Originally posted by GreatEmerald
View Post
Furthermore, I also use a VPN (IPSEC) and allow internet connection sharing. You have to be careful of not allowing the person using your internet connection to access the other side of your IPSEC VPN (ever thought about that?). This could happen if you have a default rule for masquerading, which I require for my qemu hosts to work properly (this way they can access my home network).
Standard firewall is not safe once you have a slightly adventurous setup. And as you can see, I'm able to use netfilter to do some really nifty things. And yes, there have been moments where there was a hole. But it was never worse than the default configuration.
That being said, I don't trust my router which implies I'm replicating NAT on each box (your very own router can be hacked as well, why blindly trust it?). And then I also slapped some basic DDOS protection on it while I'm there.
I think, on and off, I have tweaked the firewall quite a few years. But I haven't touched in ages for a while, it's working *exactly* how I want it and how I expect it to do. Furthermore, tinkering like this helps you explorer more stuff about Linux. I leaned about ip, routing tables, MAC addresses, tcpdump (godsend), wireshark (tcpdump made cool) and the netfilter connection tracking tables.
I even went in the RFC docs once to differentiate NAT UDP packets that were either part of IKE (some bitfield is zero) or part of ESP itself. This taught me about bitfields.
Originally posted by GreatEmerald
View Post
I wouldn't be surprised these cards are exhibiting this behaviour since nouveau does not reclock their engine's. We are actually using them in a way that they were not designed to.
Originally posted by dibal
View Post
Originally posted by Delgarde
View Post
Leave a comment: