The point raised (on another thread) here that NOT making the user wait for filtered connection attempts to time out was a good one.
It was also a valid point about the firewall design, it **should** be using the proper "reset" and "reject" targets rather than "drop".
Unfortunately, not even the most recent stock firmware supports the "REJECT" target ("reset" is a special case of "reject").
Since it is an objective to not introduce binary additions to the stock firmware with BBB ;
The BBB project will have to continue making the user sit and wait for the "store" to time out (and everything else that is filtered).
The next change will be to split up our monolithic firewall into interface specific chains in the filter table.
Finally! The "Store" feature finally timed-out with:
Quote:
Kindle Store encountered an unexpected error.
Something went wrong and we apologize.
. . . .
|
Yeah, buddy! And it will keep right on going wrong as long as BBB is enabled.
Now, where was I in typing this post?
Oh, yeah . . . .
The new per-interface rule tables.
Code:
Chain ppp-in (0 references)
pkts bytes target prot opt in out source destination
Chain ppp-out (0 references)
pkts bytes target prot opt in out source destination
Chain usb-in (0 references)
pkts bytes target prot opt in out source destination
Chain usb-out (0 references)
pkts bytes target prot opt in out source destination
Chain wlan-in (0 references)
pkts bytes target prot opt in out source destination
Chain wlan-out (0 references)
pkts bytes target prot opt in out source destination
This change will ease the job of automating the add/removal of services plus give more specific control to the user of the networking features of their device.
Control **PER INTERFACE** device.
This change will actually make the firewall more efficient with less packet latency.
Plus - KUAL buttons - RSN