Quote:
Originally Posted by bnuuy
KT6 on 5.17.1.0.4 JB
I only use koreader and do all my file transfers via koreader's ssh server.
Would doing something like this be a bad idea?
Code:
iptables -P OUTPUT DROP
iptables -A OUTPUT -d 192.168.0.0/24 -j ACCEPT
Or is there already a solution that i'm not aware of? |
it was a bad idea on mine as it slowed everything down due to some needed inter process communications that occur over sockets.
before going into what i did, oblig prewarning: make sure you have ktrerm on the device so you can undo changes if you lock out ssh. also backup your iptables so you can undo if and when needed.
i did this edit in /etc/sysconfig/iptables
BACKUP FIRST
in aforementioned file, find the line that matches # below
insert the stuff immediately below it
tweak the local network range if needed
save
either cycle network, firewall, or reboot the device
try to connect locally and ensure it works
try to connect not locally and ensure it doesn't work
observe if the kindle ui has any showdown, if so try to figure out which service is blocked where and open those too
if you don't like it then copy your backed up clean iptables over this modified out and restart firewall, network, or reboot
Code:
# TCP handling. Allow incoming TCP TPH on WAN
-A INPUT -i wlan0 -p udp --dport 67:68 --sport 67:68 -j ACCEPT
-A INPUT -i wlan0 -s 192.168.0.0/16 -j ACCEPT
-A INPUT -i wlan0 -s 10.0.0.0/8 -j ACCEPT
-A INPUT -i wlan0 -j DROP
-A OUTPUT -o wlan0 -d -j ACCEPT
-A OUTPUT -o wlan0 -d 10.0.0.0/8 -j ACCEPT
-A OUTPUT -o wlanO -j DROP