Thread: Block Big Brother
View Single Post
Old 02-08-2013, 07:58 PM   #6
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Release 13039
Installation and verification of BBB, issue 13039

  • Should be sufficently complete now to use on all Kindle models.
  • Only tested on: K3 and Kpw firmwares, so it might miss something used by other models.
  • Updated to include all currently known Amazon (and associates) IP address ranges.
  • Known registration information file now included in the released archives.
  • Since technical difficulties force restoring only a complete table, this one is a lot closer to a real-life firewall.


Install the rule-set and matching BBB delete script:
Code:
core2quad usb-0.7.N $ scp added-bbb-13039.txt kpw:/mnt/us/extensions/bbb/frags
added-bbb-13039.txt                              100% 2234     2.2KB/s   00:00
 
core2quad usb-0.7.N $ scp del-bbb-13039.sh kpw:/mnt/us/extensions/bbb/config.d
del-bbb-13039.sh                                 100% 1155     1.1KB/s   00:00    

core2quad usb-0.7.N $ ssh kpw "ls -l /mnt/us/extensions/bbb/*"
/mnt/us/extensions/bbb/config.d:
-rwxr-xr-x    1 root     root           741 Feb  7 15:57 del-bbb-13038.sh
-rwxr-xr-x    1 root     root          1155 Feb  8 18:07 del-bbb-13039.sh

/mnt/us/extensions/bbb/frags:
-rwxr-xr-x    1 root     root          1210 Feb  7 16:33 added-bbb-13038.txt
-rwxr-xr-x    1 root     root          2234 Feb  8 18:07 added-bbb-13039.txt
Re-load the kernel's firewall tables:
Code:
core2quad usb-0.7.N $ ssh kpw "PATH=$PATH ; iptables-restore < /mnt/us/extensions/bbb/frags/added-bbb-13039.txt"
Crank up your Wifi (or 3G - untested) play around a bit, and ...
The current firewall should now look like this:
Code:
core2quad usb-0.7.N $ ssh kpw "PATH=$PATH ; iptables -vnL"
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   62 12125 ACCEPT     all  --  usb0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  lo     *       127.0.0.0/8          0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
    3   252 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 0 
    0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       tcp  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           
  103 50939 ACCEPT     udp  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
    2   624 DROP       udp  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           
    1    28 DROP       all  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     udp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           udp spt:40317 
    0     0 ACCEPT     udp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           udp spt:49317 
    0     0 ACCEPT     udp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           udp spt:33434 
    0     0 ACCEPT     tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:40317 
    0     0 ACCEPT     tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       tcp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     udp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
    0     0 DROP       all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 108 packets, 6809 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            127.0.0.0/8         
   69 17026 ACCEPT     all  --  *      usb0    0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            23.0.0.0/12         
   87 14268 DROP       all  --  *      *       0.0.0.0/0            23.20.0.0/14        
    0     0 DROP       all  --  *      *       0.0.0.0/0            50.16.0.0/14        
    0     0 DROP       all  --  *      *       0.0.0.0/0            54.240.128.0/18     
    0     0 DROP       all  --  *      *       0.0.0.0/0            54.240.0.0/12       
    0     0 DROP       all  --  *      *       0.0.0.0/0            64.208.0.0/16       
    0     0 DROP       all  --  *      *       0.0.0.0/0            64.209.0.0/17       
   14   904 DROP       all  --  *      *       0.0.0.0/0            72.21.192.0/19      
    0     0 DROP       all  --  *      *       0.0.0.0/0            107.20.0.0/14       
    6   360 DROP       all  --  *      *       0.0.0.0/0            176.32.96.0/21      
    0     0 DROP       all  --  *      *       0.0.0.0/0            178.236.0.0/21      
    0     0 DROP       all  --  *      *       0.0.0.0/0            184.72.0.0/15       
    0     0 DROP       all  --  *      *       0.0.0.0/0            204.246.160.0/19    
    4   304 DROP       all  --  *      *       0.0.0.0/0            205.251.192.0/18    
    0     0 DROP       all  --  *      *       0.0.0.0/0            207.171.160.0/19
Note the much better accounting and the removal of some lab126 screw-ups.

To remove the BBB restrictions (only the BBB output restrictions):
Code:
core2quad usb-0.7.N $ ssh kpw "PATH=$PATH ; /mnt/us/extensions/bbb/config.d/del-bbb-13039.sh"
Confirm that they are now gone:
Code:
core2quad usb-0.7.N $ ssh kpw "PATH=$PATH ; iptables -vnL OUTPUT"
Chain OUTPUT (policy ACCEPT 261 packets, 16392 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            127.0.0.0/8         
  118 27290 ACCEPT     all  --  *      usb0    0.0.0.0/0            0.0.0.0/0
Attached Files
File Type: gz bbb-13039.tar.gz (1.9 KB, 272 views)
File Type: zip bbb-13039.zip (2.4 KB, 250 views)
knc1 is offline   Reply With Quote