After three re-visions, everyone should know the manual "install" process by now:
Code:
core2quad usb-0.7.N $ scp added-bbb-13040.txt kpw:/mnt/us/extensions/bbb/frags
added-bbb-13040.txt 100% 2474 2.4KB/s 00:00
core2quad usb-0.7.N $ scp del-bbb-13040.sh kpw:/mnt/us/extensions/bbb/config.d
del-bbb-13040.sh 100% 1506 1.5KB/s 00:00
core2quad usb-0.7.N $ ssh kpw "ls -l /mnt/us/extensions/bbb/*"
/mnt/us/extensions/bbb/config.d:
-rwxr-xr-x 1 root root 741 Feb 7 15:57 del-bbb-13038.sh
-rwxr-xr-x 1 root root 1125 Feb 8 18:20 del-bbb-13039.sh
-rwxr-xr-x 1 root root 1506 Feb 9 09:38 del-bbb-13040.sh
/mnt/us/extensions/bbb/frags:
-rwxr-xr-x 1 root root 1210 Feb 7 16:33 added-bbb-13038.txt
-rwxr-xr-x 1 root root 2236 Feb 8 18:29 added-bbb-13039.txt
-rwxr-xr-x 1 root root 2474 Feb 9 09:38 added-bbb-13040.txt
Now run the firewall rules restore utility with our custom rule-set as input:
Code:
core2quad usb-0.7.N $ ssh kpw "PATH=$PATH ; iptables-restore < /mnt/us/extensions/bbb/frags/added-bbb-13040.txt"
Doing a full restore of the kernel's tables zeros the counters:
Code:
core2quad usb-0.7.N $ ssh kpw "PATH=$PATH ; iptables -vnL"
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
21 4059 ACCEPT all -- usb0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 127.0.0.0/8 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- wlan0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP tcp -- wlan0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- wlan0 * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
0 0 DROP udp -- wlan0 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 udp spt:40317
0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 udp spt:49317
0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 udp spt:33434
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:40317
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
0 0 DROP all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * lo 0.0.0.0/0 127.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 23.0.0.0/12
0 0 DROP all -- * * 0.0.0.0/0 23.20.0.0/14
0 0 DROP all -- * * 0.0.0.0/0 50.16.0.0/14
0 0 DROP all -- * * 0.0.0.0/0 54.240.128.0/18
0 0 DROP all -- * * 0.0.0.0/0 54.240.0.0/12
0 0 DROP all -- * * 0.0.0.0/0 64.208.0.0/16
0 0 DROP all -- * * 0.0.0.0/0 64.209.0.0/17
0 0 DROP all -- * * 0.0.0.0/0 72.21.192.0/19
0 0 DROP all -- * * 0.0.0.0/0 107.20.0.0/14
0 0 DROP all -- * * 0.0.0.0/0 176.32.96.0/21
0 0 DROP all -- * * 0.0.0.0/0 178.236.0.0/21
0 0 DROP all -- * * 0.0.0.0/0 184.72.0.0/15
0 0 DROP all -- * * 0.0.0.0/0 204.246.160.0/19
0 0 DROP all -- * * 0.0.0.0/0 205.251.192.0/18
0 0 DROP all -- * * 0.0.0.0/0 207.171.160.0/19
21 2910 ACCEPT all -- * usb0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * wlan0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Disable airplane mode, Select own Wifi AP, tap 'home' and:
Code:
core2quad usb-0.7.N $ ssh kpw "PATH=$PATH ; iptables -vnL"
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
44 8222 ACCEPT all -- usb0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 127.0.0.0/8 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- wlan0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP tcp -- wlan0 * 0.0.0.0/0 0.0.0.0/0
16 6620 ACCEPT udp -- wlan0 * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
2 624 DROP udp -- wlan0 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 udp spt:40317
0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 udp spt:49317
0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 udp spt:33434
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:40317
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
0 0 DROP all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * lo 0.0.0.0/0 127.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 23.0.0.0/12
7 1148 DROP all -- * * 0.0.0.0/0 23.20.0.0/14
0 0 DROP all -- * * 0.0.0.0/0 50.16.0.0/14
0 0 DROP all -- * * 0.0.0.0/0 54.240.128.0/18
0 0 DROP all -- * * 0.0.0.0/0 54.240.0.0/12
0 0 DROP all -- * * 0.0.0.0/0 64.208.0.0/16
0 0 DROP all -- * * 0.0.0.0/0 64.209.0.0/17
8 512 DROP all -- * * 0.0.0.0/0 72.21.192.0/19
0 0 DROP all -- * * 0.0.0.0/0 107.20.0.0/14
0 0 DROP all -- * * 0.0.0.0/0 176.32.96.0/21
0 0 DROP all -- * * 0.0.0.0/0 178.236.0.0/21
0 0 DROP all -- * * 0.0.0.0/0 184.72.0.0/15
0 0 DROP all -- * * 0.0.0.0/0 204.246.160.0/19
2 152 DROP all -- * * 0.0.0.0/0 205.251.192.0/18
0 0 DROP all -- * * 0.0.0.0/0 207.171.160.0/19
46 10308 ACCEPT all -- * usb0 0.0.0.0/0 0.0.0.0/0
16 1070 ACCEPT all -- * wlan0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Just for those who might think that Kindles do not call home.
After a short "Public Wifi HotSpot" visit (three carriers available, including AT&T).
None of which Chatty Kathy can successfully connect too (connects to home Wifi just fine);
Code:
core2quad ~ $ ssh kpw "PATH=$PATH ; iptables -vnL"
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
67 12937 ACCEPT all -- usb0 * 0.0.0.0/0 0.0.0.0/0
180 40362 ACCEPT all -- lo * 127.0.0.0/8 0.0.0.0/0
1 48 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- wlan0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP tcp -- wlan0 * 0.0.0.0/0 0.0.0.0/0
320 162K ACCEPT udp -- wlan0 * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
6 1992 DROP udp -- wlan0 * 0.0.0.0/0 0.0.0.0/0
3 84 DROP all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 udp spt:40317
0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 udp spt:49317
0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 udp spt:33434
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:40317
0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
0 0 DROP all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
180 40362 ACCEPT all -- * lo 0.0.0.0/0 127.0.0.0/8
0 0 DROP all -- * * 0.0.0.0/0 23.0.0.0/12
295 48380 DROP all -- * * 0.0.0.0/0 23.20.0.0/14
0 0 DROP all -- * * 0.0.0.0/0 50.16.0.0/14
0 0 DROP all -- * * 0.0.0.0/0 54.240.128.0/18
0 0 DROP all -- * * 0.0.0.0/0 54.240.0.0/12
0 0 DROP all -- * * 0.0.0.0/0 64.208.0.0/16
0 0 DROP all -- * * 0.0.0.0/0 64.209.0.0/17
18 1144 DROP all -- * * 0.0.0.0/0 72.21.192.0/19
0 0 DROP all -- * * 0.0.0.0/0 107.20.0.0/14
19 1120 DROP all -- * * 0.0.0.0/0 176.32.96.0/21
0 0 DROP all -- * * 0.0.0.0/0 178.236.0.0/21
0 0 DROP all -- * * 0.0.0.0/0 184.72.0.0/15
0 0 DROP all -- * * 0.0.0.0/0 204.246.160.0/19
4 304 DROP all -- * * 0.0.0.0/0 205.251.192.0/18
8 480 DROP all -- * * 0.0.0.0/0 207.171.160.0/19
71 17714 ACCEPT all -- * usb0 0.0.0.0/0 0.0.0.0/0
330 20591 ACCEPT all -- * wlan0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Which shows a number of significant differences, from the home Wifi (successful) connection attempt.
On the input chain:
Code:
3 84 DROP all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
Those three packets are not (or where not identified as) icmp, tcp, or udp packets because prior rules dealt with those cases.
On the output chain BBB filter:
Code:
19 1120 DROP all -- * * 0.0.0.0/0 176.32.96.0/21
8 480 DROP all -- * * 0.0.0.0/0 207.171.160.0/19
Without doing packet capture, I can only guess but I suspect that Chatty Kathy needs authorization from Amazon to use the Amazon Wifi account, and she can't get it. (Too bad or TS)
Also, local host (lo) is in heavy use. Which may or may not be related.
Removing the BBB filter:
Code:
ssh kpw "PATH=$PATH ; /mnt/us/extensions/bbb/config.d/del-bbb-13040.sh"
Expect a brand new document to pop up on your screen. That is a log of any errors encountered.
To see an example, just try removing the BBB filter twice in a row.
A "long touch" (on the Kpw) will bring up a dialog box that allows you to delete the file.
Now confirm that the BBB filter is gone:
Code:
core2quad usb-0.7.N $ ssh kpw "PATH=$PATH ; iptables -vnL OUTPUT"
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
384 61548 ACCEPT all -- * lo 0.0.0.0/0 127.0.0.0/8
781 115K ACCEPT all -- * usb0 0.0.0.0/0 0.0.0.0/0
330 20591 ACCEPT all -- * wlan0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * ppp0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0