Archiving here in case, you know, it gets disappeared 😉
Father, apart from Jesus and the work of Your Holy Spirit in our salvation, we can do nothing. In our natural, sinful state apart from Your intervention, we can’t lift a finger to perform some work or make a step toward You in righteousness. In fact we are opposed to You. We are unholy, depraved, and sinful beyond what we can even understand as Romans 3 makes clear, to the point that even our wills need Your life-giving touch.
You are the God who gives food to the hungry and in Jesus you miraculously fed the five thousand from very little. You LORD set the prisoners free and in Jesus You freed the man from the legion of Demons and the self-destruction inflicted; You LORD open the eyes of the blind, and in Jesus you said the word to many who were blind and immediately they received their sight. You LORD lift up those who are bowed down and in Jesus You greatly blessed and upheld a prostitute who washed Your feet with her tears and hair in remorse and repentance and love For Christ; You LORD love the righteous. You LORD watch over the sojourners and those without a home; You uphold the widow and the fatherless, the abused, the broken, the chastised, all those who suffer deeply, but the way of the wicked You bring to ruin. The prideful, haughty, evil, and self-sufficient You oppose.
I had a particular need with Shoutcast (since the application is 1) able to do HTTP and HTTPS on the same port, and 2) since I wanted to reverse proxy those requests for security filtering with ModSecurity) to have HTTP requests that hit the HTTPS port to upgrade those requests to HTTPS on the same port instead of just erroring out (bad protocol error). Some of this had to do with browser and other client-end mechanisms forcing an HTTPS upgrade of late, but finding it wasn’t working correctly all the time. I struggled to find a good solution but came to an answer finally on stackoverflow. I’m documenting it here for future reference and for those that may need that kind of functionality since it’s a very specific request. I normally just do a 301 redirect for situations like this, but it doesn’t seem to work when streaming media for whatever reason using particular media clients. This has done the trick.
In my last post, I explained how to go about utilizing IPv6 prefix delegation using a Ubiquiti EdgeRouter 4, connected to an AT&T internet router that has IPv6 enabled on both the WAN and the LAN side. Now we’re going to walk through the basic firewall rules you need in place to protect your IPv6 network. And when I say basic, I mean the bare minimum to make sure the entire internet can’t get to your IPv6 devices, because if you’ve finished with the last post, your devices are likely open right now. 😐
Lord Jesus, just as You healed the daughter of Jairus right after healing a woman with an incurable medical condition, you Lord are demonstrated to be the God of healing not just physical conditions, but the God of healing souls. Lord our state apart from the touch of Your healing grace in our souls is incurable. We’re terminal. Apart from a correction of grace, we don’t want You, we don’t seek You, we’re indifferent to You and Your calls to come to You, we’re comfortable in our soul diseases and sins that eat away at us. We’re comfortable in the distractions of the flesh that all too easily please us that are all around us and pressing in and keep us from enjoying the only One who could deeply satisfy all of our desires and longings.
From the outset, it’s important to note that this is intended only for those who already have completed part one on the AT&T router, which is 1) enabling IPv6 on the LAN side and 2) enabling prefix delegation for the LAN. In addition, I’m using a Ubiquiti EdgeRouter 4 for my second firewall and this guide reflects that. However, if you’re using another IPv6 capable router, you may be able to glean settings from this and match them to your configuration.
*Disclaimer: If you enable this and mess with it in such a way as to make your network insecure, I’m not responsible for what may or may not happen due to your lack of security implementation related to traffic passing in and out of your internal network, i.e. if you get hacked, sorry, although I’ll gladly get employed to mitigate the situation ;).
Perfect wintery cold ambient …
Only those with a pure, clean heart, will ascend the hill of the Lord and stand in righteousness with Him, which on our own is none of us. Psalm 24 makes clear that the only one’s to ascend the hill of the Lord are those possessing a purity beyond reach because of our depravity and having cut ourselves off from the life of the Trinity. What a sad thought.
But this is precisely why the rest of the Psalm the ancient gates and doors open for the revealing of the Holy One of God, the Son of God, Jesus, as the one who will and now has ascended the hill of the Lord.