|
Re: [Announce] genwall a simple iptables firewall
As I said when I have the time I will add some quick tutorials. I will also update the help files for genwall the next days.
So here it comes: USB LAN Connection Windows 7 Internet from N900 Prerequirements usb lan: [PC] driver e.g. from madde Connect a windows system with usb lan: [N900] forwarding {local-basics}In case you want forward/open ports to your pc {for/out-ports} Before you generate the rules and start the firewall script you need to put your pc ip, the port and protocol then push the add button. |
Re: [Announce] genwall a simple iptables firewall
USB LAN Connection Windows 7 Internet to N900
Prerequirements usb lan: [PC] driver e.g. from madde Connect a windows system with usb lan
Now the N900 should have an ip 192.168.137.XXX and the tmp resolv should have domain mshome.net and nameserver 192.168.137.1 entry. It could be that some apps need a dummy connection. Disconnecting:
|
Re: [Announce] genwall a simple iptables firewall
Great application
|
Re: [Announce] genwall a simple iptables firewall
Genwall is available for SFOS too now.
https://openrepos.net/content/halftux/genwall-0 It has not so many functions at the moment because many hacks were specific for the N900/maemo device. Hence it is based on version 1.0.2. On my Jolla C I have following iptable rules as a standard. The funny thing is, they were all as double roule so I guess they were set twice and they belong to mobile internet. Chain OUTPUT (policy ACCEPT 132K packets, 12M bytes) I created under [local]--[Settings] a checkbox include drop SSDP on WWAN. When this checkbox is enabled the same rules will be created in the script but only once. The [local]--[ssh] tab is not optimal at the moment. When there is no network the process takes unusual long don't know why, maybe I need to open an own process for it. You can also try the command in your console if you like. Code:
lsof -i | egrep '(COMMAND|sshd)' |
Re: [Announce] genwall a simple iptables firewall
New version released for SFOS.
v1.1.0-1 - added filter list for deleting rules - fixed addnow ports dialog - added rules creator from log - added ofono info - added iptables log option and view - added messages With the new added features you can add and remove rules during runtime. I will try to explain how.... First you need to generate your rules again with a checked checkbox "activate logging for Rejectwall". After that you need to run the script. https://openrepos.net/sites/default/...0190324002.png Then you try to connect with your pc to a closed port. In this example I used ftp 21 to generate some kernel messages. For an easy readability I would suggest to set an filter on the log list entry names. When you would like to add a rule then I would suggest following filter settings. https://openrepos.net/sites/default/...0190330001.png When you are play with outgoing packages, you need to choose out instead of in. After the filter is set go to the rules--chains tab again and choose as "filter log" Rejectwall and hit the load button. Then you will get filtered kernel messages to the log textedit. In the right top corner there will be a menu button. There you could choose "open" to open a listwidget. Now you could choose a rejected event and the rules creator pops up. https://openrepos.net/sites/default/...0190330002.png The rules creator can create some different rules for you, which will be added in the listwidget on the rules--extra tab. With the current ip checkbox, when activated, you could restrict the rule to the source ip. With accept and drop button you create the rule. You can also drop the packages into the firewall chain. When you don't like the source ip you could also drop all incoming from that ip with "drop all from ip". The accept now button will open promptly the port ristricted to an ip or not depends on the checkbox. https://openrepos.net/sites/default/...0190330003.png Now for example when you would like to close the port again you could go to the local--filter tab, there is again a menu button, where you choose Input. A listwidget will open, there you select the specific rule and by pushing the delete button it will be promptly removed. There is also another way to open a port during runtime. Under local--ports tab you will find the add now button. Set you port and then hit the button. Now you will see how many rules are in Input. Here you could choose a rule number for adding. Be careful with choosing not that the rule has no effect. When you use add now from the log filter, the generated rule has everytime number one. Choose the interface and push the insert button. Another thing, I also implemented some ofono modem and sim card information. There are some abbreviations for which I write the full name here. LAC= Location Area Code CID= Cell Id MCC= Mobile Country Code MNC= Mobile Network Code |
Re: [Announce] genwall a simple iptables firewall
As a suggestion,would be awesome to have it parse uids of installed android apps and block/enable internet access for them by theirs uid.
|
Re: [Announce] genwall a simple iptables firewall
Quote:
So it would be nice if somebody could attach the file where the uids get saved and also tell me the location (full path). |
Re: [Announce] genwall a simple iptables firewall
info: https://android.stackexchange.com/qu...ication-stored
/opt/alien/data/system/packages.xml seems to hold all info and also every single right /opt/alien/data/system/packages.list more simple list with names and uids ad 1: if this is the base where each application gets its rights from at start then it should not be so hard to implement a GUI for SEDing this xml, or? (android noob :)) |
Re: [Announce] genwall a simple iptables firewall
Apologies for necroposting, i was wondering: the N9 version doesn't run on stock kernel, does it?
|
Re: [Announce] genwall a simple iptables firewall
Quote:
So for full support you need to use kernel plus. |
| All times are GMT. The time now is 11:50. |
vBulletin® Version 3.8.8