Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 02-09-2013, 01:40 PM   #16
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 6,675
Karma: 5850002
Join Date: Feb 2012
Device: Too many.
Today's release

Today's release adds something new - a log file of any errors during the BBB filter removal.

Release at: http://www.mobileread.com/forums/sho...1&postcount=13
knc1 is offline   Reply With Quote
Old 02-09-2013, 03:05 PM   #17
twobob
( ͡° ͜ʖ ͡°){ʇlnɐɟ ƃǝs}Týr
twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.
 
twobob's Avatar
 
Posts: 6,552
Karma: 6021142
Join Date: Jun 2012
Location: uti gratia usura (Yao ying da ying; Mo ying da yieng)
Device: PW-WIFI|K5-3G+WIFI| K4|K3-3G|DXG|K2| Rooted Nook Touch
Did you update the zips?
twobob is offline   Reply With Quote
Old 02-09-2013, 03:25 PM   #18
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 6,675
Karma: 5850002
Join Date: Feb 2012
Device: Too many.
Quote:
Originally Posted by twobob View Post
Did you update the zips?
Yup.
Although the Amazon network document wasn't updated today.

Files now have a public home:
http://hg.minimodding.com/repos/sys/kBBB.hg/

Public browse, download, and 'hg clone'
knc1 is offline   Reply With Quote
Old 02-09-2013, 03:31 PM   #19
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 6,675
Karma: 5850002
Join Date: Feb 2012
Device: Too many.
Quote:
Originally Posted by twobob View Post
Did you update the zips?
Found it!
Comment at top of rule-set was not changed today.
Fixed and pushed.

That really is the correct file - I downloaded it from MobileRead:
http://www.mobileread.com/forums/sho...1&postcount=13
to create the repo.

Aren't public repos just great?

Last edited by knc1; 02-09-2013 at 03:35 PM.
knc1 is offline   Reply With Quote
Old 02-10-2013, 01:37 AM   #20
piperclassique
A garbling groftpot
piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.
 
piperclassique's Avatar
 
Posts: 734
Karma: 4806000
Join Date: Feb 2012
Location: France
Device: IPad, Kindle PW, iPhone
Greetings kind sirs
Would this work in Europe? I'm supposing Amazon are using local servers but I have no idea which, no idea about much really, but I would love to stop my paperwhite phoning home.
I need a simple package, though, being somewhat technologically challenged.
Maybe you will have time at some point?
piperclassique is offline   Reply With Quote
Old 02-10-2013, 07:38 AM   #21
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 6,675
Karma: 5850002
Join Date: Feb 2012
Device: Too many.
Quote:
Originally Posted by piperclassique View Post
Greetings kind sirs
Would this work in Europe? I'm supposing Amazon are using local servers but I have no idea which, no idea about much really, but I would love to stop my paperwhite phoning home.
I need a simple package, though, being somewhat technologically challenged.
Maybe you will have time at some point?
It has the EU address ranges that I have been able to find.

But because of the geographic load balancing used by large networks, it is unlikely I have seen all of the EU address ranges.
Still - better than nothing and that will improve once I get some EU volunteers (or ssh access to EU machines).

My next step in this little project, will be to add Buttons for the KUAL launcher (Add, Remove, Report).

Since everything about this BBB filter exists only in the user's USB storage mode area, next to the documents directory for books (as does everything about KUAL) - - -
If you can copy a book over USB to the Kindle, you can copy this BBB stuff.
Or, at least you will be able to when done.

Thank you for your interest.
You are the first one to comment other than my Kindle Koding partner, twobob.

Last edited by knc1; 02-10-2013 at 07:42 AM.
knc1 is offline   Reply With Quote
Old 02-10-2013, 10:11 AM   #22
piperclassique
A garbling groftpot
piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.
 
piperclassique's Avatar
 
Posts: 734
Karma: 4806000
Join Date: Feb 2012
Location: France
Device: IPad, Kindle PW, iPhone
Marvellous! Thank you for the work you are doing on this. I dearly love my kindles, but I don't love the lack of privacy and the forced updates. I did manage the jailbreak and the launcher, but that stretched my electron moving skills to the limit.
piperclassique is offline   Reply With Quote
Old 02-11-2013, 10:11 AM   #23
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 6,675
Karma: 5850002
Join Date: Feb 2012
Device: Too many.
BBB-Next

The point raised (on another thread) here that NOT making the user wait for filtered connection attempts to time out was a good one.
It was also a valid point about the firewall design, it **should** be using the proper "reset" and "reject" targets rather than "drop".

Unfortunately, not even the most recent stock firmware supports the "REJECT" target ("reset" is a special case of "reject").

Since it is an objective to not introduce binary additions to the stock firmware with BBB ;
The BBB project will have to continue making the user sit and wait for the "store" to time out (and everything else that is filtered).

The next change will be to split up our monolithic firewall into interface specific chains in the filter table.


Finally! The "Store" feature finally timed-out with:
Quote:
Kindle Store encountered an unexpected error.
Something went wrong and we apologize.
. . . .
Yeah, buddy! And it will keep right on going wrong as long as BBB is enabled.

Now, where was I in typing this post?
Oh, yeah . . . .
The new per-interface rule tables.
Code:
Chain ppp-in (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ppp-out (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain usb-in (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain usb-out (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain wlan-in (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain wlan-out (0 references)
 pkts bytes target     prot opt in     out     source               destination
This change will ease the job of automating the add/removal of services plus give more specific control to the user of the networking features of their device.
Control **PER INTERFACE** device.

This change will actually make the firewall more efficient with less packet latency.

Plus - KUAL buttons - RSN

Last edited by knc1; 02-11-2013 at 10:16 AM.
knc1 is offline   Reply With Quote
Old 02-11-2013, 07:40 PM   #24
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 6,675
Karma: 5850002
Join Date: Feb 2012
Device: Too many.
BBB-13042

Our usual 'manual' installation process (still):
Spoiler:

Code:
core2quad frags $ scp added-bbb-13042.txt kpw:/mnt/us/extensions/bbb/frags
added-bbb-13042.txt                          100% 3680     3.6KB/s   00:00    

core2quad frags $ cd ../config.d

core2quad config.d $ scp del-bbb-13042.sh kpw:/mnt/us/extensions/bbb/config.d
del-bbb-13042.sh                                100% 3771     3.7KB/s   00:00

core2quad config.d $ cd
core2quad ~ $


Reload the kernel's firewall rules:
Code:
core2quad ~ $ ssh kpw "PATH=$PATH ; iptables-restore < /mnt/us/extensions/bbb/frags/added-bbb-13042.txt"
Now the standard INPUT chain is what applies to all interfaces, plus a total for the specific interface inputs:
Code:
core2quad ~ $ ssh kpw "PATH=$PATH ; iptables -vnL INPUT"
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  lo     *       127.0.0.0/8          0.0.0.0/0           
    0     0 DROP       all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
   21  4059 usb-in     all  --  usb0   *       0.0.0.0/0            0.0.0.0/0           
    6   504 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
  185 94842 wlan-in    all  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           
    0     0 ppp-in     all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
And the 'detail' table listed as the 'target' has the specifics:
Code:
core2quad ~ $ ssh kpw "PATH=$PATH ; iptables -vnL wlan-in"
Chain wlan-in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
  233  121K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
    4  1216 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    2    56 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
The totals do not match above because of traffic on wlan0 in-between the reports.

This structure allows for the easy automation of adding and removing services **PER INTERFACE**.
I.E: It is unlikely that anyone will want to run rsync on anything other than the USB cable.
And other services only make sense on interfaces other than the USB cable.

It also allows modification **PER INTERFACE** of the BBB filter.
Exactly how that might be useful is yet to be known, but it is there to help the automation also.

After today's field test (minus one counter):
Spoiler:

Code:
core2quad ~ $ ssh kpw "PATH=$PATH ; iptables -vnL"
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  283  438K ACCEPT     all  --  lo     *       127.0.0.0/8          0.0.0.0/0           
    2   204 DROP       all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
 1017  106K usb-in     all  --  usb0   *       0.0.0.0/0            0.0.0.0/0           
    7   552 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
 5226 2667K wlan-in    all  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           
    0     0 ppp-in     all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  283  438K ACCEPT     all  --  *      lo      0.0.0.0/0            127.0.0.0/8         
  677  116K usb-out    all  --  *      usb0    0.0.0.0/0            0.0.0.0/0           
10497 1167K wlan-out   all  --  *      wlan0   0.0.0.0/0            0.0.0.0/0           
    0     0 ppp-out    all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           
    2   204 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ppp-in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:40317 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:49317 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:33434 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:40317 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ppp-out (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            23.0.0.0/12         
    0     0 DROP       all  --  *      *       0.0.0.0/0            23.20.0.0/14        
    0     0 DROP       all  --  *      *       0.0.0.0/0            50.16.0.0/14        
    0     0 DROP       all  --  *      *       0.0.0.0/0            54.240.128.0/18     
    0     0 DROP       all  --  *      *       0.0.0.0/0            54.240.0.0/12       
    0     0 DROP       all  --  *      *       0.0.0.0/0            64.208.0.0/16       
    0     0 DROP       all  --  *      *       0.0.0.0/0            64.209.0.0/17       
    0     0 DROP       all  --  *      *       0.0.0.0/0            72.21.192.0/19      
    0     0 DROP       all  --  *      *       0.0.0.0/0            107.20.0.0/14       
    0     0 DROP       all  --  *      *       0.0.0.0/0            176.32.96.0/21      
    0     0 DROP       all  --  *      *       0.0.0.0/0            178.236.0.0/21      
    0     0 DROP       all  --  *      *       0.0.0.0/0            184.72.0.0/15       
    0     0 DROP       all  --  *      *       0.0.0.0/0            204.246.160.0/19    
    0     0 DROP       all  --  *      *       0.0.0.0/0            205.251.192.0/18    
    0     0 DROP       all  --  *      *       0.0.0.0/0            207.171.160.0/19    
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain usb-in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1017  106K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain usb-out (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            23.0.0.0/12         
    0     0 DROP       all  --  *      *       0.0.0.0/0            23.20.0.0/14        
    0     0 DROP       all  --  *      *       0.0.0.0/0            50.16.0.0/14        
    0     0 DROP       all  --  *      *       0.0.0.0/0            54.240.128.0/18     
    0     0 DROP       all  --  *      *       0.0.0.0/0            54.240.0.0/12       
    0     0 DROP       all  --  *      *       0.0.0.0/0            64.208.0.0/16       
    0     0 DROP       all  --  *      *       0.0.0.0/0            64.209.0.0/17       
    0     0 DROP       all  --  *      *       0.0.0.0/0            72.21.192.0/19      
    0     0 DROP       all  --  *      *       0.0.0.0/0            107.20.0.0/14       
    0     0 DROP       all  --  *      *       0.0.0.0/0            176.32.96.0/21      
    0     0 DROP       all  --  *      *       0.0.0.0/0            178.236.0.0/21      
    0     0 DROP       all  --  *      *       0.0.0.0/0            184.72.0.0/15       
    0     0 DROP       all  --  *      *       0.0.0.0/0            204.246.160.0/19    
    0     0 DROP       all  --  *      *       0.0.0.0/0            205.251.192.0/18    
    0     0 DROP       all  --  *      *       0.0.0.0/0            207.171.160.0/19    
  677  116K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain wlan-in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
 5138 2657K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
   29  8960 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           
   59  1652 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain wlan-out (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            23.0.0.0/12         
 5051  828K DROP       all  --  *      *       0.0.0.0/0            23.20.0.0/14        
    0     0 DROP       all  --  *      *       0.0.0.0/0            50.16.0.0/14        
    0     0 DROP       all  --  *      *       0.0.0.0/0            54.240.128.0/18     
    0     0 DROP       all  --  *      *       0.0.0.0/0            54.240.0.0/12       
    0     0 DROP       all  --  *      *       0.0.0.0/0            64.208.0.0/16       
    0     0 DROP       all  --  *      *       0.0.0.0/0            64.209.0.0/17       
   60  3772 DROP       all  --  *      *       0.0.0.0/0            72.21.192.0/19      
    0     0 DROP       all  --  *      *       0.0.0.0/0            107.20.0.0/14       
   39  2300 DROP       all  --  *      *       0.0.0.0/0            176.32.96.0/21      
    0     0 DROP       all  --  *      *       0.0.0.0/0            178.236.0.0/21      
    0     0 DROP       all  --  *      *       0.0.0.0/0            184.72.0.0/15       
    0     0 DROP       all  --  *      *       0.0.0.0/0            204.246.160.0/19    
   17  1192 DROP       all  --  *      *       0.0.0.0/0            205.251.192.0/18    
   12   776 DROP       all  --  *      *       0.0.0.0/0            207.171.160.0/19    
 5318  331K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0


Now delete the BBB filter from all three output interface chains:
Code:
core2quad ~ $ ssh kpw "PATH=$PATH ; /mnt/us/extensions/bbb/config.d/del-bbb-13042.sh"
Now confirm that they are gone:
Spoiler:

Code:
core2quad ~ $ ssh kpw "PATH=$PATH ; iptables -vnL"
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  372 41617 ACCEPT     all  --  lo     *       127.0.0.0/8          0.0.0.0/0           
    0     0 DROP       all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
  893 95180 usb-in     all  --  usb0   *       0.0.0.0/0            0.0.0.0/0           
    6   504 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
   46  8624 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
 1239  635K wlan-in    all  --  wlan0  *       0.0.0.0/0            0.0.0.0/0           
    0     0 ppp-in     all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    6   504 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
  372 41617 ACCEPT     all  --  *      lo      0.0.0.0/0            127.0.0.0/8         
  634 83312 usb-out    all  --  *      usb0    0.0.0.0/0            0.0.0.0/0           
 2525  284K wlan-out   all  --  *      wlan0   0.0.0.0/0            0.0.0.0/0           
    0     0 ppp-out    all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ppp-in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:40317 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:49317 
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:33434 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:40317 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain ppp-out (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain usb-in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  893 95180 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain usb-out (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  634 83312 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain wlan-in (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           
 1222  634K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED 
    5  1520 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           
   12   336 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain wlan-out (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1312 85791 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0


Next - work on some buttons - RSN.
Attached Files
File Type: gz bbb-13042.tar.gz (2.4 KB, 26 views)
File Type: zip bbb-13042.zip (2.9 KB, 44 views)
knc1 is offline   Reply With Quote
Old 02-11-2013, 08:27 PM   #25
h1uke
Zealot
h1uke can do the Funky Gibbon.h1uke can do the Funky Gibbon.h1uke can do the Funky Gibbon.h1uke can do the Funky Gibbon.h1uke can do the Funky Gibbon.h1uke can do the Funky Gibbon.h1uke can do the Funky Gibbon.h1uke can do the Funky Gibbon.h1uke can do the Funky Gibbon.h1uke can do the Funky Gibbon.h1uke can do the Funky Gibbon.
 
Posts: 121
Karma: 82565
Join Date: Aug 2010
Location: Maryland, USA
Device: dxg, k3w,k4nt,kpw
Great job! Thank you for the work you do!

Sometines I think that it could be easier to maintain the list
of _trusted_ URLs than the list of BB-related ones.
I'd even agree to limit access to my local wireless network, denying
all attempts to get outside.
In order to try this, I arranged an extra WiFi router with its WAN side turned Off.
I quickly learned that the last kindle firmware catches these situations,
and doesn't even connect to such wireless networks, keeping the airplane mode always On.
I suspect the kindle version of wpa_supplicant, but, unfortunately, no chance to get deeper on that..

Is this a known problem? Any workaround for that? Am I missing something?
Thanks.
h1uke is offline   Reply With Quote
Old 02-11-2013, 08:40 PM   #26
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 6,675
Karma: 5850002
Join Date: Feb 2012
Device: Too many.
Quote:
Originally Posted by h1uke View Post
Great job! Thank you for the work you do!

Sometines I think that it could be easier to maintain the list
of _trusted_ URLs than the list of BB-related ones.
I'd even agree to limit access to my local wireless network, denying
all attempts to get outside.
In order to try this, I arranged an extra WiFi router with its WAN side turned Off.
I quickly learned that the last kindle firmware catches these situations,
and doesn't even connect to such wireless networks, keeping the airplane mode always On.
I suspect the kindle version of wpa_supplicant, but, unfortunately, no chance to get deeper on that..

Is this a known problem? Any workaround for that? Am I missing something?
Thanks.
That will be a matter of evolution.

The first step is to block everything that can be found ;

And then identify the the "safe" ones (perhaps the 'sync' services, or things that are safe to access by 3G (which never downloads updates) ) ;

And of course, there will be as many ideas of what is 'safe' as their are users.

This is a very flexible structure now.

Many of those things can now be turned into 'button presses'.
knc1 is offline   Reply With Quote
Old 02-12-2013, 01:55 AM   #27
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 6,675
Karma: 5850002
Join Date: Feb 2012
Device: Too many.
An untested example of putting a hole in the filter

This target address is totally untested! Allowing it may smoke your Kindle or eat your Kat!

Looking at this entry in the Amazon-Network reference:
Kpw: 54.240.0.0/12
Kpw: 54.240.128.0/18
** If wanting to screen the sub-net **
Amazon Technologies Inc. AMAZON-2011L (NET-54-240-0-0-1) 54.240.0.0 - 54.255.255.255
Amazon Web Services, LLC AWSEMAIL-Z (NET-54-240-0-0-2) 54.240.0.0 - 54.240.63.255

Looking at the rule-set, you will find:
Code:
# Packets leaving by Wifi
:wlan-out - [0:0]
-A wlan-out -d 23.0.0.0/12       -j DROP
-A wlan-out -d 23.20.0.0/14      -j DROP
-A wlan-out -d 50.16.0.0/14      -j DROP
# Count and drop the sub-net first.
-A wlan-out -d 54.240.128.0/18   -j DROP
-A wlan-out -d 54.240.0.0/12     -j DROP
And just guessing from the name: Amazon Web Services, LLC AWSEMAIL-Z

Then if you (or a KUAL button) wants to make an exception to the provided filter rule-set ;
Insert as RULE #1 (all exceptions, all device chains, are added as RULE #1):
Code:
iptables -t filter -I wlan-out -d 54.240.128.0/18   -j ACCEPT
The default rule number of the I(nsert) command is RULE #1.

When your done with the 'mail-to Kindle' function, take it out again with:
Code:
iptables -t filter -D wlan-out -d 54.240.128.0/18   -j ACCEPT
The D(elete) command removes the first (or only) exactly matching rule.

If wanting to enable this for 3G (also or only) - use the above rules with the substitution of ppp-out for wlan-out (Wifi).

If someone wants to try this out, and report back here - would be nice to know if that is really the 'mail-to Kindle' service.

WARNING: If you keep reading my posts, you will learn more than you probably ever cared to know about Linux network firewalls.

Last edited by knc1; 02-12-2013 at 02:04 AM.
knc1 is offline   Reply With Quote
Old 02-12-2013, 03:27 AM   #28
piperclassique
A garbling groftpot
piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.
 
piperclassique's Avatar
 
Posts: 734
Karma: 4806000
Join Date: Feb 2012
Location: France
Device: IPad, Kindle PW, iPhone
Now I don't even begin to understand the "how" of this, but if it would be possible to allow access to the "email to kindle" and the store without Amazon getting a report on everything I do or "upgrading" , by allowing only 3g access that sounds interesting. Can it me done? A switch to turn wifi off and leave 3g on? Would it block big brother or just slow him down?

Please ignore me if I am being an ignorant pest......
piperclassique is offline   Reply With Quote
Old 02-12-2013, 07:32 AM   #29
knc1
Helpdesk Junkie
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 6,675
Karma: 5850002
Join Date: Feb 2012
Device: Too many.
Quote:
Originally Posted by piperclassique View Post
Now I don't even begin to understand the "how" of this, but if it would be possible to allow access to the "email to kindle" and the store without Amazon getting a report on everything I do or "upgrading" , by allowing only 3g access that sounds interesting. Can it me done? A switch to turn wifi off and leave 3g on? Would it block big brother or just slow him down?

Please ignore me if I am being an ignorant pest......
The shot answer: Someday, probably YES.
That is the point of the structure I designed.

It will take research to learn what Internet addresses Amazon uses for which purpose.

But your/my example (If my guess based on name of registered owner is correct) - -

'e-mail to Kindle' works over either Wifi or 3G.
Over 3G there is a charge, over Wifi is free (at least in the USA).

So now the user can choose to block or accept either type (with the default of being blocked).
Just add that 'ACCEPT' exception to the filter rule for either 3G or Wifi or both or neither (neither is the default).

And to your other (implied) question, also mentioned by another poster* - - -
This, at the moment, does not prevent you from using your Kindle on your OWN home Wifi - it is only blocking the public Wifi use.
Even when using your OWN home Wifi, it blocks access to Amazon.

It just requires more research to learn just what to 'ACCEPT' to allow the (commercial) 'Free Wifi' public services.

Of course, that will have to be the end-user's decision - since Amazon will get a report of which Hot Spot you are using.

So today, I have to go learn how to make 'Buttons' for it.
Once that is done, the end-user will not require USBnetworking to use the 'Block Big Brother' (BBB) add-in.

- - - -
* TWO INTERESTED USERS - Durn but this project is getting a lot of interest now!
knc1 is offline   Reply With Quote
Old 02-12-2013, 07:33 AM   #30
Analogus
Fanatic
Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.
 
Analogus's Avatar
 
Posts: 522
Karma: 2155774
Join Date: Apr 2011
Device: 2x Sony PRS-350 (silver, blue); PRS-300 (†), Kindle Paperwhite
HI

Is there a more ore less easy way to use WIKIPEDIA without beeing logged into my Amazon account?

Or better:
Use Wikipedia without beeing logged into my account AND block everything else. In and out. I just want to use Wikipedia without big brother watching me an nothing else. No mail, no buying books, ...

What I am able to do?
A am able to copy files over SSH to the reader (finally managed that point...).

What I'm not able to do?
Managing this job with the help of general explanations. I'm no Linux man.

For this task I've set up a virtual OpenSuse in VirtualBox.


Thanks
Analogus is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Big Brother Revisited adamselene Kindle Developer's Corner 7 02-11-2013 08:06 AM
Amazon - Big Brother or Benefactor? poohbear_nc Amazon Kindle 6 10-15-2010 01:49 PM
Seriously thoughtful Say hello to Big Brother ardeegee Lounge 4 11-04-2009 05:08 PM
Big Brother is watching UK kaas Lounge 9 08-22-2008 09:57 AM
Big Brother at work Francesco Lounge 0 12-08-2004 06:02 PM


All times are GMT -4. The time now is 03:48 PM.


MobileRead.com is a privately owned, operated and funded community.