Questions on IPTables & N900
 

Hi,
Can anyone tell me how to install iptables firewall on N900?

As far as I am aware, the default kernel is not compatible with iptables, or is it?
If it's not, how do I install both the compatible kernel and the iptables itself?

I've found some posts which are related to my question but since I am new to Linux I still couldn't understand how to install them :confused:

Also, if the default kernel of N900 is not compatible with iptables and if I do a firmware upgrade on my N900, will the compatible kernel got replaced so that I will have to reinstall it again?

Thank you in advance. ;)

P.S.: If there's something wrong with what I said, please correct me since I'm not sure if I understood those things properly. All I want is a firewall :D

Re: Questions on IPTables & N900
 

any answer please? :confused:

by the way, I've just found iptables package here:
http://maemo.org/packages/view/iptables/

Can I just use it?
Which one should I download?
And do I just install the deb file?

Re: Questions on IPTables & N900
 

correct, iptables is a kernel module in linux but i not in the fremntle kernel.

you would need to compile your own kernel and put it in an image and flash the device with it I believe. Not ure if you cn recompile kernel on device, but I doubt it
If you are new to linux, maybe try recopiling a kernel on a desktop distro first before trying it on such a customized embedded kind of device. I am no stranger to linux or even custom kernels, but recompiling a kernel for such a specific device is more thn I want to bite off for sure.

yes, most likely. the firmware updates just rewrite that entire part of the filesystem i believe

well, the device is not really running ny service so a firewall isn't really necessary, IMO

Re: Questions on IPTables & N900
 

Thank you for your answer. :)

By the way, can I just use the package here and how do I use it?:
http://maemo.org/packages/view/iptables/

The explanation says that:
Does this mean that it includes the kernel? :confused:


Does the device block all incoming connections by default?

Re: Questions on IPTables & N900
 

There is sshd available and working for N900.

Re: Questions on IPTables & N900
 

Thanks. This answers my question on whether the device blocks all incoming connections by default or not. :)

I still need some help on iptables though :(

Re: Questions on IPTables & N900
 

Also discussed in this thread.

I'm still not 100% sure you cannot not do very basic iptables (setting input policy to drop for example) with the stock kernel.

I have not tried it and I'm running a custom kernel because I'm developing a mobile hotspot.

Compiling a new kernel (or just modules in case they do not require any special/extended symbols in the kernel proper, but netfilter does...) is not really that hard once you have a working scratchbox (see for example the bottom of the hotspot project page).

There is also kernel-maemo which is a (separate) custom kernel with even more features than the hotspot one (which basically adds only netfilter and qos).

As for "sshd available and working" only if you explicitly install it.

Re: Questions on IPTables & N900
 

By stock kernel, did you mean the default kernel which came with the device?
And if it is, has anyone tried?

Re: Questions on IPTables & N900
 

I think this basic iptables suit my needs enough.
All I want is to block all incoming connection and block unused outgoing ports, allowing only outgoing ports that I use.

Re: Questions on IPTables & N900
 

Can anyone help me further? :( :( :(

Re: Questions on IPTables & N900
 

Next step would be to make yourself familiar with compiling a custom kernel. But there be dragons. You have to be brave to go further :-)

Re: Questions on IPTables & N900
 

I'm still unclear on some things.
1. What is meant by "stock kernel"? Is it the default kernel which came with the device?
Then, does it work for basic IPTables commands? (someone please verify this for me :confused: , because I don't have a N900 with me at the moment)

2. If it doesn't, then does one of the packages here:
http://maemo.org/packages/view/iptables/
modifies the kernel or do I have to modify the kernel before installing the package? Which package can I use for N900?

Once again, thank you in advance.
:D:D:D

Re: Questions on IPTables & N900
 

ehm why compile custom kernel when then default one works fine with iptables?



got iptables on mine

Re: Questions on IPTables & N900
 

I didn't know that. I thought i read somewhere else that it isn't possible with stock kernel.

But yeah. stock kernel means the pre installed kernel.

Therock, would you share your iptables script? I tried using iptables yesterday and got an error message for the target ACCEPT.

Did you do anything else but install the iptables package and "modprobe ip_tables"?

Re: Questions on IPTables & N900
 

modprobe iptable_filter

and then i just had the "apt-get install iptables"

and wolla you got iptables and you can create your own rules

Re: Questions on IPTables & N900
 

Thanks guys :D

Re: Questions on IPTables & N900
 

so,i understood iptables is compatible with stock kernel but not with kernel-power what can be downloaded from maemo.org repository?

thanks