| Andrew Cooke | Contents | Latest | RSS | Twitter | Previous | Next

C[omp]ute

Welcome to my blog, which was once a mailing list of the same name and is still generated by mail. Please reply via the "comment" links.

Always interested in offers/projects/new ideas. Eclectic experience in fields like: numerical computing; Python web; Java enterprise; functional languages; GPGPU; SQL databases; etc. Based in Santiago, Chile; telecommute worldwide. CV; email.

Personal Projects

Lepl parser for Python.

Colorless Green.

Photography around Santiago.

SVG experiment.

Professional Portfolio

Calibration of seismometers.

Data access via web services.

Cache rewrite.

Extending OpenSSH.

C-ORM: docs, API.

Last 100 entries

Lepton Decay Irregularity; An Easier Way; Julia's BinDeps (aka How To Install Cairo); Good Example Of Good Police Work (And Anonymity Being Hard); Best Santiago Burgers; Also; Michael Emmerich (Vibrator Translator) Interview (Japanese Books); Clarice Lispector (Brazillian Writer); Books On Evolution; Looks like Ara (Modular Phone) is dead; Index - Translations From Chile; More Emotion in Chilean Wines; Week 7; Aeon Magazine (Science-ish); QM, Deutsch, Constructor Theory; Interesting Talk Transcripts; Interesting Suggestion Of Election Fraud; "Hard" Books; Articles or Papers on depolarizing the US; Textbook for "QM as complex probabilities"; SFO Get Libor Trader (14 years); Why Are There Still So Many Jobs?; Navier Stokes Incomplete; More on Benford; FBI Claimed Vandalism; Architectural Tessellation; Also: Go, Blake's 7; Delusions of Gender (book); Crypto AG DID work with NSA / GCHQ; UNUMS (Universal Number Format); MOOCs (Massive Open Online Courses); Interesting Looking Game; Euler's Theorem for Polynomials; Weeks 3-6; Reddit Comment; Differential Cryptanalysis For Dummies; Japanese Graphic Design; Books To Be Re-Read; And Today I Learned Bugs Need Clear Examples; Factoring a 67 bit prime in your head; Islamic Geometric Art; Useful Julia Backtraces from Tasks; Nothing, however, is lost with less discomfort than that which, when lost, cannot be missed; Article on Didion; Cost of Living by City; British Slavery; Derrida on Metaphor; African SciFi; Traits in Julia; Alternative Japanese Lit; Pulic Key as Address (Snow); Why Information Grows; The Blindness Of The Chilean Elite; Some Victoriagate Links; This Is Why I Left StackOverflow; New TLS Implementation; Maths for Physicists; How I Am 8; 1000 Word Philosophy; Cyberpunk Reading List; Detailed Discussion of Message Dispatch in ParserCombinator Library for Julia; FizzBuzz in Julia w Dependent Types; kokko - Design Shop in Osaka; Summary of Greece, Currently; LLVM and GPUs; See Also; Schoolgirl Groyps (Maths); Japanese Lit; Another Example - Modular Arithmetic; Music from United; Python 2 and 3 compatible alternative.; Read Agatha Christie for the Plot; A Constructive Look at TempleOS; Music Thread w Many Recommendations; Fixed Version; A Useful Julia Macro To Define Equality And Hash; k3b cdrom access, OpenSuse 13.1; Week 2; From outside, the UK looks less than stellar; Huge Fonts in VirtualBox; Keen - Complex Emergencies; The Fallen of World War II; Some Spanish Fiction; Calling C From Fortran 95; Bjork DJ Set; Z3 Example With Python; Week 1; Useful Guide To Starting With IJulia; UK Election + Media; Review: Reinventing Organizations; Inline Assembly With Julia / LLVM; Against the definition of types; Dumb Crypto Paper; The Search For Quasi-Periodicity...; Is There An Alternative To Processing?; CARDIAC (CARDboard Illustrative Aid to Computation); The Bolivian Case Against Chile At The Hague; Clear, Cogent Economic Arguments For Immigration; A Program To Say If I Am Working; Decent Cards For Ill People; New Photo

© 2006-2015 Andrew Cooke (site) / post authors (content).

Blocking MAC addresses with OpenSuse Firewall

From: andrew cooke <andrew@...>

Date: Tue, 27 Apr 2010 20:00:31 -0400

OpenSuse contains a nice wrapper for iptables, accessed via Yast.
Unfortunately, it doesn't have an option for blocking specific MAC addresses
and sometimes this is useful (a MAC address can be changed, but most people
won't know how, so this is useful for blocking specific leeches while leaving
a wifi open to infrequent casual use, for example).

Although blocking MAC addresses isn't supported directly by the Yast wrapper,
you do have the ability to call an additional "custom script", and the
iptables command can be added there.

First, you must enable the custom wrapper.  The simplest way is to edit
/etc/sysconfig/SuSEfirewall2 and uncomment the line

FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"

(alternatively you can do this via Yast in the system settings, but I find
that a bit fiddly to use).

Once that is enabled, edit that file and modify the second function as
follows:

fw_custom_after_antispoofing() {

  for target in LOG DROP; do
    for chain in input_ext input_dmz input_int forward_int forward_ext forward_dmz; do
      iptables -A $chain -m mac --mac-source 00:16:cf:2c:d4:ee -j $target
    done
  done

  true
}

(changing the MAC address as appropriate).  You can get the MAC address by
running wireshark (aka ethereal) or if it's Wifi, kismet.

Once those changes are made, restart the firewall (easiest way is from inside
Yast - there's a "save settings and restart" button).

Andrew

A Verion That Redirects To Local HTTP Server

From: andrew cooke <andrew@...>

Date: Thu, 16 Apr 2015 20:47:26 -0300

for mac in "70:f1:a1:e3:xx:xx" "00:22:5f:a7:xx:xx" "2c:81:58:f3:xx:xx" \
             "cc:52:af:98:xx:xx" "8c:3a:e3:42:xx:xx" "c4:6e:1f:14:xx:xx"; do
    iptables -t nat -A PREROUTING -p tcp -m mac --mac-source $mac \
             --dport 80 -j DNAT --to 10.1.0.9:80
    for chain in input_ext input_int forward_ext forward_int; do
      iptables -A $chain -m mac --mac-source $mac -j LOG
      iptables -A $chain -p tcp --dport 80 -m mac --mac-source $mac -j ACCEPT
      iptables -A $chain -p tcp -m mac --mac-source $mac -j DROP
      iptables -A $chain -p udp --dport 53 -m mac --mac-source $mac -j ACCEPT
      iptables -A $chain -p udp -m mac --mac-source $mac -j DROP
    done
  done

Where there's a page on 10.1.0.9:80 explaining that you've been blocked from
the network.

Andrew

Comment on this post