MobileRead Forums - View Single Post

hawhill · 06-20-2012, 05:18 AM

iptables is probably a good option here, yes. The rules are slightly wrong, though. First, the "ACCEPT" lines would never match since the "-j" jump to the DROP target is a final action. The DROP target should be jumped to after checking the more specific ACCEPT rules.

And then if they would match - it's very probable that the Kindle's wlan0 interface will have a local IP, so all outgoing connections would be allowed (-s is the "source" IP switch). You probably meant to allow connections _to_ the local network, which would be the "-d" flag instead of the "-s" flag. Although I can't really see why even local connections should be allowed. The DROP line would be sufficient.

06-20-2012, 05:18 AM	#15
hawhill Wizard Posts: 1,379 Karma: 2155307 Join Date: Nov 2010 Location: Goettingen, Germany Device: Kindle Paperwhite, Kobo Mini	iptables is probably a good option here, yes. The rules are slightly wrong, though. First, the "ACCEPT" lines would never match since the "-j" jump to the DROP target is a final action. The DROP target should be jumped to after checking the more specific ACCEPT rules. And then if they would match - it's very probable that the Kindle's wlan0 interface will have a local IP, so all outgoing connections would be allowed (-s is the "source" IP switch). You probably meant to allow connections _to_ the local network, which would be the "-d" flag instead of the "-s" flag. Although I can't really see why even local connections should be allowed. The DROP line would be sufficient.