Merge pull request #9 from yuriskinfo/next

Started new series of Amazon AWS CLI v2.x cheat sheets with Route53, work in progress.
Added to Fortigate debug cheat sheet.
Added to firewalld verification and diagnostics command for firewall-cmd.

cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc

@@ -928,6 +928,11 @@ proxy SIP inspection is on (_ALG_ inspection). If the output is `default-voip-al
 |*diagnose debug application sshd -1*
 |Debug SSH administrator session.
 
+|*dia debug cli 8*
+|Nice trick: this will print CLI commands the Fortigate runs when you do
+something in the GUI. This way we can find CLI commands without long search in 
+Google or documentation.
+
 |===
 
 

cheat-sheets/Linux-and-BSD-firewalls-cheat-sheet.adoc

@@ -4,7 +4,37 @@
 Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
 
 == Firewalld daemon management (Red Hat based distributions)
-.firewall-cmd commands
+
+=== Enable, disable, reload the daemon
+[cols=2, options="header"]
+|===
+|Command
+|Description
+
+|*systemctl disable/enable firewalld*
+|Disable/enable firewalld, survives reboot.
+
+|*systemctl stop firewalld*
+|Stop firewalld until started manually or reboot.
+
+
+|*firewall-cmd --reload*
+|Reload firewall rules to make your changes active, keeping the state table. Active sessions do not disconnect. On finishing reload will output `success`.
+
+|*systemctl restart firewalld*
+|Restart the daemon, without resetting the active connections. Use in case of
+problems with the daemon.
+
+|*firewall-cmd --complete-reload*
+|Reload firewall completely, disconnecting the active connections. When nothing
+else helps.
+
+
+
+
+|===
+=== List rules, status, additional info
+
 [cols=2, options="header"]
 |===
 |Command
@@ -16,8 +46,6 @@ Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
 |*firewall-cmd  --list-all*
 |List currently active rules
 
-|*firewall-cmd --reload*
-|Reload firewall keeping the state table. Active sessions do not disconnect. On finishing reload will output `success`.
 
 |*firewall-cmd --get-default-zone*
 | Show the default zone for interfaces.

cheat-sheets/Route53-AWS-CLI-examples.adoc

@@ -0,0 +1,143 @@
+= Route53 AWS CLI examples cookbook
+:homepage: https://yurisk.info
+:toc:
+Author: Yuri Slobodyanyuk, https://www.linkedin.com/in/yurislobodyanyuk/
+
+
+== Short Introduction
+* AWS Route53 is the only service with 100% SLA.
+* Amazon Registrar does domain registration only for _.com, .org, .net_ domains, the
+ rest are registered via _Gandi SAS_
+
+
+
+== List all hosted zones (private and public)
+[source, bash]
+----
+aws route53 list-hosted-zones  
+----
+
+If you are using configuration profiles:
+
+[source, bash]
+----
+aws route53 list-hosted-zones  --profile <profile-name> 
+----
+
+This command returns _zone-id_ you will need in future queries.
+
+== Show all records of a zone
+
+[source, bash]
+----
+aws route53 list-resource-record-sets --hosted-zone-id Z3HR6JS50CWURT  
+----
+
+
+=== Filter output for specific records
+Show all and only A records from a zone:
+
+----
+aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT  \
+--query "ResourceRecordSets[?Type == 'A'] "
+----
+
+Show only records matching the given record value (here _www.yurisk.info_):
+
+----
+aws route53 list-resource-record-sets --hosted-zone-id ZN36CWKHEDURT \
+ --query "ResourceRecordSets[?Name == 'www.yurisk.info.'] "
+----
+
+NOTE: AWS returns maximum 100 items in one response. Use paging with `NextToken`
+if you expect to get more results.
+
+== Create a new public zone
+
+Create a new public zone named _example334455.com_: 
+
+----
+aws route53 create-hosted-zone --name example334455.com \
+--caller-reference some-text-for-me-for-reference 
+----
+
+On success returns zone's ID, request status (e.g. `Pending`), allocated name
+servers. The `caller-reference` you set is used for identifying this request in
+logs etc. and can be arbitrary string.
+
+== Add A record to a zone
+While mainly expected to store the  record in JSON format in a local file, we
+can specify the record(s) to add explicitly with `--change-batch`. Let's add A
+record _www.example334455.com_ wtih TTL of 600, pointing to IP _1.2.3.4_:
+
+----
+aws route53 change-resource-record-sets --hosted-zone-id Z0967968IADGHN5TI3WW \
+--change-batch '
+{
+"Comment": "Adding A record",
+"Changes": [
+{
+"Action": "CREATE",
+"ResourceRecordSet": {
+"Name": "www.example334455.com",
+"Type": "A",
+"TTL": 600,
+"ResourceRecords": [
+{
+"Value": "1.2.3.4"
+}
+]
+}
+}
+]
+}
+'
+----
+
+== Delete a record from a zone
+Let's delete the A record just created _www.example334455.com_  (we use
+`Action:DELETE`):
+
+----
+aws route53 change-resource-record-sets --hosted-zone-id Z0967968IADGHN5TI3WW \
+--change-batch '
+{
+"Comment": "Adding A record",
+"Changes": [
+{
+"Action": "DELETE",
+"ResourceRecordSet": {
+"Name": "www.example334455.com",
+"Type": "A",
+"TTL": 600,
+"ResourceRecords": [
+{
+"Value": "1.2.3.4"
+}
+]
+}
+}
+]
+}
+'
+----
+
+== Delete a zone completely
+NOTE: You cannot delete a non-empty zone, have to 1st delete all records except
+NS.
+
+Trying to delete a zone with other than NS records gives this error:
+
+----
+An error occurred (HostedZoneNotEmpty) when calling the DeleteHostedZone
+operation: The specified hosted zone contains non-required resource record
+sets  and so cannot be deleted
+----
+
+We delete the empty zone _example334455.com_: 
+
+----
+aws route53 delete-hosted-zone --id Z0967968IADGHN5TI3WW
+----
+
+