Quote:
Originally Posted by baf
I once built netfilter kernel modules for KT 5.3.2 (attached). I had an idea to block outgoing connections by process id (-m owner --pid-owner), but it turned out that this option is not supported by modern kernels anymore.
|
Thanks.
They load into 5.3.3 (K5 Paperwhite) not just into 5.3.2 (K5 touch) and should load into any kernel with the same version string.
And perhaps earlier kernels using "force" but that is a bit risky.
Code:
core2quad netfilter $ modinfo ./ipt_LOG.ko
filename: ./ipt_LOG.ko
description: Xtables: IPv4 packet logging to syslog
author: Netfilter Core Team <coreteam@netfilter.org>
license: GPL
depends:
vermagic: 2.6.31-rt11-lab126 mod_unload ARMv7
On Kpw-5.3.3:
Code:
[root@kindle root]# lsmod
Module Size Used by
g_ether 27500 0
arcotg_udc_yoshime 17472 1 g_ether
pkt_monitor 3532 0
cyttsp 25692 0
fuse 59316 2
mxc_epdc_fb 42504 3
eink_fb_waveform 557596 1 mxc_epdc_fb
[root@kindle root]# insmod ./ipt_REJECT.ko
[root@kindle root]# lsmod
Module Size Used by
ipt_REJECT 2792 0
g_ether 27500 0
arcotg_udc_yoshime 17472 1 g_ether
pkt_monitor 3532 0
cyttsp 25692 0
fuse 59316 2
mxc_epdc_fb 42504 3
eink_fb_waveform 557596 1 mxc_epdc_fb
[root@kindle root]# cat /proc/version
Linux version 2.6.31-rt11-lab126 (jenkins-official@jbuild03) (collect2: ld returned 1 exit status) #1 Tue Jan 8 22:06:21 PST 2013
Thanks.
That will let me start testing BBB-1.1.0 rule-set (on the K5s) with a proper "REJECT" target and BBB-1.1.x rule-set (developer packet capture).
@baf : You didn't happen to build the ulogd daemon did you?