tip: easy mini firewall
 

Hi,
Nokia's Internet tablets are pretty secure out of the box, ports are well closed, but a small firewall never hurts. Alas, I have not found one (so far). So here is a small hack:

open an editor and create a file with this inside:

#!/bin/sh
iptables -F
iptables -A INPUT -p all -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --syn -j DROP

save it, and make it executable (chmod +x). Then, run it as root.

You will have a very basic, but solid, firewall.

HTH,

VS

Re: tip: easy mini firewall
 

Thanks for the tip.

Re: tip: easy mini firewall
 

you are welcome. BTW there are far more advanced iptables scripts out there, but this one being super-easy and short I thought I would share it.
on the down side, this does requier some prospective newbie to install Xterm, get a root account, etc.
I wonder if somebody would write a mini-applet and turn this into a mini-firewall package for the N770/N800
Any ideas?
Kind regards,
VS

Re: tip: easy mini firewall
 

Thanks, great tip! I'd offer the following change for those who want remote SSH access to their Nokia from anywhere - and if I typed something wrong, please correct me - I'm no iptables guru, but it seems to work here!

Re: tip: easy mini firewall
 

Any chance of some one getting a version of iptables with logging working?

Re: tip: easy mini firewall
 

Would this have to be rerun after a reboot? If so, it could be slapped as is into an rc file like /etc/init.d/firewall & linked to /etc/rc0.d/S40firewall (for example).

Re: tip: easy mini firewall
 

Yes it would have to be rerun after a reboot. An yer linking it in that way should work

Re: tip: easy mini firewall
 

why not just ?

Re: tip: easy mini firewall
 

I know nothing about iptables, but wouldn't it be "proper" to issue the above commands in the shell to set up the firewall, then use something like 'iptables-save > /etc/iptables.conf' & then just have the rc script call 'iptables-restore < /etc/iptables.conf'? Or am I making things too complicated, as usual? :rolleyes:

Re: tip: easy mini firewall
 

Damn, I thought we'd discuss firewall appliances :)

That is the easy and proper way. Put these commands in rc scripts and you're done.

So, issue these commands as root:

To save current firewall rules (before reboot):

To restore previously last firewall rules (during boot or right after boot)

NOTE you should accept traffic to/from local loopback device instead of 127.0.0.1. You should deny traffic from 127.0.0.1 on network because this can only be spoofed traffic. However, I'm no IPT wizard; I prefer OpenBSD PF.

Keep in mind legit network services such as DHCP traffic and Avahi...