Netfilter can by default not track replies to multicast(/broadcast for IPv4) messages. Thus they are, unless they are explicitely allowed through a stateless rule, not matched by a rule using the conntrack match module. To work around this limitation, I developed a equivalent workaround using ipset and iptables. Theoretically the same can be done with …
Category Archives: Linux
Getting IRC help: what information do I need to provide?
The necessary information to enable others to help you will of course vary with the problem for which you are seeking help. But here are some minimum guidelines, for users of the #netfilter channel on freenode.net IRC. First off, it’s always a good idea to put a summary of the problem and goal in your …
Continue reading “Getting IRC help: what information do I need to provide?”
Making Linux responsive aka how IO priority and buffer size influences responsiveness
When doing backups on Linux, it is ususally wanted that the system stays responsive to inputs. That includes terminals and Xorg/Wayland. In the context of IO niceness, the concept of “everything is a file” bites Xorg/Wayland into the ass quite well because it turns out that writing to the frame buffers and refreshing the screen …
Syslog is unreliable – Use RELP instead
Assuming syslog guarantees message deliver is a common pitfall. Neither syslog over TCP nor syslog over UDP implement any application layer confirmation of the receipt of any log messages. If anything occurs between the writing to the buffer or the sending of the log over the socket and the logs having been written to the …
pulseaudio module-echo-cancel beamforming
Here’s an example line for default.pa or similiar, or for running using pacmd. I haven’t tested it, but pulseaudio accepts this line just fine: load-module module-echo-cancel use_master_format=1 aec_method=webrtc use_volume_sharing=1 aec_args=”analog_gain_control=0 digital_gain_control=1 beamforming=1 mic_geometry=-0.04,0,0,0.04,0,0 target_direction=4.71238898,0,0″ source_master=alsa_input.usb-046d_0821_FDA941A0-00.analog-stereo sink_master=alsa_output.pci-0000_43_00.1.hdmi-stereo-extra3 source_name=echoCancel_source sink_name=echoCancel_sink Needs LC_NUMERIC=C in environment to be able to correctly read the mic_geometry. Using commas instead of periods …
Continue reading “pulseaudio module-echo-cancel beamforming”
A quick run down on iptables rules
What is it? iptables is a cli frontend to netfilter, the Linux kernel firewall/nat implementation for OSI layer 3 and 4.
iptables best practices
Don’t use iptables to apply your rules one at a time, use iptables-restore to apply a whole ruleset in one action. Set your INPUT and FORWARD policy to DROP. Don’t set your OUTPUT policy to DROP unless you really know what you’re doing. If you’re going to implement a blacklist or whitelist, you should look …
Summary page of the Netfilter related resources
Please note that we moved from Freenode to libera.chat because Freenode was taken over by Andrew Lee Summary page of the Netfilter related resources iptables 101 and FAQ to get started quickly iptables tutorial from frozentux flowgraph of the packets in netfilter as svg Managing large lists of IPs,subnets, protocols or ports in iptables using ipset …
Continue reading “Summary page of the Netfilter related resources”