02-15-2013, 04:33 PM | #1 |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
KUAL Firewall with BBB filter
What is this thing for?
Normally, the Kindle's firewall prohibits any incoming connections. (except some 3G control thingies) This firewall normally also prohibits any incoming connections. (except the same 3G control thingies) What this KUAL firewall does is adopt an infrastructure that will allow the automation (by button tap) of adding and removing network services and adjusting the firewall rules to match. Network services such as ssh, ftp, rsync (for syncronizing the Kindle filesystem to/from a remote computer), and about 1,000 others. The **base** infrastructure of this firewall also includes the "Block Big Brother" output filter by default. There is a button to remove the BBB filter if desired, leaving just the new infrastructure to support the future automation of network service addition and removal. Installation
There will be two directories created when you un-pack the archive: bbb and: refs. The 'refs' directory does not have to be on the Kindle - keep it wherever you keep your reference materials. The two files under 'refs' is your license to use this firewall rule-set and the listing of registration information for the IP address ranges being blocked by the BBB filter. Button Functions Load firewall/BBB filter (/ == 'with') Remove BBB filter only (leaves the new infrastructure behind) Generate packet report (For the curious, and for inclusion with trouble reports) Clear packet counters (guess what) Load factory firewall (re-loads the Amazon factory firewall) The two control buttons (Packet Report, and Clear Counters) works with either this new firewall or the Amazon firewall. BIG RED NOTE: The new firewall does not survive a kernel re-boot, YOU must reload it after re-booting the Linux kernel. Enjoy, feedback welcome. Sources: http://hg.minimodding.com/repos/sys/...4ea620e/simple Last edited by knc1; 02-15-2013 at 08:02 PM. |
02-15-2013, 09:24 PM | #2 |
( ͡° ͜ʖ ͡°){ʇlnɐɟ ƃǝs}Týr
Posts: 6,586
Karma: 6299991
Join Date: Jun 2012
Location: uti gratia usura (Yao ying da ying; Mo ying da yieng)
Device: PW-WIFI|K5-3G+WIFI| K4|K3-3G|DXG|K2| Rooted Nook Touch
|
So impressed. Am fiddling now.
EDIT: Excellent. Only side effect I managed to find so far was applying the firewall while the USB was connected caused it to be ¨re-discovered¨ : ) Just as it should be. No That was a dodgy cable... Reports work great. Don´t see a down-side yet ; ) All in total result. Pressed the various buttons. all seemed in order. : D Quality. will index. EDIT: DONE Last edited by twobob; 02-15-2013 at 10:21 PM. |
Advert | |
|
02-15-2013, 09:33 PM | #3 |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
|
02-15-2013, 09:42 PM | #4 |
Wizard
Posts: 4,744
Karma: 246906703
Join Date: Dec 2011
Location: USA
Device: Oasis 3, Oasis 2, PW3, PW1, KT
|
Oh nice, it seems to work just fine - the BBB part. Not even downloading from the cloud works. This is great to be able to put the PW out of airplane mode. Maybe I will set up my USBNetwork over wifi now.
|
02-15-2013, 09:45 PM | #5 |
Wizard
Posts: 4,744
Karma: 246906703
Join Date: Dec 2011
Location: USA
Device: Oasis 3, Oasis 2, PW3, PW1, KT
|
|
Advert | |
|
02-15-2013, 09:45 PM | #6 |
( ͡° ͜ʖ ͡°){ʇlnɐɟ ƃǝs}Týr
Posts: 6,586
Karma: 6299991
Join Date: Jun 2012
Location: uti gratia usura (Yao ying da ying; Mo ying da yieng)
Device: PW-WIFI|K5-3G+WIFI| K4|K3-3G|DXG|K2| Rooted Nook Touch
|
|
02-15-2013, 09:53 PM | #7 | |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
To allow port 22 and fire up the ssh server with the correct options. But you can use Wifi on your own home network, it is just the "free" public hotspots that do not (yet) work. If you want to do it by hand: iptables -t filter -I wlan-in -dport:22 -j ACCEPT Or something like that, I may have the 'destination port' option typo'd - man page will show how to write it. Without specifying a rule number to instert at, it inserts as Rule #1 - which is just the place is should go in the wlan-in chain. Duh... That was not an accident. Also - notice you don't need a script - you can code that in the menu.json 'action:' field. |
|
02-15-2013, 09:59 PM | #8 | |
( ͡° ͜ʖ ͡°){ʇlnɐɟ ƃǝs}Týr
Posts: 6,586
Karma: 6299991
Join Date: Jun 2012
Location: uti gratia usura (Yao ying da ying; Mo ying da yieng)
Device: PW-WIFI|K5-3G+WIFI| K4|K3-3G|DXG|K2| Rooted Nook Touch
|
Quote:
|
|
02-15-2013, 10:02 PM | #9 | |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
Kpw-5.3.3, USB network running, ssh connection established, Linux box for client. Doing anything at all to the firewall does not affect usb net. (It is not suppose to - the commands used cause the kernel to do the entire change in-between packets.) Hmm... I never tried the firewall buttons while the USB connection was in storage mode. Maybe that is what you found. |
|
02-15-2013, 10:19 PM | #10 |
( ͡° ͜ʖ ͡°){ʇlnɐɟ ƃǝs}Týr
Posts: 6,586
Karma: 6299991
Join Date: Jun 2012
Location: uti gratia usura (Yao ying da ying; Mo ying da yieng)
Device: PW-WIFI|K5-3G+WIFI| K4|K3-3G|DXG|K2| Rooted Nook Touch
|
I just repeated the test and it didnt happen.
and LOOKING AT THIS CABLE it is shonky as crapola. probably knocked it out during the test slightly. and YES FOLKS that is why we repeat them seems perfectly right now. Lesson learned? Dont use shitty usb cable when testing. Go get the good one. !! Excellent work. Indexed. Thanks!! |
02-16-2013, 02:01 AM | #11 |
A garbling groftpot
Posts: 974
Karma: 9234667
Join Date: Feb 2012
Location: France
Device: Oasis, Voyage, Kobo mini, Samsung tablet, phones, whatever.
|
Oh this is nice! Thank you so much!
|
02-16-2013, 02:41 PM | #12 |
Fanatic
Posts: 568
Karma: 2170348
Join Date: Apr 2011
Device: 2x Sony PRS-350; PRS-300 (†), Paperwhite (†), Voyage
|
knc1
Thanks for this great modification! Working on my PW. If there is a simple way to make WIKIPEDIA run without Amazon and BBB swithced ON - that would be perfect. A. |
02-16-2013, 10:27 PM | #13 | |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
The userland application (iptables) seems to be complete, if not, twobob has already built the newest and greatest. The factory kernel on the other hand is missing a lot of the netfilter modules. Will have to build those and ship them as part of the BBB (and later, the kWall) button set. For instance: lab126 did not build the "REJECT" module. Which is required for proper protocol control operation. |
|
02-17-2013, 02:55 AM | #14 | |
Evangelist
Posts: 404
Karma: 2200000
Join Date: May 2012
Device: kt
|
Quote:
|
|
02-17-2013, 08:46 AM | #15 | |
Going Viral
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
|
Quote:
Re-generating my Kindle source file catalog for Feb., 2013 - - Once that is done, I will then learn from it just how many flavors of these kernel modules will have to be built to support all 7 KUAL devices. (1,664,823 files now cataloged, but the program has only been running about 20 hours.) (2,547,574 files now cataloged, 24 hour runtime, hope to be finished by this evening.) (3,126,096 files now cataloged, 27 hour runtime, hope the electrons aren't wearing out.) (4,290,077 files cataloged, about 35 errors reported, 35.5 hours wall time, 40% on 2 cores, 20% on the other 2 cores the entire time.) Damn good for a decade old Bash script! Last edited by knc1; 02-18-2013 at 08:02 AM. |
|
Tags |
firewall, kual extension |
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
A helpful list of Extensions for KUAL | twobob | Kindle Developer's Corner | 136 | 05-26-2024 11:06 AM |
KUAL: Kindle Unified Application Launcher (v2.7) | twobob | Kindle Developer's Corner | 2317 | 05-04-2024 05:39 AM |
KUAL DateTime Button | knc1 | Kindle Developer's Corner | 65 | 11-17-2023 01:16 PM |
[KUAL] Button Def. Packages (SUPERSEDED) | knc1 | Kindle Developer's Corner | 6 | 09-27-2013 07:56 PM |
HELP ME - with data for Big Brother Blocker (BBB) | knc1 | Kindle Developer's Corner | 12 | 02-11-2013 08:58 PM |