Our usual 'manual' installation process (still):
Reload the kernel's firewall rules:
Code:
core2quad ~ $ ssh kpw "PATH=$PATH ; iptables-restore < /mnt/us/extensions/bbb/frags/added-bbb-13042.txt"
Now the standard INPUT chain is what applies to all interfaces, plus a total for the specific interface inputs:
Code:
core2quad ~ $ ssh kpw "PATH=$PATH ; iptables -vnL INPUT"
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 127.0.0.0/8 0.0.0.0/0
0 0 DROP all -- lo * 0.0.0.0/0 0.0.0.0/0
21 4059 usb-in all -- usb0 * 0.0.0.0/0 0.0.0.0/0
6 504 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
185 94842 wlan-in all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
0 0 ppp-in all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
And the 'detail' table listed as the 'target' has the specifics:
Code:
core2quad ~ $ ssh kpw "PATH=$PATH ; iptables -vnL wlan-in"
Chain wlan-in (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
233 121K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
4 1216 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
2 56 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
The totals do not match above because of traffic on wlan0 in-between the reports.
This structure allows for the easy automation of adding and removing services **PER INTERFACE**.
I.E: It is unlikely that anyone will want to run rsync on anything other than the USB cable.
And other services only make sense on interfaces other than the USB cable.
It also allows modification **PER INTERFACE** of the BBB filter.
Exactly how that might be useful is yet to be known, but it is there to help the automation also.
After today's field test (minus one counter):
Now delete the BBB filter from all three output interface chains:
Code:
core2quad ~ $ ssh kpw "PATH=$PATH ; /mnt/us/extensions/bbb/config.d/del-bbb-13042.sh"
Now confirm that they are gone:
Next - work on some buttons - RSN.