View Single Post
Old 02-07-2012, 04:18 PM   #3
x64
Junior Member
x64 began at the beginning.
 
Posts: 5
Karma: 10
Join Date: Feb 2012
Device: K4 Non-Touch
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

-A OUTPUT -d 178.236.6.0/16 -j DROP
-A OUTPUT -d 23.0.0.0/12 -j DROP
-A OUTPUT -d 50.16.0.0/14 -j DROP
-A OUTPUT -d 72.21.192.0/19 -j DROP
-A OUTPUT -d 107.20.0.0/14 -j DROP
-A OUTPUT -d 184.72.0.0/15 -j DROP
-A OUTPUT -d 204.246.160.0/19 -j DROP
-A OUTPUT -d 205.251.192.0/18 -j DROP
-A OUTPUT -d 207.171.160.0/19 -j DROP



-A INPUT -i wlan0 -p tcp --dport 22 -j ACCEPT
#-A INPUT -i ppp0 -p tcp -m tcp --dport 40317 -j ACCEPT (commented out)
-A INPUT -i ppp0 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i wlan0 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT


---------- > rest untouched <------------------

Also used a packet sniffer / tcpdump / netstat on my freebsd router to track connections. I hope I didn't miss anything including amazon.co.uk.


[root@kindle sysconfig]# iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state ESTABLISHED
ACCEPT udp -- anywhere anywhere state ESTABLISHED
ACCEPT all -- localhost.localdomain anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere a23-0-0-0.deploy.akamaitechnologies.com/12
DROP all -- anywhere ec2-50-16-0-0.compute-1.amazonaws.com/14
DROP all -- anywhere 72.21.192.0/19
DROP all -- anywhere ec2-107-20-0-0.compute-1.amazonaws.com/14
DROP all -- anywhere ec2-184-72-0-0.us-west-1.compute.amazonaws.com/15
DROP all -- anywhere 204.246.160.0/19
DROP all -- anywhere ns-0.awsdns-00.com/18
DROP all -- anywhere 207.171.160.0/19
ACCEPT all -- anywhere localhost.localdomain
[root@kindle sysconfig]#


Seems fine.

THANKYOU !


later edit - I also checked all theese files:

etc/hosts
etc/kdb.src/luigi/system/deamon/testd/proxy_host
etc/kdb.src/luigi/system/deamon/wand/NETWORK_TEST_DOMAIN
etc/sysconfig/ntp
Opt/amazon/ebook/config/browser_wv.conf
Opt/amazon/ebook/config/framework.fiona.conf
Opt/amazon/ebook/config/ServerConfig.conf
Opt/amazon/ebook/config/wrs.ini

All I did there - is point amazon to 127.0.0.1 in hosts , and set ntp daemon default time server to "time.nist.gov" (eliminating the amazon's one). I didn't bother to mess up browser's settings because he fails to connect to amazon anyway (iptable prohibited). Also - this was a recomandation from another post - here it's yoshi not luigi (build name replace where needed).

Last edited by x64; 02-07-2012 at 04:25 PM. Reason: adding file edit details.
x64 is offline   Reply With Quote