Andrew Cooke | Contents | Latest | RSS | Previous | Next

C[omp]ute

Welcome to my blog, which was once a mailing list of the same name and is still generated by mail. Please reply via the "comment" links.

Always interested in offers/projects/new ideas. Eclectic experience in fields like: numerical computing; Python web; Java enterprise; functional languages; GPGPU; SQL databases; etc. Based in Santiago, Chile; telecommute worldwide. CV; email.

Personal Projects

Choochoo Training Diary

Last 100 entries

Surprise Paradox; [Books] Good Author List; [Computing] Efficient queries with grouping in Postgres; [Computing] Automatic Wake (Linux); [Computing] AWS CDK Aspects in Go; [Bike] Adidas Gravel Shoes; [Computing, Horror] Biological Chips; [Books] Weird Lit Recs; [Covid] Extended SIR Models; [Art] York-based Printmaker; [Physics] Quantum Transitions are not Instantaneous; [Computing] AI and Drum Machines; [Computing] Probabilities, Stopping Times, Martingales; bpftrace Intro Article; [Computing] Starlab Systems - Linux Laptops; [Computing] Extended Berkeley Packet Filter; [Green] Mainspring Linear Generator; Better Approach; Rummikub Solver; Chilean Poetry; Felicitations - Empowerment Grant; [Bike] Fixing Spyre Brakes (That Need Constant Adjustment); [Computing, Music] Raspberry Pi Media (Audio) Streamer; [Computing] Amazing Hack To Embed DSL In Python; [Bike] Ruta Del Condor (El Alfalfal); [Bike] Estimating Power On Climbs; [Computing] Applying Azure B2C Authentication To Function Apps; [Bike] Gearing On The Back Of An Envelope; [Computing] Okular and Postscript in OpenSuse; There's a fix!; [Computing] Fail2Ban on OpenSuse Leap 15.3 (NFTables); [Cycling, Computing] Power Calculation and Brakes; [Hardware, Computing] Amazing Pockit Computer; Bullying; How I Am - 3 Years Post Accident, 8+ Years With MS; [USA Politics] In America's Uncivil War Republicans Are The Aggressors; [Programming] Selenium and Python; Better Walking Data; [Bike] How Fast Before Walking More Efficient Than Cycling?; [COVID] Coronavirus And Cycling; [Programming] Docker on OpenSuse; Cadence v Speed; [Bike] Gearing For Real Cyclists; [Programming] React plotting - visx; [Programming] React Leaflet; AliExpress Independent Sellers; Applebaum - Twilight of Democracy; [Politics] Back + US Elections; [Programming,Exercise] Simple Timer Script; [News] 2019: The year revolt went global; [Politics] The world's most-surveilled cities; [Bike] Hope Freehub; [Restaurant] Mama Chau's (Chinese, Providencia); [Politics] Brexit Podcast; [Diary] Pneumonia; [Politics] Britain's Reichstag Fire moment; install cairo; [Programming] GCC Sanitizer Flags; [GPU, Programming] Per-Thread Program Counters; My Bike Accident - Looking Back One Year; [Python] Geographic heights are incredibly easy!; [Cooking] Cookie Recipe; Efficient, Simple, Directed Maximisation of Noisy Function; And for argparse; Bash Completion in Python; [Computing] Configuring Github Jekyll Locally; [Maths, Link] The Napkin Project; You can Masquerade in Firewalld; [Bike] Servicing Budget (Spring) Forks; [Crypto] CIA Internet Comms Failure; [Python] Cute Rate Limiting API; [Causality] Judea Pearl Lecture; [Security, Computing] Chinese Hardware Hack Of Supermicro Boards; SQLAlchemy Joined Table Inheritance and Delete Cascade; [Translation] The Club; [Computing] Super Potato Bruh; [Computing] Extending Jupyter; Further HRM Details; [Computing, Bike] Activities in ch2; [Books, Link] Modern Japanese Lit; What ended up there; [Link, Book] Logic Book; Update - Garmin Express / Connect; Garmin Forerunner 35 v 230; [Link, Politics, Internet] Government Trolls; [Link, Politics] Why identity politics benefits the right more than the left; SSH Forwarding; A Specification For Repeating Events; A Fight for the Soul of Science; [Science, Book, Link] Lost In Math; OpenSuse Leap 15 Network Fixes; Update; [Book] Galileo's Middle Finger; [Bike] Chinese Carbon Rims; [Bike] Servicing Shimano XT Front Hub HB-M8010; [Bike] Aliexpress Cycling Tops; [Computing] Change to ssh handling of multiple identities?; [Bike] Endura Hummvee Lite II; [Computing] Marble Based Logic; [Link, Politics] Sanity Check For Nuclear Launch; [Link, Science] Entropy and Life

© 2006-2017 Andrew Cooke (site) / post authors (content).

Blocking MAC addresses with OpenSuse Firewall

From: andrew cooke <andrew@...>

Date: Tue, 27 Apr 2010 20:00:31 -0400

OpenSuse contains a nice wrapper for iptables, accessed via Yast.
Unfortunately, it doesn't have an option for blocking specific MAC addresses
and sometimes this is useful (a MAC address can be changed, but most people
won't know how, so this is useful for blocking specific leeches while leaving
a wifi open to infrequent casual use, for example).

Although blocking MAC addresses isn't supported directly by the Yast wrapper,
you do have the ability to call an additional "custom script", and the
iptables command can be added there.

First, you must enable the custom wrapper.  The simplest way is to edit
/etc/sysconfig/SuSEfirewall2 and uncomment the line

FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"

(alternatively you can do this via Yast in the system settings, but I find
that a bit fiddly to use).

Once that is enabled, edit that file and modify the second function as
follows:

fw_custom_after_antispoofing() {

  for target in LOG DROP; do
    for chain in input_ext input_dmz input_int forward_int forward_ext forward_dmz; do
      iptables -A $chain -m mac --mac-source 00:16:cf:2c:d4:ee -j $target
    done
  done

  true
}

(changing the MAC address as appropriate).  You can get the MAC address by
running wireshark (aka ethereal) or if it's Wifi, kismet.

Once those changes are made, restart the firewall (easiest way is from inside
Yast - there's a "save settings and restart" button).

Andrew

A Verion That Redirects To Local HTTP Server

From: andrew cooke <andrew@...>

Date: Thu, 16 Apr 2015 20:47:26 -0300

for mac in "70:f1:a1:e3:xx:xx" "00:22:5f:a7:xx:xx" "2c:81:58:f3:xx:xx" \
             "cc:52:af:98:xx:xx" "8c:3a:e3:42:xx:xx" "c4:6e:1f:14:xx:xx"; do
    iptables -t nat -A PREROUTING -p tcp -m mac --mac-source $mac \
             --dport 80 -j DNAT --to 10.1.0.9:80
    for chain in input_ext input_int forward_ext forward_int; do
      iptables -A $chain -m mac --mac-source $mac -j LOG
      iptables -A $chain -p tcp --dport 80 -m mac --mac-source $mac -j ACCEPT
      iptables -A $chain -p tcp -m mac --mac-source $mac -j DROP
      iptables -A $chain -p udp --dport 53 -m mac --mac-source $mac -j ACCEPT
      iptables -A $chain -p udp -m mac --mac-source $mac -j DROP
    done
  done

Where there's a page on 10.1.0.9:80 explaining that you've been blocked from
the network.

Andrew

Comment on this post