Reply
Thread Tools
vees's Avatar
Posts: 95 | Thanked: 6 times | Joined on Apr 2007 @ the Imperial Homeland
#1
Hi,
Nokia's Internet tablets are pretty secure out of the box, ports are well closed, but a small firewall never hurts. Alas, I have not found one (so far). So here is a small hack:

open an editor and create a file with this inside:

#!/bin/sh
iptables -F
iptables -A INPUT -p all -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --syn -j DROP

save it, and make it executable (chmod +x). Then, run it as root.

You will have a very basic, but solid, firewall.

HTH,

VS
__________________
Motto: chown -R linux:GNU world
http://vineyardsaker.blogspot.com/
 

The Following 3 Users Say Thank You to vees For This Useful Post:
SeRi@lDiE's Avatar
Posts: 919 | Thanked: 37 times | Joined on Aug 2006 @ /dev/null
#2
Thanks for the tip.
 
vees's Avatar
Posts: 95 | Thanked: 6 times | Joined on Apr 2007 @ the Imperial Homeland
#3
you are welcome. BTW there are far more advanced iptables scripts out there, but this one being super-easy and short I thought I would share it.
on the down side, this does requier some prospective newbie to install Xterm, get a root account, etc.
I wonder if somebody would write a mini-applet and turn this into a mini-firewall package for the N770/N800
Any ideas?
Kind regards,
VS
__________________
Motto: chown -R linux:GNU world
http://vineyardsaker.blogspot.com/
 
Posts: 245 | Thanked: 25 times | Joined on Apr 2007
#4
Thanks, great tip! I'd offer the following change for those who want remote SSH access to their Nokia from anywhere - and if I typed something wrong, please correct me - I'm no iptables guru, but it seems to work here!

Code:
#!/bin/sh
iptables -F
iptables -A INPUT -p all -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --syn -j DROP
 

The Following User Says Thank You to gsagers For This Useful Post:
Posts: 47 | Thanked: 10 times | Joined on Jan 2008 @ UK
#5
Any chance of some one getting a version of iptables with logging working?
 
grog's Avatar
Posts: 546 | Thanked: 85 times | Joined on Feb 2008 @ Winnipeg, Canada
#6
Would this have to be rerun after a reboot? If so, it could be slapped as is into an rc file like /etc/init.d/firewall & linked to /etc/rc0.d/S40firewall (for example).
__________________
GROG!
N900 | ZAGG Body Armour | 16Gb A-DATA micro-sd
N810 | 2 x Patriot 8gb mini-SD | Boxwave Crystal Clear SS | Black Aluminum case | OTG dongle
N800 | 2 x 8gb OCX SD | Boxwave Anti-glare SS | PDAir book-style case
Holux M-1200 bluetooth GPS | iGo 4-row bluetooth keyboard | Linksys USB 10/100 ethernet | Plantronics Voyager 855 BT Headset
 
Posts: 47 | Thanked: 10 times | Joined on Jan 2008 @ UK
#7
Yes it would have to be rerun after a reboot. An yer linking it in that way should work
 

The Following User Says Thank You to Ricky-Lee For This Useful Post:
brendan's Avatar
Posts: 531 | Thanked: 79 times | Joined on Oct 2006 @ This side of insane, that side of genius
#8
why not just
Code:
vi /etc/sysconfig/iptables
?
__________________
Nokia n800
OS 2008
Pharos iGPS 360-BT
ElmScan 5 BlueTooth
BlackBerry Bold (9000)
AT&T Wireless
 
grog's Avatar
Posts: 546 | Thanked: 85 times | Joined on Feb 2008 @ Winnipeg, Canada
#9
I know nothing about iptables, but wouldn't it be "proper" to issue the above commands in the shell to set up the firewall, then use something like 'iptables-save > /etc/iptables.conf' & then just have the rc script call 'iptables-restore < /etc/iptables.conf'? Or am I making things too complicated, as usual?
__________________
GROG!
N900 | ZAGG Body Armour | 16Gb A-DATA micro-sd
N810 | 2 x Patriot 8gb mini-SD | Boxwave Crystal Clear SS | Black Aluminum case | OTG dongle
N800 | 2 x 8gb OCX SD | Boxwave Anti-glare SS | PDAir book-style case
Holux M-1200 bluetooth GPS | iGo 4-row bluetooth keyboard | Linksys USB 10/100 ethernet | Plantronics Voyager 855 BT Headset
 
allnameswereout's Avatar
Posts: 3,397 | Thanked: 1,212 times | Joined on Jul 2008 @ Netherlands
#10
Damn, I thought we'd discuss firewall appliances

Originally Posted by grog View Post
I know nothing about iptables, but wouldn't it be "proper" to issue the above commands in the shell to set up the firewall, then use something like 'iptables-save > /etc/iptables.conf' & then just have the rc script call 'iptables-restore < /etc/iptables.conf'? Or am I making things too complicated, as usual?
That is the easy and proper way. Put these commands in rc scripts and you're done.

So, issue these commands as root:

Code:
iptables -F # Clears INPUT, OUTPUT, FORWARD rules
iptables -P INPUT DROP # Change INPUT policy to DROP
iptables -A INPUT -p all -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
To save current firewall rules (before reboot):

Code:
iptables-save >/etc/iptables.conf
To restore previously last firewall rules (during boot or right after boot)

Code:
iptables-restore </etc/iptables.conf
NOTE you should accept traffic to/from local loopback device instead of 127.0.0.1. You should deny traffic from 127.0.0.1 on network because this can only be spoofed traffic. However, I'm no IPT wizard; I prefer OpenBSD PF.

Keep in mind legit network services such as DHCP traffic and Avahi...
__________________
Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!
 

The Following 6 Users Say Thank You to allnameswereout For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 18:28.