Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 02-15-2013, 04:33 PM   #1
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
KUAL Firewall with BBB filter

What is this thing for?

Normally, the Kindle's firewall prohibits any incoming connections.
(except some 3G control thingies)

This firewall normally also prohibits any incoming connections.
(except the same 3G control thingies)

What this KUAL firewall does is adopt an infrastructure that will allow the automation (by button tap) of adding and removing network services and adjusting the firewall rules to match.

Network services such as ssh, ftp, rsync (for syncronizing the Kindle filesystem to/from a remote computer), and about 1,000 others.

The **base** infrastructure of this firewall also includes the "Block Big Brother" output filter by default.
There is a button to remove the BBB filter if desired, leaving just the new infrastructure to support the future automation of network service addition and removal.

Installation
  • Un-pack the archive
  • Move or copy the bbb directory (and its sub-directories and files) as an entry under the */extensions directory in USB storage.


There will be two directories created when you un-pack the archive: bbb and: refs.
The 'refs' directory does not have to be on the Kindle - keep it wherever you keep your reference materials.

The two files under 'refs' is your license to use this firewall rule-set and the listing of registration information for the IP address ranges being blocked by the BBB filter.

Button Functions
Load firewall/BBB filter (/ == 'with')
Remove BBB filter only (leaves the new infrastructure behind)
Generate packet report (For the curious, and for inclusion with trouble reports)
Clear packet counters (guess what)
Load factory firewall (re-loads the Amazon factory firewall)

The two control buttons (Packet Report, and Clear Counters) works with either this new firewall or the Amazon firewall.

BIG RED NOTE: The new firewall does not survive a kernel re-boot, YOU must reload it after re-booting the Linux kernel.

Enjoy, feedback welcome.

Sources: http://hg.minimodding.com/repos/sys/...4ea620e/simple
Attached Files
File Type: gz bbb-1.0.0.tar.gz (4.1 KB, 1242 views)
File Type: zip bbb-1.0.0.zip (6.7 KB, 2159 views)

Last edited by knc1; 02-15-2013 at 08:02 PM.
knc1 is offline   Reply With Quote
Old 02-15-2013, 09:24 PM   #2
twobob
( ͡° ͜ʖ ͡°){ʇlnɐɟ ƃǝs}Týr
twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.
 
twobob's Avatar
 
Posts: 6,586
Karma: 6299991
Join Date: Jun 2012
Location: uti gratia usura (Yao ying da ying; Mo ying da yieng)
Device: PW-WIFI|K5-3G+WIFI| K4|K3-3G|DXG|K2| Rooted Nook Touch
So impressed. Am fiddling now.

EDIT: Excellent.

Only side effect I managed to find so far was applying the firewall while the USB was connected caused it to be ¨re-discovered¨ : ) Just as it should be. No That was a dodgy cable...

Reports work great. Don´t see a down-side yet ; ) All in total result.

Pressed the various buttons. all seemed in order. : D

Quality. will index. EDIT: DONE
Attached Thumbnails
Click image for larger version

Name:	TightVNC: kindle:0.0_124.png
Views:	1752
Size:	27.3 KB
ID:	101337   Click image for larger version

Name:	TightVNC: kindle:0.0_125.png
Views:	1356
Size:	38.0 KB
ID:	101338   Click image for larger version

Name:	TightVNC: kindle:0.0_127.png
Views:	1326
Size:	18.6 KB
ID:	101339   Click image for larger version

Name:	TightVNC: kindle:0.0_131.png
Views:	1472
Size:	26.6 KB
ID:	101340   Click image for larger version

Name:	TightVNC: kindle:0.0_128.png
Views:	1440
Size:	35.8 KB
ID:	101341   Click image for larger version

Name:	TightVNC: kindle:0.0_132.png
Views:	1304
Size:	61.0 KB
ID:	101342  

Last edited by twobob; 02-15-2013 at 10:21 PM.
twobob is offline   Reply With Quote
Advert
Old 02-15-2013, 09:33 PM   #3
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Quote:
Originally Posted by twobob View Post
So impressed. Am fiddling now.
Find the "Clear Counters" **script** and my question of this morning will be answered.
knc1 is offline   Reply With Quote
Old 02-15-2013, 09:42 PM   #4
DuckieTigger
Wizard
DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.
 
DuckieTigger's Avatar
 
Posts: 4,742
Karma: 246906703
Join Date: Dec 2011
Location: USA
Device: Oasis 3, Oasis 2, PW3, PW1, KT
Oh nice, it seems to work just fine - the BBB part. Not even downloading from the cloud works. This is great to be able to put the PW out of airplane mode. Maybe I will set up my USBNetwork over wifi now.
DuckieTigger is offline   Reply With Quote
Old 02-15-2013, 09:45 PM   #5
DuckieTigger
Wizard
DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.DuckieTigger ought to be getting tired of karma fortunes by now.
 
DuckieTigger's Avatar
 
Posts: 4,742
Karma: 246906703
Join Date: Dec 2011
Location: USA
Device: Oasis 3, Oasis 2, PW3, PW1, KT
Quote:
Originally Posted by knc1 View Post
Find the "Clear Counters" **script** and my question of this morning will be answered.
This: /usr/sbin/iptables? It got everything you need build in?
DuckieTigger is offline   Reply With Quote
Advert
Old 02-15-2013, 09:45 PM   #6
twobob
( ͡° ͜ʖ ͡°){ʇlnɐɟ ƃǝs}Týr
twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.
 
twobob's Avatar
 
Posts: 6,586
Karma: 6299991
Join Date: Jun 2012
Location: uti gratia usura (Yao ying da ying; Mo ying da yieng)
Device: PW-WIFI|K5-3G+WIFI| K4|K3-3G|DXG|K2| Rooted Nook Touch
Quote:
Originally Posted by knc1 View Post
Find the "Clear Counters" **script** and my question of this morning will be answered.
Ye gods man the scripts are a thing of beauty.

I am eyeball wandering but will index first.
twobob is offline   Reply With Quote
Old 02-15-2013, 09:53 PM   #7
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Quote:
Originally Posted by DuckieTigger View Post
Oh nice, it seems to work just fine - the BBB part. Not even downloading from the cloud works. This is great to be able to put the PW out of airplane mode. Maybe I will set up my USBNetwork over wifi now.
That will be the first firewall hole-punching button.
To allow port 22 and fire up the ssh server with the correct options.

But you can use Wifi on your own home network, it is just the "free" public hotspots that do not (yet) work.

If you want to do it by hand:
iptables -t filter -I wlan-in -dport:22 -j ACCEPT
Or something like that, I may have the 'destination port' option typo'd - man page will show how to write it.

Without specifying a rule number to instert at, it inserts as Rule #1 - which is just the place is should go in the wlan-in chain.

Duh...
That was not an accident.
Also - notice you don't need a script - you can code that in the menu.json 'action:' field.
knc1 is offline   Reply With Quote
Old 02-15-2013, 09:59 PM   #8
twobob
( ͡° ͜ʖ ͡°){ʇlnɐɟ ƃǝs}Týr
twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.
 
twobob's Avatar
 
Posts: 6,586
Karma: 6299991
Join Date: Jun 2012
Location: uti gratia usura (Yao ying da ying; Mo ying da yieng)
Device: PW-WIFI|K5-3G+WIFI| K4|K3-3G|DXG|K2| Rooted Nook Touch
Quote:
Originally Posted by knc1 View Post
That will be the first firewall hole-punching button.
To allow port 22 and fire up the ssh server with the correct options.

But you can use Wifi on your own home network, it is just the "free" public hotspots that do not (yet) work.

If you want to do it by hand:
iptables -t filter -I wlan-in -dport:22 -j ACCEPT
Or something like that, I may have the 'destination port' option typo'd - man page will show how to write it.

Without specifying a rule number to instert at, it inserts as Rule #1 - which is just the place is should go in the wlan-in chain.

Duh...
That was not an accident.
Also - notice you don't need a script - you can code that in the menu.json 'action:' field.
twobob is offline   Reply With Quote
Old 02-15-2013, 10:02 PM   #9
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Quote:
Originally Posted by twobob View Post

Only side effect I managed to find so far was applying the firewall while the USB was connected caused it to be ¨re-discovered¨ : ) Just as it should be.
That seems strange - which device?

Kpw-5.3.3, USB network running, ssh connection established, Linux box for client.

Doing anything at all to the firewall does not affect usb net.
(It is not suppose to - the commands used cause the kernel to do the entire change in-between packets.)

Hmm...
I never tried the firewall buttons while the USB connection was in storage mode. Maybe that is what you found.
knc1 is offline   Reply With Quote
Old 02-15-2013, 10:19 PM   #10
twobob
( ͡° ͜ʖ ͡°){ʇlnɐɟ ƃǝs}Týr
twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.twobob ought to be getting tired of karma fortunes by now.
 
twobob's Avatar
 
Posts: 6,586
Karma: 6299991
Join Date: Jun 2012
Location: uti gratia usura (Yao ying da ying; Mo ying da yieng)
Device: PW-WIFI|K5-3G+WIFI| K4|K3-3G|DXG|K2| Rooted Nook Touch
I just repeated the test and it didnt happen.

and LOOKING AT THIS CABLE it is shonky as crapola.

probably knocked it out during the test slightly.

and YES FOLKS that is why we repeat them

seems perfectly right now.

Lesson learned? Dont use shitty usb cable when testing. Go get the good one. !!

Excellent work. Indexed.

Thanks!!
twobob is offline   Reply With Quote
Old 02-16-2013, 02:01 AM   #11
piperclassique
A garbling groftpot
piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.piperclassique ought to be getting tired of karma fortunes by now.
 
piperclassique's Avatar
 
Posts: 974
Karma: 9234667
Join Date: Feb 2012
Location: France
Device: Oasis, Voyage, Kobo mini, Samsung tablet, phones, whatever.
Oh this is nice! Thank you so much!
piperclassique is offline   Reply With Quote
Old 02-16-2013, 02:41 PM   #12
Analogus
Fanatic
Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.Analogus ought to be getting tired of karma fortunes by now.
 
Analogus's Avatar
 
Posts: 568
Karma: 2170348
Join Date: Apr 2011
Device: 2x Sony PRS-350; PRS-300 (†), Paperwhite (†), Voyage
knc1

Thanks for this great modification! Working on my PW.

If there is a simple way to make WIKIPEDIA run without Amazon and BBB swithced ON - that would be perfect.

A.
Analogus is offline   Reply With Quote
Old 02-16-2013, 10:27 PM   #13
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Quote:
Originally Posted by DuckieTigger View Post
This: /usr/sbin/iptables? It got everything you need build in?
Sorry - Missed this one earlier.

The userland application (iptables) seems to be complete, if not, twobob has already built the newest and greatest.

The factory kernel on the other hand is missing a lot of the netfilter modules.
Will have to build those and ship them as part of the BBB (and later, the kWall) button set.

For instance: lab126 did not build the "REJECT" module.
Which is required for proper protocol control operation.
knc1 is offline   Reply With Quote
Old 02-17-2013, 02:55 AM   #14
baf
Evangelist
baf ought to be getting tired of karma fortunes by now.baf ought to be getting tired of karma fortunes by now.baf ought to be getting tired of karma fortunes by now.baf ought to be getting tired of karma fortunes by now.baf ought to be getting tired of karma fortunes by now.baf ought to be getting tired of karma fortunes by now.baf ought to be getting tired of karma fortunes by now.baf ought to be getting tired of karma fortunes by now.baf ought to be getting tired of karma fortunes by now.baf ought to be getting tired of karma fortunes by now.baf ought to be getting tired of karma fortunes by now.
 
Posts: 404
Karma: 2200000
Join Date: May 2012
Device: kt
Quote:
Originally Posted by knc1 View Post
Sorry - Missed this one earlier.

The userland application (iptables) seems to be complete, if not, twobob has already built the newest and greatest.

The factory kernel on the other hand is missing a lot of the netfilter modules.
Will have to build those and ship them as part of the BBB (and later, the kWall) button set.

For instance: lab126 did not build the "REJECT" module.
Which is required for proper protocol control operation.
I once built netfilter kernel modules for KT 5.3.2 (attached). I had an idea to block outgoing connections by process id (-m owner --pid-owner), but it turned out that this option is not supported by modern kernels anymore.
Attached Files
File Type: zip netfilter.zip (87.1 KB, 513 views)
baf is offline   Reply With Quote
Old 02-17-2013, 08:46 AM   #15
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Quote:
Originally Posted by baf View Post
I once built netfilter kernel modules for KT 5.3.2 (attached). I had an idea to block outgoing connections by process id (-m owner --pid-owner), but it turned out that this option is not supported by modern kernels anymore.
Thanks. Will bookmark this post.

Re-generating my Kindle source file catalog for Feb., 2013 - -
Once that is done, I will then learn from it just how many flavors of these kernel modules will have to be built to support all 7 KUAL devices.

(1,664,823 files now cataloged, but the program has only been running about 20 hours.)
(2,547,574 files now cataloged, 24 hour runtime, hope to be finished by this evening.)
(3,126,096 files now cataloged, 27 hour runtime, hope the electrons aren't wearing out.)
(4,290,077 files cataloged, about 35 errors reported, 35.5 hours wall time, 40% on 2 cores, 20% on the other 2 cores the entire time.)
Damn good for a decade old Bash script!

Last edited by knc1; 02-18-2013 at 08:02 AM.
knc1 is offline   Reply With Quote
Reply

Tags
firewall, kual extension

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
KUAL: Kindle Unified Application Launcher (v2.7) twobob Kindle Developer's Corner 2316 03-27-2024 06:23 PM
KUAL DateTime Button knc1 Kindle Developer's Corner 65 11-17-2023 01:16 PM
A helpful list of Extensions for KUAL twobob Kindle Developer's Corner 135 01-23-2023 11:20 PM
[KUAL] Button Def. Packages (SUPERSEDED) knc1 Kindle Developer's Corner 6 09-27-2013 07:56 PM
HELP ME - with data for Big Brother Blocker (BBB) knc1 Kindle Developer's Corner 12 02-11-2013 08:58 PM


All times are GMT -4. The time now is 01:01 AM.


MobileRead.com is a privately owned, operated and funded community.