Thread: Tutorial Block Big Brother
View Single Post
Old 02-11-2013, 10:11 AM   #23
knc1
Embedded Cheerleader
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 6,382
Karma: 5840126
Join Date: Feb 2012
Device: Too many.
BBB-Next

The point raised (on another thread) here that NOT making the user wait for filtered connection attempts to time out was a good one.
It was also a valid point about the firewall design, it **should** be using the proper "reset" and "reject" targets rather than "drop".

Unfortunately, not even the most recent stock firmware supports the "REJECT" target ("reset" is a special case of "reject").

Since it is an objective to not introduce binary additions to the stock firmware with BBB ;
The BBB project will have to continue making the user sit and wait for the "store" to time out (and everything else that is filtered).

The next change will be to split up our monolithic firewall into interface specific chains in the filter table.


Finally! The "Store" feature finally timed-out with:
Quote:
Kindle Store encountered an unexpected error.
Something went wrong and we apologize.
. . . .
Yeah, buddy! And it will keep right on going wrong as long as BBB is enabled.

Now, where was I in typing this post?
Oh, yeah . . . .
The new per-interface rule tables.
Code:
Chain ppp-in (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ppp-out (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain usb-in (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain usb-out (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain wlan-in (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain wlan-out (0 references)
 pkts bytes target     prot opt in     out     source               destination
This change will ease the job of automating the add/removal of services plus give more specific control to the user of the networking features of their device.
Control **PER INTERFACE** device.

This change will actually make the firewall more efficient with less packet latency.

Plus - KUAL buttons - RSN

Last edited by knc1; 02-11-2013 at 10:16 AM.
knc1 is offline   Reply With Quote