The thing about having been around for a while is that you get to relearn your tools on a regular basis. Having grown up with Linux my days of configuring and rebuilding my kernel is happily just a fond memory these days. I'm glad to say that things have come a long way in this regard.
Today my cairn server was not keeping up with online demand, partly because I had not anticipated much interest in its existence and partly because I had only bothered to implement the most basic rate limiting in the server itself. Of course this was foolhardy of me as the big bad Internet put its claws around my server and squeezed every last packet out of it.
It was clearly time for some basic iptables incantations. Iptables being the de facto tool the last time around I had to do firewalling. I've been around to see ipfwadm get replaced by ipchains and ipchains get replaced by iptables and apparently these days we're supposed to know nft if we don't want to come across as dinosaurs. You often hear people complain about updated UIs being forced on them. I admit I'm rarely a fan of change for change sake. I do enjoy that Emacs mostly keep looking and operating like Emacs over the decades for a reason. In the case of nft though I must admit that it is an improvement upon iptables, there is no denying that.
┌─────────┐ ┌──────────┐
│ ipfwadm │───▶│ ipchains │
└─────────┘ └──────────┘
│
┌──────────────┘
▼
┌──────────┐ ┌─────┐
│ iptables │───────▶│ nft │
└──────────┘ └─────┘
Long story short, my Chinese visitors are now more well behaved than ever and I hope this was the last time my server got a hiccup.
Another thing I really ought to befriend is systemd cause I don't expect we'll be getting SysV init scripts back into our beloved Debian. And this old dinosaur will just have to deal with that too.
Having recently had to try to mitigate a DDoS at work where everything runs in the cloud its a nice change of pace to write nft rules on a raspberry pi. It feels like meditating.