How to use Cloudflare’s free dynamic DNS with pfSense

This guide will show you how to use Cloudflare’s free dynamic DNS to automatically update your domain’s “A” (or address) record natively within pfSense

Before we get started there are three things that are required:

a configured pfSense installation
a Cloudflare account
a domain name that is configured to use Cloudflare

If (or once) you have all of this, we can move on to the first step:

Get your Cloudflare API key

To allow pfSense to authenticate and communicate with Cloudflare, you need to get a hold of your Application Program Interface (or API) key. This key is a very important password. Do not give it out to anyone.

Log in to your Cloudflare account
Navigate to your account settings page and scroll to the API Key section
Under Global API Key click on View API Key
Copy the key. You may put it in a text file temporarily but you should never save this key to your computer, much less in a plain text file.

Set up the Dynamic DNS service within pfSense

Now that you have your API key we’re going to go ahead and set up the DDNS service within pfSense. This is a feature that ships with pfSense by default, so no additional packages are required.

Log in to your pfSense dashboard
Under Services go to Dynamic DNS
Click on the Add button
Under Service Type select Cloudflare
For Interfaces, select the interface you’d like the service to monitor. In most cases this will be your WAN interface. If you have multiple WANs, select the one you wish to use here.
Under Hostname type in your domain name. In my case, I will put in briantruscott.com.
For Username you want to put in the email address you used for your Cloudflare account
Under Password is where you’ll want to put in that API key you received earlier. Paste it into both fields. Do not use the password you created for your Cloudflare account.
Give this client a description – I’m going to call mine CF briantruscott.com so I know which service and domain this client will cater.
Finally, click on Save & Force Update. You will be sent back to the main DDNS clients page and, if configured properly and the client authenticated with Cloudflare, your desired IP address should appear in green. If you see 0.0.0.0 or any actual IP in red check your configuration, make sure you copied the API key properly (make sure you didn’t accidentally copy a space into the beginning or end of the key!), and save & update again.

There you go! pfSense will now monitor the interface you selected for any changes to its address. If any changes occur, pfSense will send an update to Cloudflare who will then update your “A” record to reflect these changes without any input!

https://blog.briantruscott.com/how-to-use-cloudflares-free-dynamic-dns-with-pfsense/

Useful CSF SSH Command Line Commands (CSF Cheat Sheet)

This article covers some useful CSF SSH Command Line Commands in a “cheat sheet” format.

Command	Description	Example
csf -s	Start the firewall rules	root@server[~]#csf -s
csf -f	Flush/Stop firewall rules (note: lfd may restart csf)	root@server[~]#csf -f
csf -r	Restart the firewall rules	root@server[~]#csf -r
csf -a [IP.add.re.ss] [comment]	Allow an IP and add to /etc/csf/csf.allow	root@server[~]#csf -a 187.33.3.3 Home IP Address
csf -tr [IP.add.re.ss]	Remove an IP from the temporary IP ban or allow list.	root@server[~]#csf -tr 66.192.23.1
csf -tf	Flush all IPs from the temporary IP entries	root@server[~]#csf -tf
csf -d [IP.add.re.ss] [comment]	Deny an IP and add to /etc/csf/csf.deny	root@server[~]#csf -d 66.192.23.1 Blocked This Guy
csf -dr [IP.add.re.ss]	Unblock an IP and remove from /etc/csf/csf.deny	root@server[~]#csf -dr 66.192.23.1
csf -df	Remove and unblock all entries in /etc/csf/csf.deny	root@server[~]#csf -df
csf -g [IP.add.re.ss]	Search the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number)	root@server[~]#csf -g 66.192.23.1
csf -t	Displays the current list of temporary allow and deny IP entries with their TTL and comment	root@server[~]#csf -t

Whitelisting an IP Address

In order to prevent specific IP from being blocked, even for a temporary deny, you need to list their IP address in the files csf.ignore and csf.allow. The first step is to enable IGNORE_ALLOW in csf.conf. The value for IGNORE_ALLOW will appear as “0”, you will need to adjust it to “1” and restart csf and lfd.

This will allow lfd to reference csf.ignore. If you add an IP address to csf.ignore, the IP address will no longer be checked by lfd and failed login attempts will not trigger temporary denies.

Eat Form

You are creating a new instance of Form2 every time Form1’s position is changed. Instead, create Form2 in Form1() constructor or Form1_Load(). And put f2.Location = this.Location; in Form1_LocationChanged()

Update…

Here’s the code you need:

namespace WindowsFormsApplication1
{
public partial class Form1 : Form
{
Form2 f2;

public Form1()
{

InitializeComponent();
f2=new Form2(this); //Pass “this” only if you need Form1’s reference in Form2. Otherwise this is not needed.
}

private void Form1_Load(object sender, EventArgs e)
{
f2.Show();
}

private void Form1_LocationChanged(object sender, EventArgs e)
{
f2.Location = new Point(this.Location.X+203, this.Location.Y+203);

// 203 to make Form2 visible. Otherwise f2.Location = this.Location would make Form2 virtually disappear Form1 will overlap it.
}
}
}

// You need to make a constructor in Form2 to take Form1 as a parameter, if you plan on passing “this” while creating Form2’s instance:

namespace WindowsFormsApplication1
{
public partial class Form2 : Form
{
Form1 f;
public Form2(Form1 f1)
{
InitializeComponent();
f = f1;
}
}
}

DD-WRT Litmit bandwidth of Guest Wifi

Guest Subnet IP: 9.9.10.x
This code set 800kbit is bandwidth of subnet, 266kbit is rate for each vlan client

TCA=”tc class add dev br1″
TFA=”tc filter add dev br1″
TQA=”tc qdisc add dev br1″
SFQ=”sfq perturb 10″
tc qdisc del dev br1 root
tc qdisc add dev br1 root handle 1: htb
tc class add dev br1 parent 1: classid 1:1 htb rate 800kbit
$TCA parent 1:1 classid 1:10 htb rate 266kbit ceil 800kbit prio 2
$TQA parent 1:10 handle 10: $SFQ
$TFA parent 1:0 prio 2 protocol ip handle 10 fw flowid 1:10
iptables -t mangle -A POSTROUTING -d 9.9.10.0/24 -j MARK –set-mark 10
TCAU=”tc class add dev imq0″
TFAU=”tc filter add dev imq0″
TQAU=”tc qdisc add dev imq0″
insmod imq
insmod ipt_IMQ
ip link set imq0 up
tc qdisc del dev imq0 root
tc qdisc add dev imq0 root handle 1: htb
tc class add dev imq0 parent 1: classid 1:1 htb rate 800kbit
$TCAU parent 1:1 classid 1:10 htb rate 266kbit ceil 800kbit prio 2
$TQAU parent 1:10 handle 10: $SFQ
$TFAU parent 1:0 prio 2 protocol ip handle 10 fw flowid 1:10
iptables -t mangle -A PREROUTING -s 9.9.10.0/24 -j MARK –set-mark 10
iptables -t mangle -A PREROUTING -j IMQ –todev 0

DD-WRT Guest WIFI On 2nd Router

Reset router to factory defaults
Setup / Basic Setup
Connection Type Disabled
Assign WAN Port to Switch >>>check
Local IP Address 192.168.1.3 (assuming your main network is on the 192.168.1.0 subnet and this IP isn’t being used)
Subnet Mask >>> 255.255.255.0
Gateway >>> IP of router connected to internet
Local DNS >>> IP of router connected to internet
DHCP Server >>> disabled
Uncheck Use DNSMasq for DHCP
Uncheck Use DNSMasq for DNS
Save
wait 15 seconds click Apply

You can now connect by network cable to a LAN port within your network and access at its 192.168.1.3 IP.
Setup / Advanced Routing
Operating Mode >>> Router

Wireless / Basic Settings
add New Guest Virtual AP
Save
wait 15 seconds click Apply (in this order or it won’t show)

Setup / Networking
create bridge (br1)
Save
wait 15 seconds click Apply
put in IP address for br1 >>> 192.168.2.1
subnet mask for br1 >>> 255.255.255.0
Save
wait 15 seconds click Apply
wait 30 seconds
add Assign to Bridge ( br1 to wl0.1)
Save
wait 15 seconds click Apply

Services >>> under DNSMasq
disable all but DNSMasq
in Additional DNSMasq Options (copy/paste)

interface=br1
dhcp-option=br1,3,192.168.2.1
dhcp-range=br1,192.168.2.100,192.168.2.150,255.255.255.0,24h

Save
wait 15 seconds click Apply

Administration / Commands (copy/paste)

iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state –state NEW -j DROP
iptables -t nat -I POSTROUTING -o br0 -j SNAT –to `nvram get lan_ipaddr`

click Save Firewall

Default Setup Key Window 8.1

Core = 334NH-RXG76-64THK-C7CKG-D3VPT
CoreN = 6NPQ8-PK64X-W4WMM-MF84V-RGB89
Core Single Language = Y9NXP-XT8MV-PT9TG-97CT3-9D6TC

Professional = XHQ8N-C3MCJ-RQXB6-WCHYG-C9WKB
ProfessionalN = JRBBN-4Q997-H4RM2-H3B7W-Q68KC
ProfessionalWMC = GBFNG-2X3TC-8R27F-RMKYB-JK7QT

Enterprise = FHQNR-XYXYC-8PMHT-TV4PH-DRQ3H
EnterpriseN = NDRDJ-3YBP2-8WTKD-CK7VB-HT8KW

*This key not use for active

How do I configure DDClient? for Namecheap

Continue reading →

Install DDclient Dynamic DNS (DDNS) Update Client in CentOS

Dclient is a Perl-based DDNS client used to update dynamic DNS records for domains. DDClient, most commonly used in Linux, Unix and FreeBSD, has the same function with DNS-O-Matic in Windows platform. DDClient supports multiple DDNS services and it can fetch your constantly changing WAN public facing IP address in a few different ways. Continue reading →

Install Centminmod

Step 1. Select the branch you want to install from list at https://github.com/centminmod/centminmod/branches and define it in the variable named branchname typed on SSH command line as follows. Continue reading →

Well-Known Name TCP Port Numbers

Port numbers range from 0 to 65536, but only ports numbers 0 to 1024 are reserved for privileged services and designated as well-known ports. This list of well-known port numbers specifies the port used by the server process as its contact port. Continue reading →

azurevn

simple