Thread: Tutorial Block Big Brother
View Single Post
Old 02-08-2013, 10:39 PM   #13
knc1
Embedded Cheerleader
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 6,361
Karma: 5840124
Join Date: Feb 2012
Device: Too many.
Release 13040

After three re-visions, everyone should know the manual "install" process by now:
Code:
core2quad usb-0.7.N $ scp added-bbb-13040.txt kpw:/mnt/us/extensions/bbb/frags
added-bbb-13040.txt                              100% 2474     2.4KB/s   00:00    

core2quad usb-0.7.N $ scp del-bbb-13040.sh kpw:/mnt/us/extensions/bbb/config.d
del-bbb-13040.sh                                 100% 1506     1.5KB/s   00:00    

core2quad usb-0.7.N $ ssh kpw "ls -l /mnt/us/extensions/bbb/*"
/mnt/us/extensions/bbb/config.d:
-rwxr-xr-x    1 root     root           741 Feb  7 15:57 del-bbb-13038.sh
-rwxr-xr-x    1 root     root          1125 Feb  8 18:20 del-bbb-13039.sh
-rwxr-xr-x    1 root     root          1506 Feb  9 09:38 del-bbb-13040.sh

/mnt/us/extensions/bbb/frags:
-rwxr-xr-x    1 root     root          1210 Feb  7 16:33 added-bbb-13038.txt
-rwxr-xr-x    1 root     root          2236 Feb  8 18:29 added-bbb-13039.txt
-rwxr-xr-x    1 root     root          2474 Feb  9 09:38 added-bbb-13040.txt
Now run the firewall rules restore utility with our custom rule-set as input:
Code:
core2quad usb-0.7.N $ ssh kpw "PATH=$PATH ; iptables-restore < /mnt/us/extensions/bbb/frags/added-bbb-13040.txt"
Doing a full restore of the kernel's tables zeros the counters:
Code:
core2quad usb-0.7.N $ ssh kpw "PATH=$PATH ; iptables -vnL"
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   21  4059 ACCEPT     all  --  usb0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  lo     *       127.0.0.0/8          0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       tcp  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     udp  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
    0     0 DROP       udp  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     udp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           udp spt:40317 
    0     0 ACCEPT     udp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           udp spt:49317 
    0     0 ACCEPT     udp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           udp spt:33434 
    0     0 ACCEPT     tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:40317 
    0     0 ACCEPT     tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     udp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
    0     0 DROP       all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            127.0.0.0/8         
    0     0 DROP       all  --  *      *       0.0.0.0/0            23.0.0.0/12         
    0     0 DROP       all  --  *      *       0.0.0.0/0            23.20.0.0/14        
    0     0 DROP       all  --  *      *       0.0.0.0/0            50.16.0.0/14        
    0     0 DROP       all  --  *      *       0.0.0.0/0            54.240.128.0/18     
    0     0 DROP       all  --  *      *       0.0.0.0/0            54.240.0.0/12       
    0     0 DROP       all  --  *      *       0.0.0.0/0            64.208.0.0/16       
    0     0 DROP       all  --  *      *       0.0.0.0/0            64.209.0.0/17       
    0     0 DROP       all  --  *      *       0.0.0.0/0            72.21.192.0/19      
    0     0 DROP       all  --  *      *       0.0.0.0/0            107.20.0.0/14       
    0     0 DROP       all  --  *      *       0.0.0.0/0            176.32.96.0/21      
    0     0 DROP       all  --  *      *       0.0.0.0/0            178.236.0.0/21      
    0     0 DROP       all  --  *      *       0.0.0.0/0            184.72.0.0/15       
    0     0 DROP       all  --  *      *       0.0.0.0/0            204.246.160.0/19    
    0     0 DROP       all  --  *      *       0.0.0.0/0            205.251.192.0/18    
    0     0 DROP       all  --  *      *       0.0.0.0/0            207.171.160.0/19    
   21  2910 ACCEPT     all  --  *      usb0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      wlan0   0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
Disable airplane mode, Select own Wifi AP, tap 'home' and:
Code:
core2quad usb-0.7.N $ ssh kpw "PATH=$PATH ; iptables -vnL"
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   44  8222 ACCEPT     all  --  usb0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  lo     *       127.0.0.0/8          0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       tcp  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           
   16  6620 ACCEPT     udp  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
    2   624 DROP       udp  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     udp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           udp spt:40317 
    0     0 ACCEPT     udp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           udp spt:49317 
    0     0 ACCEPT     udp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           udp spt:33434 
    0     0 ACCEPT     tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:40317 
    0     0 ACCEPT     tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     udp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
    0     0 DROP       all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            127.0.0.0/8         
    0     0 DROP       all  --  *      *       0.0.0.0/0            23.0.0.0/12         
    7  1148 DROP       all  --  *      *       0.0.0.0/0            23.20.0.0/14        
    0     0 DROP       all  --  *      *       0.0.0.0/0            50.16.0.0/14        
    0     0 DROP       all  --  *      *       0.0.0.0/0            54.240.128.0/18     
    0     0 DROP       all  --  *      *       0.0.0.0/0            54.240.0.0/12       
    0     0 DROP       all  --  *      *       0.0.0.0/0            64.208.0.0/16       
    0     0 DROP       all  --  *      *       0.0.0.0/0            64.209.0.0/17       
    8   512 DROP       all  --  *      *       0.0.0.0/0            72.21.192.0/19      
    0     0 DROP       all  --  *      *       0.0.0.0/0            107.20.0.0/14       
    0     0 DROP       all  --  *      *       0.0.0.0/0            176.32.96.0/21      
    0     0 DROP       all  --  *      *       0.0.0.0/0            178.236.0.0/21      
    0     0 DROP       all  --  *      *       0.0.0.0/0            184.72.0.0/15       
    0     0 DROP       all  --  *      *       0.0.0.0/0            204.246.160.0/19    
    2   152 DROP       all  --  *      *       0.0.0.0/0            205.251.192.0/18    
    0     0 DROP       all  --  *      *       0.0.0.0/0            207.171.160.0/19    
   46 10308 ACCEPT     all  --  *      usb0    0.0.0.0/0            0.0.0.0/0           
   16  1070 ACCEPT     all  --  *      wlan0   0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
Just for those who might think that Kindles do not call home.

After a short "Public Wifi HotSpot" visit (three carriers available, including AT&T).
None of which Chatty Kathy can successfully connect too (connects to home Wifi just fine);
Code:
core2quad ~ $ ssh kpw "PATH=$PATH ; iptables -vnL"
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   67 12937 ACCEPT     all  --  usb0   *       0.0.0.0/0            0.0.0.0/0           
  180 40362 ACCEPT     all  --  lo     *       127.0.0.0/8          0.0.0.0/0           
    1    48 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       tcp  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           
  320  162K ACCEPT     udp  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
    6  1992 DROP       udp  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           
    3    84 DROP       all  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     udp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           udp spt:40317 
    0     0 ACCEPT     udp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           udp spt:49317 
    0     0 ACCEPT     udp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           udp spt:33434 
    0     0 ACCEPT     tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:40317 
    0     0 ACCEPT     tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     udp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
    0     0 DROP       all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  180 40362 ACCEPT     all  --  *      lo      0.0.0.0/0            127.0.0.0/8         
    0     0 DROP       all  --  *      *       0.0.0.0/0            23.0.0.0/12         
  295 48380 DROP       all  --  *      *       0.0.0.0/0            23.20.0.0/14        
    0     0 DROP       all  --  *      *       0.0.0.0/0            50.16.0.0/14        
    0     0 DROP       all  --  *      *       0.0.0.0/0            54.240.128.0/18     
    0     0 DROP       all  --  *      *       0.0.0.0/0            54.240.0.0/12       
    0     0 DROP       all  --  *      *       0.0.0.0/0            64.208.0.0/16       
    0     0 DROP       all  --  *      *       0.0.0.0/0            64.209.0.0/17       
   18  1144 DROP       all  --  *      *       0.0.0.0/0            72.21.192.0/19      
    0     0 DROP       all  --  *      *       0.0.0.0/0            107.20.0.0/14       
   19  1120 DROP       all  --  *      *       0.0.0.0/0            176.32.96.0/21      
    0     0 DROP       all  --  *      *       0.0.0.0/0            178.236.0.0/21      
    0     0 DROP       all  --  *      *       0.0.0.0/0            184.72.0.0/15       
    0     0 DROP       all  --  *      *       0.0.0.0/0            204.246.160.0/19    
    4   304 DROP       all  --  *      *       0.0.0.0/0            205.251.192.0/18    
    8   480 DROP       all  --  *      *       0.0.0.0/0            207.171.160.0/19    
   71 17714 ACCEPT     all  --  *      usb0    0.0.0.0/0            0.0.0.0/0           
  330 20591 ACCEPT     all  --  *      wlan0   0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
Which shows a number of significant differences, from the home Wifi (successful) connection attempt.

On the input chain:
Code:
    3    84 DROP       all  --  wlan0  *       0.0.0.0/0            0.0.0.0/0
Those three packets are not (or where not identified as) icmp, tcp, or udp packets because prior rules dealt with those cases.

On the output chain BBB filter:
Code:
   19  1120 DROP       all  --  *      *       0.0.0.0/0            176.32.96.0/21      
    8   480 DROP       all  --  *      *       0.0.0.0/0            207.171.160.0/19
Without doing packet capture, I can only guess but I suspect that Chatty Kathy needs authorization from Amazon to use the Amazon Wifi account, and she can't get it. (Too bad or TS)

Also, local host (lo) is in heavy use. Which may or may not be related.

Removing the BBB filter:
Code:
ssh kpw "PATH=$PATH ; /mnt/us/extensions/bbb/config.d/del-bbb-13040.sh"
Expect a brand new document to pop up on your screen. That is a log of any errors encountered.
To see an example, just try removing the BBB filter twice in a row.
A "long touch" (on the Kpw) will bring up a dialog box that allows you to delete the file.

Now confirm that the BBB filter is gone:
Code:
core2quad usb-0.7.N $ ssh kpw "PATH=$PATH ; iptables -vnL OUTPUT"

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  384 61548 ACCEPT     all  --  *      lo      0.0.0.0/0            127.0.0.0/8         
  781  115K ACCEPT     all  --  *      usb0    0.0.0.0/0            0.0.0.0/0           
  330 20591 ACCEPT     all  --  *      wlan0   0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
Attached Files
File Type: gz bbb-13040.tar.gz (2.2 KB, 34 views)
File Type: zip bbb-13040.zip (2.6 KB, 33 views)

Last edited by knc1; 02-09-2013 at 01:36 PM.
knc1 is offline   Reply With Quote