blog.plee.me About software, technology and random things

14May/220

Windows Defender Firewall Inbound Rule for ICMPv6

Hi!

I'm getting more into IPv6 these days and found that ICMP is very important for IPv6 connectivity.

Windows Defender Firewall with Advanced Security (on Windows 10 at least) comes with some inbound ICMPv6 allow rules, but unfortunately they don't allow for quite enough.

I went ahead to create a rule by hand, but found out that you cannot set a group for the rule through the GUI, so instead I opted for creating a little PowerShell command.

You have to run it from a UAC-elevated PowerShell instance.

This rule is based on the existing default ICMPv6 rules.

Create the rule:

New-NetFirewallRule -DisplayName "Core Networking - CUSTOM - Allow Incoming ICMPv6" -Group "Core Networking" -Direction Inbound -Action Allow -Protocol ICMPv6 -Program System

Remove the rule again:

Remove-NetFirewallRule -DisplayName "Core Networking - CUSTOM - Allow Incoming ICMPv6"

Some people may want to exclude echo request for privacy or "security (through obscurity)" reasons, but I don't think it's that big of a deal.

Of course feel free to customize the command in general. The official documentation page (docs.microsoft.com) is very informative.

If you have any other firewalls between you and the sender, you may have to check their rules as well.

I tested the rules with a website like ipv6-test.com.

Thanks for reading!

23Jun/190

Missing Credentials in Dropdown for Jenkins Build Configuration

Hello!

Recently I updated my Jenkins installation including all of the plugins. One of them must have brought somewhat breaking changes because when I tried to create a new build configuration for a new old project of mine, I could not select the proper credentials in the dropdown. I only had the option to add new ones even though I had added the corresponding credentials in the global scope (as per usual), so they must have been visible across the entire Jenkins instance. None of them were showing up. And even when I tried adding new ones through the build configuration page, they ended up not being active / selected either.

When I went back to check with an existing build configuration I had configured over a year before, I could confirm the same behavior. For build parameters the credentials dropdowns were empty and for the VCS credentials it said

Cannot find any credentials with id <ID>

I spent a couple of hours looking for solutions and I did find some cases that popped up around 1 or 2 years ago, but nothing that fit this exact scenario. My suspicion was that this might be a bug, so I tried rolling back the SSH credentials and credentials plugins to the previous versions, but that did not fix anything.

I decided to wait for a week in the hopes of potential bug fix releases to come out for either some of the plugins or Jenkins itself, but a week later in spite of a couple of updates here and there, nothing about the problem had changed.

And then I found a comment in the discussion thread of a GitHub issue of the "GitHub Pull Request Builder Plugin" (which I am not even using). In it, the following solution was proposed:

  1. Navigate to "Jenkins" (main menu) => "Manage Jenkins" => "Configure Global Security"
  2. Go to the "Access Controls for Builds" section
  3. Under "Project default Build Authorization" check if the "Strategy" is set to "Run as anonymous" (which was the case for me)
  4. If yes, try changing it to "Run as User who Triggered Build" (it might also work with another setting if that suits you better)
  5. Save and reload the build configuration settings

That was it! The credentials showed up again and I could execute the build successfully.

I know this seems to be a niche problem and there might only be a handful of people that have encountered the same issue, but I hope it was helpful nonetheless.

Thank you for reading!

7Dec/170

Rewrite MySQL / MariaDB Database Dump Create View Statements For Current User

Hi!

If you would like to import a database dump file created by MySQL's or MariaDB's mysqldump executable, but it contains statements to create views, the import process may abort with an error when it comes to creating views.

When creating a view, MySQL wants to know who created it, and for that it needs a username and the host. If the user who is executing the import does not have sufficient privileges or the original user referenced in the dump does not exist (for example when importing the dump into a fresh database for a migration), this leads to an error.

Usually when I import a dump, I don't care so much about the "SQL Security Definer", so I just want to set it to the importing user.

You can generate a new, modified SQL dump file very easily with the following shell command:

$ sed -r 's#^(/\*!50013 DEFINER=).+?( SQL SECURITY DEFINER \*/)$#\1CURRENT_USER\2#' input_file.sql > output_file.sql

This command simply scans through the entire dump, looking for the statement created by mysqldump which triggers the database to create the view if it doesn't exist already. It then sets the user information to CURRENT_USER which refers to the user that is currently executing the import.

Please note that because the search pattern is so specific, it will probably require some modification in the future, depending on the version of mysqldump you're using and if / how they change this particular statement. On the upside the chance that it will accidentally modify something it shouldn't is pretty low.

I hope this is helpful to you!

Thanks for reading!