User Tools


Differences

This shows you the differences between two versions of the page.

Link to this comparison view

workshops:nanopi_m4_iptables_geoblocking [2019/03/06 19:01]
admin created
workshops:nanopi_m4_iptables_geoblocking [2019/03/06 19:07] (current)
admin
Line 3: Line 3:
 |NanoPI M4|Michael Pope|{{ :​workshops:​20181029-nanopi_m4.pdf |slides}}| |NanoPI M4|Michael Pope|{{ :​workshops:​20181029-nanopi_m4.pdf |slides}}|
 |IP validation, IPtables, and GeoBlocking|Timothy Rice|| |IP validation, IPtables, and GeoBlocking|Timothy Rice||
 +
 +===== IP Validation Notes =====
 +A couple of people asked to have a closer look at Cider, you can find it
 +at:
 +
 +https://​notabug.org/​cryptarch/​cider
 +
 +If you're interested in the Hacker News article which opened my eyes to the
 +craziness of IP address parsing, you can find it here:
 +
 +https://​news.ycombinator.com/​item?​id=6580592
 +
 +Note that the IPv4 spec acknowledges IP addresses in either octet-dot or
 +unsigned 32-bit integer form:
 +
 +https://​tools.ietf.org/​html/​rfc791#​section-2.3
 +
 +Thus, the abbreviations from that Hacker News article were not anticipated
 +and are completely implementation dependent. You can inspect how
 +implementations can differ by comparing the respective iptables and ipset
 +interpretations of 127.1/32
 +
 +For a more recent example illustrating IP addresses in a form that seems
 +unconventional,​ these will all take you to a certain popular website:
 +
 +http://​1000849999
 +http://​0x3BA7C24F
 +http://​07351741117
 +
 +To get started with ipset, this is the Arch Linux wiki article I referred
 +to:
 +
 +https://​wiki.archlinux.org/​index.php/​Ipset