paulgorman.org

< ^ txt

Tue Dec 15 07:38:09 EST 2015 Slept from 10:30 to 5:30. Probably could use a little more sleep, but I couldn't fall back to sleep. High of forty-nine and a chance of rain. Goals: Work: - Work on remote access No. Did some work on cable modem testing instead. Twenty minute walk at lunch. Cloudy and cold. I should have put the lining back in my jacket. Home: - SEMIBUG meeting tonight at 7:00 PM Done. - Remember extension cord, power strip, laptop Done. - What do I still not get about ipfw? Remaining questions: - What exactly does 'antispoof' do? The source address on incoming packets is checked. If the source address belongs to a directly connected network, make sure that's the packet came from the interface for that network. E.g. with 10.0.0.0/24 connected on em1, make sure any packet claiming to be from 10.0.0.0/24 actually entered from em1! Why does the allow lo0 rule usually come before antispoof? - Still not totally clear on complex kernel NAT configs. Clearer, but not totally confident. - What is dummynet? traffic shaper/packet scheduler Rules can divert packets to dummynet using the 'pipe' or 'queue' actions. Pipes limit the bandwidth of a particular flow. Queues govern bandwidth sharing between flows. Interesting, but not something I need right now. Went to SEMIBUG. Good time. We all went out to Falling Down Beer Co afterward. Cool hole-in-the-wall microbrewery with good food.

< ^ txt