PF is one of the reasons people stay on FreeBSD once they try it. It’s a stateful packet…
BIND 9 remains the de facto DNS server for the internet, ISC’s reference implementation, now in its 9.18…
HAProxy is the Swiss army knife of load balancers. Nothing else gives you the same combination of HTTP-level…
WireGuard on FreeBSD 15 is in-kernel. No ports module, no kmod dance. pkg install wireguard-tools, configure two files,…
The default advice for new HTTPS services on GCP is “use a Global External ALB.” It’s usually right.…
Per-service ManagedCertificate attached to a per-service target HTTPS proxy is why you have 120 forwarding rules across 4…
A single wildcard cert covering every service on a shared LB is what turns cert sprawl from a…
Cert sprawl starts with DNS. If the zone you issue certs against isn’t locked down first, every cert…
Wireshark is the tool you reach for when tcpdump’s output scrolls past too fast and you need to…
Every penetration test starts the same way: figuring out what’s actually running on the network. Before you touch…
Ingress served Kubernetes well for years, but its annotation-driven configuration hit a wall when you needed weighted routing…
Before launching instances on OpenStack, you need networks for them to connect to. OpenStack Neutron handles all networking:…
