https://www.shellcheck.net/

https://www.booleanworld.com/depth-guide-iptables-linux-firewall/

a very good doc for understanding iptables.

he Linux kernel comes with a packet filtering framework named netfilter. It allows you to allow, drop and modify traffic leaving in and out of a system. A tool, iptables builds upon this functionality to provide a powerful firewall, which you can configure by adding rules. In addition, other programs such as fail2ban also use iptables to block attackers.

In this article, we’re going to take a look at how iptables works. We’re also going to look at a few examples, which will help you write your own rules.

How does iptables work?

iptables is just a command-line interface to the packet filtering functionality in netfilter. However, to keep this article simple, we won’t make a distinction between iptables and netfilter in this article, and simply refer to the entire thing as “iptables”.

The packet filtering mechanism provided by iptables is organized into three different kinds of structures: tables, chains and targets. Simply put, a table is something that allows you to process packets in specific ways. The default table is the filter table, although there are other tables too.

Again, these tables have chains attached to them. These chains allow you to inspect traffic at various points, such as when they just arrive on the network interface or just before they’re handed over to a process. You can add rules to them match specific packets — such as TCP packets going to port 80 — and associate it with a target. A target decides the fate of a packet, such as allowing or rejecting it.

When a packet arrives (or leaves, depending on the chain), iptables matches it against rules in these chains one-by-one. When it finds a match, it jumps onto the target and performs the action associated with it. If it doesn’t find a match with any of the rules, it simply does what the default policy of the chain tells it to. The default policy is also a target. By default, all chains have a default policy of allowing packets.

Now, we’re going to take a deeper look into each of these structures.

Tables

As we’ve mentioned previously, tables allow you to do very specific things with packets. On a modern Linux distributions, there are four tables:

• The filter table: This is the default and perhaps the most widely used table. It is used to make decisions about whether a packet should be allowed to reach its destination.

• The mangle table: This table allows you to alter packet headers in various ways, such as changing TTL values.

• The nat table: This table allows you to route packets to different hosts on NAT (Network Address Translation) networks by changing the source and destination addresses of packets. It is often used to allow access to services that can’t be accessed directly, because they’re on a NAT network.

• The raw table: iptables is a stateful firewall, which means that packets are inspected with respect to their “state”. (For example, a packet could be part of a new connection, or it could be part of an existing connection.) The raw table allows you to work with packets before the kernel starts tracking its state. In addition, you can also exempt certain packets from the state-tracking machinery.

In addition, some kernels also have a security table. It is used by SELinux to implement policies based on SELinux security contexts.

[音響論壇] 調整LP唱盤的八大基本功

 原文載於: 背包客棧自助旅行論壇 http://www.backpackers.com.tw/forum/showthread.php?p=2598034

對汽車空調
分享一下淺見
如有誤，請大家指正

在修車廠維修空調時，技師回達車主
狀況排行榜第一名永遠都是
壓縮機壞了….
管路有漏，沒有冷媒了….

但實際狀況是否真的是如此
有待車主需簡易的對自己車車輕微的小認知一下

在如此昂貴且重要的壓縮機，其實都有些保護元件，避免壓縮機太過於容易壞
原文載於: 背包客棧自助旅行論壇 http://www.backpackers.com.tw/forum/showthread.php?p=2598034
(但若車體有碰撞或事故，不在此文所涉及範圍內，畢竟我不是達人)

http://infocenter.arm.com/help/topic/com.arm.doc.dai0201a/index.html

柚木(TEAK)，马鞭草科，是世界公认的著名珍贵木材，其中以泰国、缅甸为最佳，因泰国已禁止砍伐，所以以缅甸进口的为上品。柚木从生长到成材最少经50年，生长期缓慢，其密度及硬度较高，不易磨损；柚木富含铁质和油质，这种铁质和油质使之保持不变形，防虫、防蚁、防酸碱，特别防潮、耐腐，且带有一种自然的醇香。优美的墨线、斑斓的油影，构成柚木独特的天然纹理；更为神奇的是，它的刨光面颜色能通过光合作用氧化而成金黄色，且颜色随时间的延长而更加美丽。

正因柚木有此优良特性，古今中外许多保存完好的古建筑，几乎都是采用柚木做装饰。在中国最繁华的上海滩上那些久远漂亮的建筑物(如汇丰银行、海关大楼、和平饭店等)都采用柚木装饰，虽历经百年沧桑，却依然完好如初，亮丽如新。在欧美，柚木不仅是一种装饰材料，也是一种保值商品，更成为富贵的象征。

随着人们对更高生活品质的追求，柚木地板走入寻常百姓家，成为了高档物业地板市场的主角。但却时常有消费者抱怨“如何买到正宗的缅甸柚木地板”是件很头疼的事情。

由于利益的驱使，市场上假冒的柚木地板可谓是前赴后继，因此要在市场上买到正宗的柚木地板确实不是件容易的事。花了大价钱买了假柚木地板，或贪一时小便宜买了假柚木地板屡见报端。森林之旅经营了二十多年的柚木，专做柚木地板也有九年时间，在这里给柚木地板消费者一些建议和教大家一些识别方法。

森林之旅建议消费者在购买柚木地板时一定要在销售凭证上注明“柚木实木地板”，最好是写上“缅甸柚木实木地板”字样。这能保证在发生纠纷时有证据来维护自己的权益，但还是不能从根本上解决问题。森林之旅认为最重要的是把工作做在前面，选择对的远比事后维权来的舒心。纵观整个柚木地板市场，森林之旅发现冒充缅甸柚木地板主要有三法：

一、自提身价法：以同一树种冒充缅甸柚木。市场上主要采用标有“印尼柚木”、“非洲柚木”、“南美柚木”、“巴西柚木”、“马来西亚柚木”、“尼日利亚柚木”、“圭亚那柚木”等名称的做法。实际上即使属于同一树种，因产地不同，其质地、价格也相差甚远、更有甚者，根本不是柚木树种，价格相差更远。这些非洲及美洲的柚木，因为种植地区气候不同，树木的生长周期短，树龄10年就能成材，油质相对下降很多，已失去柚木油质丰富的特性，材质干燥易裂。因此用"非洲柚木"或者"南美柚木"等加工的木地板实际上已经算不上真正的柚木地板了。

冠以泰柚叫卖的，殊不知因泰国禁止砍伐，天然原始林的泰柚在市场上几乎不存在。现在陆陆续续有部分从泰国进口的柚木，也基本就是泰国的人工林柚木。

二、冒充替代法：用相似或相近纹理、密度的树种冒充缅甸柚木。市场上最多的是黑心木莲冒充缅甸柚木，令外行人很难辨认。
 
三、臆造名法：主要有：金丝柚、金柚木、柚木王、柚木皇、紫金柚、柚檀、铁柚、美柚等，事实上这些树种世界上根本不存在，充其量不过是一些杂木而已。

费者了解了柚木地板假冒三法就能做到心中有数，但在购买的时候一样要注意分辨。以下是森林之旅教给大家一些鉴别真假柚木地板的方法，大部分分辨方法是建立在素板或背面不封漆的基础上的，如果全部封漆再加上在工艺上做一些手脚的话，就很难予以分辨。