Posts
Practical guides and lessons from real projects — newest first.
OPNsense: Block Websites and Force DNS Through Your Firewall
How to block specific websites using firewall aliases, prevent DNS bypass with a NAT redirect, resolve LAN hostnames in logs, and apply category-based blocking for gambling, malware, and torrent sites.
OPNsense Hardening: Lock Down Your Firewall After Install
Seven steps to harden a fresh OPNsense install: restrict the admin interface, lock down SSH, enable automatic updates, disable unused services, audit firewall rules, and set up Suricata IDS.
OPNsense on Proxmox: Build a Dedicated Home Firewall
Your ISP router is a black box you cannot inspect or extend. This guide walks through replacing it with OPNsense running as a Proxmox VM on an Intel N100 MiniPC — with full traffic visibility, per-device rules, and IDS/IPS.
Fail2ban on Debian 13: The Right Config for OpenSSH 9.x
The base configurations of fail2ban to protect the linux server, tested against real wrong-key attempts.
Linux Server Security Baseline: What Every DevOps Engineer Should Apply
Seven hardening steps to run on any fresh Debian or Ubuntu server — whether it is an AWS EC2 instance, a GCP VM, or bare metal. SSH hardening, UFW, Fail2ban, and automatic security updates.
GitLab Branch Protection: Lock Down Main and Control Who Can Merge
Step-by-step guide to protecting your main branch in GitLab — allow merges only from staging, restrict who can approve, and enforce merge requests for every change.
GitLab Runner in a Container on a Dedicated VM: The Right Way to Run CI/CD
Step-by-step guide to setting up GitLab Runner as a Docker container on a dedicated Debian 13 VM. Includes a comparison with bare-metal installation and why containerized runners are the better choice.
GitLab Merge Blocked: Source Branch Behind Target
Understand why GitLab shows "source branch is X commits behind target branch" and how to fix it. Includes the essential sync-back rule that prevents this issue forever.