul, 2015

    Today I've stumbled upon a post from my friend Feth, asking whether allowing only firefox to access the internet was possible on Linux... Of course it is! Here's one of the many ways:

    # setup the firewall
    sudo iptables -F OUTPUT
    sudo iptables -P OUTPUT REJECT
    sudo iptables -A OUTPUT -m …
  • Disabling connection tracking on bridge interfaces created by libvirt

    22 Jul, 2015

    Today I got bitten by a problem I've already encountered in the past... and as I didn't document it properly, I had to google it again! Let this blog entry be a more permanent documentation than the previous one.

    Early in the morning, the supervision system has started alerting me …

  • Netflix ultimate geolocation bypass with an edgerouter

    05 Jan, 2015

    It looks like Netflix has updated their geolocation code... attempting to prevent their users from watching content intended for other regions. This post explores a few technical avenues one might consider to bypass it.

    Googling around, it becomes increasingly clear that many people are making a living out of selling …