ufw

1
2

sudo ufw deny from <ip_range> port <port>

firewalld

1
2

sudo firewall-cmd --add-rich-rule='rule family="ipv4" source address="<ip_range>" port protocol="tcp" port="<port>" drop'

When using chardet you may get some confidence mark over a particular file. If that number is below one then you may face issues when decoding.

Specify error=<error_handle_strategy> can mitigate this issue.

The default is ‘strict’ meaning that encoding errors raise a UnicodeEncodeError. Other possible values are ‘ignore’, ‘replace’ and ‘xmlcharrefreplace’ as well as any other name registered with codecs.register_error that can handle UnicodeEncodeErrors.

[List of freemium port-forwarding services](

https://gist.github.com/SomajitDey/efd8f449a349bcd918c120f37e67ac00)

Useful for accessing a computer that does not have a public IP address, over the internet. The machine can be behind multiple firewalls and NATs.

1. Global socket or gsocket

2. localhost.run

3. github.com/jpschroeder/pipe-to-me

4. getuplink.de

5. localtunnel.me

6. localXpose.io

7. telebit.cloud

8. ngrok.com

9. pagekite.net

10. openport.io

11. portmap.io

12. packetriot.com

13. sshreach.me

14. burrow.io

15. beame-insta-ssl

16. tunnelto.dev

17. greenhouse

Self-hosted: https://github.com/antoniomika/sish

Keywords: public localhost; reverse ssh service; expose localhost; tunnelling; https/tcp/udp/ssh port forwarding

if you want to use ssh port forwarding as systemd service, keep in mind that the default user for execution is root, and you need to use the public key of root to login.

or you can change the user executing the task in service config:

1
2
3

[System]
User=xxx

chisel can be used for port forwarding by http compared with wstunnel, able to survive nginx (still need to configure websocket upgrades).

1
2
3
4
5

# server, allowing reverse port forwarding
chisel server -p <port> --auth <user>:<pass> --reverse
# client
chisel client --auth <user>:<pass> <protocol>://<url> <local_addr>:<remote_addr> R:<remote_addr>:<local_addr>

if you want to have multiple host sharing same ip because of proxy forwarding or different network locations, then you need to change the system host mapping file.

in linux and macos it is at /etc/hosts

in windows, C:\Windows\System32\drivers\etc\hosts

you need to configure the host file on the proxy machine if you want to avoid name clashes with proxies. these host names can be less informative to hide the intent.

on latest ubuntu 24.04 the sshd config includes files under /etc/ssh/sshd_config.d which has a file named 50-cloud-init.conf has the line overriding any other setting afterwords.

1
2

PasswordAuthentication yes

you need to change both /etc/ssh/sshd_config and this file to disable password authentication.

-R will not allow you to open 0.0.0.0 port on remote machine unless you configure something in /etc/ssh/sshd_config like below.

1
2
3

AllowTcpForwarding yes
GatewayPorts clientspecified

if not, use socat to finally deliver the forwarded remote local port to remote public port.

1
2

socat TCP-LISTEN:<lport>,reuseaddr,fork TCP:<rhost>:<rport>

port forwarding failure can be corrected.

1
2
3
4
5
6
7

# get the process pid of the port
sudo lsof -i :<port>
lsof -i :<port>
# kill the process
kill <port>
# rerun lsof to check if the port is freed

n2n can be in handy if you do not have too many ports on internet and still want to access all ports in between your local machines.

if connection is unstable, use -o ServerAliveInterval=60 -o ServerAliveCountMax=3 to extend the timeout period.

To copy the entire Conda user data directory to another disk and then create a symbolic link back to the original place, you can follow these steps:

Identify the Conda user data directory: This is typically located at ~/.conda or ~/miniconda3 or ~/anaconda3, depending on how you installed Conda. You can find the exact path by running conda info --envs and looking for the envs dirs entry.

Copy the directory to the new location: Use rsync to copy the directory, as it will preserve the file permissions and symbolic links. Here’s an example command:

1
2

rsync -avh --progress ~/.conda /path/to/new/location/conda_data_backup

Replace /path/to/new/location/conda_data_backup with the actual path where you want to copy the directory on the other disk.

Create a symbolic link: Once the copy is complete, you can create a symbolic link from the original location to the new one. First, you may need to remove the original directory or move it to a different name. Here’s how you can do it:

1
2
3

mv ~/.conda ~/.conda_old  # Rename the original directory
ln -s /path/to/new/location/conda_data_backup ~/.conda  # Create the symlink

Make sure to replace ~/.conda with the actual path to your Conda user data directory and /path/to/new/location/conda_data_backup with the path to the copied directory on the new disk.

Test the setup: Before deleting the old directory, test your new setup to ensure everything is working correctly. Activate your Conda environments and run some commands to verify that packages are accessible and that you can install new ones.

Clean up: If everything works as expected, you can now delete the old directory:

1
2

rm -rf ~/.conda_old

Update Conda’s configuration: Conda may have configuration files that reference the old directory. You should update these to reflect the new location. You can find Conda configuration files in ~/.condarc or ~/condarc and in the Conda environment directories themselves.

Verify the symlinks within the directory: If there are relative symlinks within the Conda user data directory that are now broken due to the move, you will need to fix them. You can use the find command to locate broken symlinks:

1
2

find /path/to/new/location/conda_data_backup -type l -ls | grep ' No such file or directory'

Then, you can either manually fix these symlinks or use a script to update their paths accordingly.

By following these steps, you should be able to move your Conda user data directory to another disk and create a symbolic link back to the original location without losing any functionality. Remember to back up your data before making any changes, and ensure that you have the necessary permissions to create symbolic links and write to the new location.

the ultimate solution:

copy all current user environment variables to crontab.

to run notify-send you have to set DBUS_SESSION_BUS_ADDRESS

to run other gui programs you set DISPLAY and XAUTHORITY

wall works for tmux and ssh sessions but not gnome-terminal.

in kde everything works fine. install konsole instead.

script for monitoring disk usage:

1
2
3
4
5
6
7
8
9
10
11

#!/bin/bash
used_percentage=$(df / | awk 'NR==2 {sub(/%/, "", $5); print $5}')
alarm_message="Root filesystem has less than 10% free space."
# Compare the percentage with the number 90
if [ "$used_percentage" -lt 90 ]; then
echo "Disk is ok."
else
wall $alarm_message
notify-send $alarm_message
fi

ssh port must be secured with pubkey only authentication

search for free frp or frp 免费 to get free frp providers

use masscan over these servers to find open ports and candidates

1
2
3
4
5
6
7
8
9
10
11

serverAddr = "frp.freefrp.net"
serverPort = 7000
auth.method = "token"
auth.token = "freefrp.net"
[[proxies]]
name = "ssh_service"
type = "tcp"
localIP = "127.0.0.1"
localPort = 22
remotePort = <remote_port>

You need to find support of your feet on the ground by strenching your legs at the right amount and distribute the pressure evenly from your butt to your hip.

UFW access control

when using long range public wifi it matters to block every port from incoming connections.

1
2
3
4

sudo ufw default deny
sudo ufw prepend reject in on <intetfece name>
sudo ufw restart

when configuration is done, remember to restart ufw and reconnect existing interfaces.

although remote clients are blocked, self-issued connections are not. so be sure to use another computer for testing ufw effectiveness before and after configuration.

• restart main router using scheduled power switches

• use router with global proxy functionality

• use local proxy with socks5 and proxychains

• use powerful wifi card, wifi signal amplifier and yagi antenna to crack and connect to neighboring wifi

having dynamic ip addresses is just part of the procedure. to leave no trace you have to use a dedicated machine with dedicated network connection, doing nothing relevant to personal info.

public wifi will have less signal if clients are too many.