| 05:19 | dab_ | cbxbiker61: are you there? |
| 15:43 | timl | whats the best xbian image to download for the cubox-i right now? tried http://imx.solid-run.com/forums/viewtopic.php?f=7&t=1127 but doesnt boot |
| 21:58 | _aegis_ | anyone played with IR transmission? |
| 23:04 | dab_ | cbxbiker61: hello |
| 23:04 | cbxbiker61 | hi |
| 23:05 | dab_ | I cam across a problem in your firewall script, want to hear about it? |
| 23:06 | cbxbiker61 | sure |
| 23:06 | dab_ | Your first rule should be -A INPUT -i $LOOPBACK_IF -j ACCEPT |
| 23:07 | dab_ | The nasty of -A INPUT ! -i $LOOPBACK_IF -d $LOOPBACK_ADDR -j DROP is done by your script further down |
| 23:08 | dab_ | The first rule stops me using firefox on a local web server e.g 192.168.1.45 |
| 23:09 | dab_ | local webserver requests to 192.168.1.45 end up in netfilter as IN=lo |
| 23:11 | cbxbiker61 | yeah, i fixed that a few days after the script was put online |
| 23:12 | cbxbiker61 | $cmd -t filter -A INPUT -i lo -s $loopback -d $loopback -j ACCEPT |
| 23:12 | dab_ | I am not sure why IN ends up as lo |
| 23:12 | cbxbiker61 | another line was added that did the same thing to the internal ip |
| 23:13 | cbxbiker61 | main thing in loopback is to make sure that the source and destination ips are the same |
| 23:13 | cbxbiker61 | and of course they should match the local machine |
| 23:14 | dab_ | yes. |
| 23:15 | dab_ | I have been testing a script for public wifi and 3G ppp, almost there |
| 23:16 | dab_ | Anyway thanks for the script, it has got me into ipset. |
| 23:22 | dab_ | how to I test for matching ips when I do not necessarily know the IP before the iptables script runs? |
| 23:23 | cbxbiker61 | that's where you use ipset and dynamically update the set |
| 23:23 | dab_ | ok, thats what I was doing. |
| 23:24 | cbxbiker61 | you create a new set, then copy the set, then delete the new set |