Wednesday, January 28, 2009

Filtering bogons with iptables

There are a bunch of IP addresses that cannot be used (routed) across the internet. The private IP address ranges typically use for NAT are an example. I wrote a script to grab the unallocated ranges and create iptable rules for each. I thought i would be clever (-: i never learn, do i? :-) and integrate these with system-config-firewall, which appears to be a frontend to lokkit. Going to "Custom Rules", "Add", "ipv4", "filter", and choosing the file makes lokkit crap out with an error AND drop all the other rules. Bad form. I tracked the error down to the apparent fact the lokkit doesn't allow more the nine custom rules, no matter how many files the rules are broken in to. More bad form. So i just add them by hand. I should get around to using ipset for all this... Anyway, here's that script
#! /bin/bash


wget --quiet -O - | \
cut -d ' ' -f 1 > /tmp/unallocated

sed -e '/^$/d' \
-e 's/^00*//' \
-e 's/^/iptables -D INPUT -s /' \
-e 's/$/ -j DROP/' < /tmp/unallocated > $TEMP

sed -e '/^$/d' \
-e 's/^00*//' \
-e 's/^/iptables -I INPUT -s /' \
-e 's/$/ -j DROP/' < /tmp/unallocated >> $TEMP

echo 'iptables -D INPUT -s 10/24 -j DROP' >> $TEMP
echo 'iptables -I INPUT -s 10/24 -j DROP' >> $TEMP
echo 'iptables -D INPUT -s 172.16/12 -j DROP' >> $TEMP
echo 'iptables -I INPUT -s 172.16/12 -j DROP' >> $TEMP
echo 'iptables -D INPUT -s 192.168/16 -j DROP' >> $TEMP
echo 'iptables -I INPUT -s 192.168/16 -j DROP' >> $TEMP

sh $TEMP
rm /tmp/unallocated $TEMP
ci -m "" -l /etc/sysconfig/iptables
iptables-save > /etc/sysconfig/iptables

Sunday, January 18, 2009

Buffing CDs and DVDs

I've had no luck with cheap commercial CD/DVD scratch removers. Tried most -- Memorex, Alera, etc. -- and none removed the kind of scratches i seem to get... What does work for me is using my two-speed grinder that i converted to a buffer to polish my pipes. If you don't have such a beast but have a drill press, buy a couple of mandrels and buffer wheel. I use the lower (1850 RPM) setting, use brown tripoli to remove the scratches then red rouge to remove the marks left by the tripoli. Hold the CD or DVD in the most natural way so that the buffing is radial. Five minutes and you're done.

Wednesday, January 14, 2009

Firefox necessities

OSX necessities (for Mountain Lion)
SoundSource from

Monday, January 12, 2009

OSX internet sharing to ethernet from airport

So, i have an OpenSolaris machine that doesn't easily do wireless, at least i don't want to spend tons of time figuring it out. Right next to it is a Mac Mini that does wireless just fine and therefore also has a spare ethernet port. Trying to be clever, i put a crossover cable between the two, turned on internet sharing from Mini and hoped for the best. The best rarely seems to happen. After once again spending too much time trying to figure out what was wrong, i put a regular ethernet cable between the two and that made things work. I knew Apples typically figure out when they need to perform the ethernet crossover dance all by themselves; i didn't know that doing it for them would cause things to break. One also has to turn on those TCP services one wants to pass through the Mac; Remote Login (ssh) and Personal Web Sharing in my case. DNS and NTP seem to run through just fine; UDP isn't on OSX's ipfw firewall map...