rm-rf.ca

Having some fun tinkering with firewall rules today. I've been lazy and using Firestarter for a few years but it has a couple annoyances I didn't know how to work around and got to writing out my own iptables rules once again. I ended up with the relatively simple script below which does the following:

• Enable NAT for the local network.
• Forward some port traffic straight to internal systems.
• Drop a few bizarre and most likely malicious spoofed source addresses and bad packet flags coming in on the external interface.
• Accept some services locally. (just ssh for now)
• Log and drop everything that isn't explicitly accepted. (traffic logged to /var/log/messages for convenient tail -f'ing)

I've been hearing rumblings of awesomeness about Amazon S3 as a backup service from a couple friends lately. My current system could stand some improvement and I'd love something incremental and easier to do regularly, and with S3 being so highly recommended at only 15c a gig it looks like an ideal storage mechanism.

The next step is locating a tool to encrypt the data and do the actual uploads, I hear great things about Jungledisk but I'm not thrilled about a non-open source solution. The search led me to duplicity, a tool quite similar to rsync that does encrypted incremental backups to many different backends including S3.

export AWS_ACCESS_KEY_ID=X
export AWS_SECRET_ACCESS_KEY=Y