That was pretty much all I was hoping for personally, or even if it just gave people ideas kinda why I made the point a few times that it could easily be used for some other list. I should really get around to setting up a site with shell scripts on, I've been messing with them a lot for some time, I could be overestimating my own ability here but I feel like I've been getting pretty good with them and that some of them could be of use, I like my stats and graphs etc so I have a number of things for producing stats of which quite a lot are networking related as I run several services at various locations.
Got another one to work on later actually idea came to me been curious for a while about the proportions of exit v relay traffic but for the longest time was at a loss trying to work out a way one could tell a relay on arbitrary ports and IP addresses from similarly arbitrary exit traffic with any reliability, that is until the obvious answer struck me earlier, the consensus has the IP and port of all currently active relay's excluding bridges anyway hash:ip,port :) By the way a thought wondering if it's possible or if anyone has actually tried using ipsets to help with traffic shaping of hard to shape traffic, I'm thinking using an ipset with timeout as a temporary storage to flag IP addresses of known/suspected p2p traffic my thought being this way would be a good option to enable combining of multiple detection strategies, and also get around the fact that connmarking is only so good as long as the connection remains so if the clients decide to recycle their connections or saturate themselves until they end up sendQ'ing themselves you would be able to keep track of them when they resurface again a few minutes later without having to wait for it to be found out again. On 27/02/13 23:39, John Brendler wrote: >> From: Paul Gear <p...@gear.dyndns.org> >> >> With IPv4 moving towards 100% allocation, bogon filters are more >> likely to cause problems than block illegitimate traffic. > I've done it (at LAN gateway level), and it hasn't caused problems, but > it's also probably not worth doing. > > I think the relevance here for shorewall users is not that they > should be engaged in blacklisting full bogon lists, but that such > scripts serve as useful examples of how to use ipsets. > > I wrote my earlier referenced scripts two years ago as a demonstration > of how to use ipsets dynamically (for example, in block lists). I also > created other examples using other periodically published lists. > > So while blacklisting full bogon lists may not be very useful, ipsets > are. A couple of useful techniques have been shared through this > cross-talk. > > By the way, dnsmasq is being modified to be able to populate ipsets > based on name resolution. For example, you could allow or deny a set > containing all addresses a given URL is actively resolved to. > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_feb > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
