Granola: Workout log for GPS enabled cyclists, runners, and hikers.
Rounder: Poker for your GNOME desktop.
Tito: A tool for managing RPM based git projects.
security
Fun with iptables, ulogd and wireshark
Sat, 03/07/2009 - 01:00 — dgoodwinHaving some fun tinkering with firewall rules today. I've been lazy and using Firestarter for a few years but it has a couple annoyances I didn't know how to work around and got to writing out my own iptables rules once again. I ended up with the relatively simple script below which does the following:
- Enable NAT for the local network.
- Forward some port traffic straight to internal systems.
- Drop a few bizarre and most likely malicious spoofed source addresses and bad packet flags coming in on the external interface.
- Accept some services locally. (just ssh for now)
- Log and drop everything that isn't explicitly accepted. (traffic logged to /var/log/messages for convenient tail -f'ing)
Could a KVM virtual firewall work?
Mon, 03/02/2009 - 01:00 — dgoodwinAnyone know of a reason why a setup like this *wouldn't* work: three physical network interfaces, bridges created for all three but two reserved exclusively for a guest operating system, the host won't even use them. Run cable modem into one, connect the other to uplink on a wireless router, run a cable from there back into the third interface for the host operating system.
Seems to me is should be doable but before I go break the bank on a $15 USB ethernet adapter (only have room for one more NIC on the motherboard) I thought I'd check. :) I guess the big question is around the bridged interfaces, must they have an IP assigned on the host? Hrm.
Amazon S3 Backups w/ Duplicity and Bandwidth Limiting
Sat, 02/07/2009 - 23:49 — dgoodwinI've been hearing rumblings of awesomeness about Amazon S3 as a backup service from a couple friends lately. My current system could stand some improvement and I'd love something incremental and easier to do regularly, and with S3 being so highly recommended at only 15c a gig it looks like an ideal storage mechanism.
The next step is locating a tool to encrypt the data and do the actual uploads, I hear great things about Jungledisk but I'm not thrilled about a non-open source solution. The search led me to duplicity, a tool quite similar to rsync that does encrypted incremental backups to many different backends including S3.
export AWS_ACCESS_KEY_ID=X
export AWS_SECRET_ACCESS_KEY=Y
(c) 2009 rm-rf.ca
