yeah - what he said.
https://www.mobileread.com/forums/sho...d.php?t=167675 is an example of handy data
and for we noobs:
Quote:
[root@kindle fonts]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:40317
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state ESTABLISHED
ACCEPT all -- localhost.localdomain anywhere
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere localhost.localdomain
|
so just amend that one probably
EDIT:
Note from Knc1
Quote:
|
Originally Posted by knc1
<add> a note about removing that Amazon "push port" and that the very lax "ACCEPT" rule as shown for ssh should only be used with public key authentication.
|
So yup. The port 40317 is Amazon specific. lord only knows what it's for quite honestly. one could posit remote support. I'll leave that there. It could be nerfed easily.
The SSH rule really is a bit of a whore, IIRC Niluje has nailed has nailed it down on the device with IP -> IP rules in the config.
But if you are allowing SSH access from everywhere. think about the implications of that. Usually "No implications that matter" but that doesn't mean it never applies. A public key is a good idea and that's what I use.
Thanks Knc1