Network Packet Inspection using ntop

You can implement DPI application simply using ntop library. (nDPI)

http://www.ntop.org/get-started/download/

Emergency Contact Group on Andriod

자녀가 스마트폰에 빠져 살면, 부모는 스마트폰을 해지하고 싶은 마음이 생긴다.
그럴 때 스마트폰을 Screen-lock 상태로 만들고
Emergency Call만 하도록 설정하면 자녀가 스마트폰을 이용해서 Game, YouTube 같은
것을 할 수 없게 할 수 있다.

Android 버전에 따라 Contact에 대한 Emergency Call 설정하는 방법이 각각 다른데,
아래 URL을 참고하면 도움이 된다.
(Google에서 "ICE on Android" 라고 검색하면 이와 관련된 문서를 볼수있다)


https://android.stackexchange.com/questions/50573/ice-emergency-contacts-on-emergency-dialer-screen
https://rnn10.wordpress.com/2015/06/18/iceandroid/

자전거 여행용 패니어 이베라 IB-BA16

자전거 출퇴근을 많이 하다보니 패니어(가방)의 필요성이 느껴진다.
뭐가 좋을까 알아보다가 딱 내 눈을 뜨는 제품을 찾았다.

이베라 IB-BA16

블로그 참고: http://blog.naver.com/aimed40/220165118245
블로그 참고: http://jjcamper.net/220955626906

YouTube watch list

날나리데이브 (English Lecture)

https://www.youtube.com/user/kensin88

Google Developers - YouTube

https://www.youtube.com/channel/UC_x5XG1OV2P6uZZ5FSM9Ttw

ONOS Build 2016

https://www.youtube.com/results?search_query=ONOS+Build&page=&utm_source=opensearch

Reading English 

https://www.youtube.com/watch?v=zcj2FxmniVg

Stanford Open Office

https://www.youtube.com/user/StanfordUniversity

iptables

iptables

Good reference

• Linux Firewalls Using iptables
• How does it work: IPTables

• iptables forward all traffic through proxy

방화벽 설정 - iptables

Refer this web site which contains following contents

• Start iptables (register iptables service)
• Terminology
• tables: contains filter, nat, mangle, raw
• chain: contains INPUT, OUTPUT, FORWARD
• INPUT: packets which directs from other host to local host.
• OUTPUT: packets which directs from this host to other host.
• Forward: packets which passes this host and then goes to other host.
• match: is matching condition for example IP-5 Tuples.
• --source (-s): matches source ip address
• --destination (-d): matches destination ip address
• --protocol (-p): matches protocol such as tcp, udp
• --in-interface (-i): input network interface
• --out-interface (-o): output network interface
• --state: matches connection state
• --table (-t): refer to some table name
• --jump (j): how to treat matched packet
• --match (-m): matches to certain module
• target: action when a packet is matched to a condition
• ACCEPT
• DROP: delete a packet
• REJECT: delete a packet and send a response(CONNECTION REFUSED) to original client
• LOG: write the packet to /var/log/syslog
• RETURN
• command
• -A (--append) : add a new rule
• -D (--delete) : delete old rule
• -C (--check) : test a packet
• -I (--insert): insert a new rule
• -L (--list) : print existing rules
• -F (--flush) : delete all rule of chain
• -N (--new) : make new chain
• -X (--delete-chain) : delete a chain
• -P (--policy): change base policy
• connection tracking
• print rule set and its sequence

$  iptables -L --line-numbers

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain

2    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain

3    ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps

4    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     all  --  anywhere             192.168.122.0/24     ctstate RELATED,ESTABLISHED

2    ACCEPT     all  --  192.168.122.0/24     anywhere

3    ACCEPT     all  --  anywhere             anywhere

4    REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

5    REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination

1    ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc

$ iptables -L --line-numbers -v

Chain INPUT (policy ACCEPT 16M packets, 9085M bytes)

num   pkts bytes target     prot opt in     out     source               destination

1        0     0 ACCEPT     udp  --  virbr0 any     anywhere             anywhere             udp dpt:domain

2        0     0 ACCEPT     tcp  --  virbr0 any     anywhere             anywhere             tcp dpt:domain

3        0     0 ACCEPT     udp  --  virbr0 any     anywhere             anywhere             udp dpt:bootps

4        0     0 ACCEPT     tcp  --  virbr0 any     anywhere             anywhere             tcp dpt:bootps

Chain FORWARD (policy ACCEPT 1 packets, 336 bytes)

num   pkts bytes target     prot opt in     out     source               destination

1        0     0 ACCEPT     all  --  any    virbr0  anywhere             192.168.122.0/24     ctstate RELATED,ESTABLISHED

2        0     0 ACCEPT     all  --  virbr0 any     192.168.122.0/24     anywhere

3        0     0 ACCEPT     all  --  virbr0 virbr0  anywhere             anywhere

4        0     0 REJECT     all  --  any    virbr0  anywhere             anywhere             reject-with icmp-port-unreachable

5        0     0 REJECT     all  --  virbr0 any     anywhere             anywhere             reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT 7831K packets, 52G bytes)

num   pkts bytes target     prot opt in     out     source               destination

1        0     0 ACCEPT     udp  --  any    virbr0  anywhere             anywhere             udp dpt:bootpc

• iptables configuration (Example)
• Policy: Accept all ip packet
• iptables -P INPUT ACCEPT
• Rule: Delete all rules
• iptables -F
• Accept all packet
• iptables -A INPUT -i lo -j ACCEPT
• Accept packet which is matched to a condition
• iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
• iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
• iptables -P INPUT DROP
• iptables -P FORWARD DROP
• iptables -P OUTPUT ACCEPT
• save current iptables rules
• service iptables save

[ Reference ]

Firewall configuration - iptables (http://webdir.tistory.com/170)