Linux Journal articles

I had a read of a few Linux Journal articles today. Easy reads that give you a high level view of what’s available:

Netfilter and iptables

This evening I read the iptables man page and Linux iptables Pocket Reference from cover-to-cover; my notes are here: Netfilter.

I think at this point I am ready to use iptables in anger for the first time in a long time, and the first time ever on a router.

However, before I take that on, I’m going to have a quick diversion into the following books, and then sleep, and I will do my iptables programming when I wake up tomorrow.

I’m on Patreon now

I suppose it’s a poorly kept secret that now I’m live on Patreon. My Patreon page is here: https://www.patreon.com/JohnElliotV

I would like to stress that I do my blog and my YouTube channel for love and I do *not* expect anyone to send money, so please don’t feel pressured to do so. <3

If you have any thoughts on the Patreon page or how my YouTube channel is configured I would be happy to hear from you, particularly if you have suggestions about how to improve things.

Adrian Black goes PRO

In my feed today a note from Adrian Black from Adrian’s Digital Basement that he was retiring from his infosec job and going full-time content creator for his YouTube channels. His announcement is here. It’s fun because I managed to be the first person to wish him luck and my name was in the credits because I now support him on Patreon! You can see the proof in the screenshot below! :)

QEMU/KVM Attaching a Virtual NIC Directly to a Physical Interface

Man, it took me a while to figure out how to do this! Over on Attaching a Virtual NIC Directly to a Physical Interface I figured out I could use this XML in Virtual Machine Manager (virt-manager) for my NIC device:

<interface type='direct'>
  <source dev='enp9s0' mode='bridge'/>
</interface>

That then gets expanded automatically to something like this:

<interface type="direct">
  <mac address="52:54:00:ce:5b:09"/>
  <source dev="enp9s0" mode="bridge"/>
  <target dev="macvtap4"/>
  <model type="rtl8139"/>
  <alias name="net0"/>
  <address type="pci" domain="0x0000" bus="0x10" slot="0x01" function="0x0"/>
</interface>

Update: ah, balls. This doesn’t completely work, because the guest can’t connect to the host, and vice versa, even though both the host and the guest can connect to the internet. This is a problem for another day. Maybe this or this will help?

Mail log IP address count

The following monster will parse the mail log and report on unique host connections along with a count.

cat /var/log/mail.log | \
  grep ' connect from unknown' | \
  awk '{ print $8 }' | \
  sort | \
  sed -n 's/.*\[\([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\)\].*/\1/p' | \
  awk '{count[$1]++} END {for (word in count) print count[word], word}' | \
  sort -n