The Kindle tried to output 28 packets:
Code:
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
28 1805 wlan-out all -- * wlan0 0.0.0.0/0 0.0.0.0/0
Which where sent to the Wifi output filter chain:
Code:
Chain wlan-out (1 references)
pkts bytes target prot opt in out source destination
18 1080 DROP all -- * * 0.0.0.0/0 207.171.160.0/19
10 725 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Those 28 where split into two groups, the 18 to amazon dropped and the other 10 went out on the air.
(See the spoiler below.)
Coming in, off the air, there where 25 packets:
Code:
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
25 2534 wlan-in all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
Which where sent to the Wifi input filter chain:
Code:
Chain wlan-in (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
10 1890 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
5 360 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
10 284 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Of those 25, 10 udp packets where related to the 10 udp packets that where sent and allowed in.
The 5 udp packets that where dropped, where not detected as related to the ones that where sent.
The other 10 packets (which had to be 'non-echo request' icmp) where originated by something 'on the air' because the Kindle firewall protects against all link control messages other than "echo request" (such as funky re-directs).
So the firewall did its thing and dropped them on the floor.
Grumble, grumble, grumble.
Phooey!
What "access type setting" is this Wifi connection using?
It might be an access protocal that I did not allow for.
PS: This Linux firewall can also (with a couple non-Amazon modules added) write PCAP files. I just hope it does not come to that.
