Jump to content


Photo

iptables and cellular radios


  • Please log in to reply
10 replies to this topic

#1 jw0914

jw0914

    All it takes for evil to triumph, is for good men to do nothing

  • Members
  • PipPip
  • 275 posts
  • LocationMadison
  • Current Device(s):Nexus 6 [XT1103]

Posted 27 May 2015 - 02:52 PM

802.11q doesn't apply to cellular network traffic, however, I'm not knowledgeable enough about how data is transmitted via the cellular radios or how it's handed off to the wifi radio -  so are there any special rules that must be added within iptables to make sure data access is maintained?

 

For example, if I were to add something similar to the below, would the data flow function normally on my Nexus 6:

iptables -t filter -P INPUT ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD DROP
iptables -t filter -N delegate_input
iptables -t filter -N delegate_output
iptables -t filter -N delegate_forward
iptables -t filter -N delegate_rate_limit
iptables -t filter -N reject
iptables -t filter -N input_rule
iptables -t filter -N output_rule
iptables -t filter -N forwarding_rule
iptables -t filter -N syn_flood
iptables -t filter -N zone_lan_input
iptables -t filter -N zone_lan_output
iptables -t filter -N zone_lan_forward
iptables -t filter -N zone_lan_src_ACCEPT
iptables -t filter -N zone_lan_dest_ACCEPT
iptables -t filter -N zone_lan_dest_DROP
iptables -t filter -N input_lan_rule
iptables -t filter -N output_lan_rule
iptables -t filter -N forwarding_lan_rule
iptables -t filter -A zone_lan_input -m comment --comment "user chain for input" -j input_lan_rule
iptables -t filter -A zone_lan_output -m comment --comment "user chain for output" -j output_lan_rule
iptables -t filter -A zone_lan_forward -m comment --comment "user chain for forwarding" -j forwarding_lan_rule
iptables -t filter -N zone_wan_input
iptables -t filter -N zone_wan_output
iptables -t filter -N zone_wan_forward
iptables -t filter -N zone_wan_src_DROP
iptables -t filter -N zone_wan_dest_ACCEPT
iptables -t filter -N zone_wan_dest_DROP
iptables -t filter -N input_wan_rule
iptables -t filter -N output_wan_rule
iptables -t filter -N forwarding_wan_rule
iptables -t filter -A zone_wan_input -m comment --comment "user chain for input" -j input_wan_rule
iptables -t filter -A zone_wan_output -m comment --comment "user chain for output" -j output_wan_rule
iptables -t filter -A zone_wan_forward -m comment --comment "user chain for forwarding" -j forwarding_wan_rule
iptables -t filter -D INPUT -j delegate_input
iptables -t filter -A INPUT -j delegate_input
iptables -t filter -D OUTPUT -j delegate_output
iptables -t filter -A OUTPUT -j delegate_output
iptables -t filter -D FORWARD -j delegate_forward
iptables -t filter -A FORWARD -j delegate_forward
iptables -t filter -A delegate_input -i lo -j ACCEPT
iptables -t filter -A delegate_output -o lo -j ACCEPT
iptables -t filter -A delegate_input -m comment --comment "user chain for input" -j input_rule
iptables -t filter -A delegate_output -m comment --comment "user chain for output" -j output_rule
iptables -t filter -A delegate_forward -m comment --comment "user chain for forwarding" -j forwarding_rule
iptables -t filter -A delegate_input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A delegate_input -m conntrack --ctstate INVALID -j DROP
iptables -t filter -A delegate_output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A delegate_output -m conntrack --ctstate INVALID -j DROP
iptables -t filter -A delegate_forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A delegate_forward -m conntrack --ctstate INVALID -j DROP
iptables -t filter -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -j RETURN
iptables -t filter -A syn_flood -j DROP
iptables -t filter -A delegate_input -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood
iptables -t filter -A reject -p tcp -j DROP
iptables -t filter -A reject -j DROP
iptables -t filter -A delegate_rate_limit -p tcp --dport 22 -m limit --limit 3/min --limit-burst 3 -j DROP
iptables -t filter -A delegate_rate_limit -p tcp --dport 23 -m limit --limit 3/min --limit-burst 3 -j DROP
iptables -t filter -A delegate_rate_limit -p tcp --dport 1194 -m limit --limit 3/min --limit-burst 3 -j DROP
iptables -t filter -A delegate_rate_limit -p udp --dport 1194 -m limit --limit 3/min --limit-burst 3 -j DROP
iptables -t filter -A delegate_rate_limit -p tcp --dport 2221 -m limit --limit 3/min --limit-burst 3 -j ACCEPT
iptables -t filter -A delegate_rate_limit -p ICMP --icmp-type echo-request -m limit --limit 3/sec -j ACCEPT
iptables -t filter -A delegate_rate_limit ! -p ICMP -j LOG --log-prefix " Connection dropped "
iptables -t filter -A delegate_rate_limit -p tcp -j DROP
iptables -t filter -A delegate_rate_limit -p udp -j DROP
iptables -t filter -A delegate_rate_limit -j DROP
iptables -t filter -I delegate_input -p ICMP --icmp-type echo-request -j rate_limit
iptables -t filter -I delegate_input -p tcp --dport 22 -m state --state NEW -j rate_limit
iptables -t filter -I delegate_input -p tcp --dport 23 -m state --state NEW -j rate_limit
iptables -t filter -I delegate_input -p tcp --dport 1194 -m state --state NEW -j rate_limit
iptables -t filter -I delegate_input -p udp --dport 1194 -m state --state NEW -j rate_limit
iptables -t filter -I delegate_input -p tcp --dport 2221 -m state --state NEW -j rate_limit
iptables -t filter -A zone_lan_forward -m comment --comment "forwarding lan -> wan" -j zone_wan_dest_ACCEPT
iptables -t filter -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
iptables -t filter -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
iptables -t filter -A zone_lan_input -j zone_lan_src_ACCEPT
iptables -t filter -A zone_lan_forward -j zone_lan_dest_DROP
iptables -t filter -A zone_lan_output -j zone_lan_dest_ACCEPT
iptables -t filter -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
iptables -t filter -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
iptables -t filter -A zone_wan_input -j zone_wan_src_DROP
iptables -t filter -A zone_wan_forward -j zone_wan_dest_DROP
iptables -t filter -A zone_wan_output -j zone_wan_dest_ACCEPT
iptables -t filter -D zone_wan_dest_ACCEPT -o eth1 -j ACCEPT
iptables -t filter -A zone_wan_dest_ACCEPT -o eth1 -j ACCEPT
iptables -t filter -D zone_wan_src_DROP -i eth1 -j DROP
iptables -t filter -A zone_wan_src_DROP -i eth1 -j DROP
iptables -t filter -D zone_wan_dest_DROP -o eth1 -j DROP
iptables -t filter -A zone_wan_dest_DROP -o eth1 -j DROP
iptables -t filter -D delegate_input -i eth1 -j zone_wan_input
iptables -t filter -A delegate_input -i eth1 -j zone_wan_input
iptables -t filter -D delegate_output -o eth1 -j zone_wan_output
iptables -t filter -A delegate_output -o eth1 -j zone_wan_output
iptables -t filter -D delegate_forward -i eth1 -j zone_wan_forward
iptables -t filter -A delegate_forward -i eth1 -j zone_wan_forward
iptables -t filter -D zone_wan_dest_ACCEPT -o eth1 -j ACCEPT
iptables -t filter -A zone_wan_dest_ACCEPT -o eth1 -j ACCEPT
iptables -t filter -D zone_wan_src_DROP -i eth1 -j DROP
iptables -t filter -A zone_wan_src_DROP -i eth1 -j DROP
iptables -t filter -D zone_wan_dest_DROP -o eth1 -j DROP
iptables -t filter -A zone_wan_dest_DROP -o eth1 -j DROP
iptables -t filter -D delegate_input -i eth1 -j zone_wan_input
iptables -t filter -A delegate_input -i eth1 -j zone_wan_input
iptables -t filter -D delegate_output -o eth1 -j zone_wan_output
iptables -t filter -A delegate_output -o eth1 -j zone_wan_output
iptables -t filter -D delegate_forward -i eth1 -j zone_wan_forward
iptables -t filter -A delegate_forward -i eth1 -j zone_wan_forward
iptables -t nat -N delegate_prerouting
iptables -t nat -N delegate_postrouting
iptables -t nat -N prerouting_rule
iptables -t nat -N postrouting_rule
iptables -t nat -N zone_lan_postrouting
iptables -t nat -N zone_lan_prerouting
iptables -t nat -N prerouting_lan_rule
iptables -t nat -N postrouting_lan_rule
iptables -t nat -A zone_lan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_lan_rule
iptables -t nat -A zone_lan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_lan_rule
iptables -t nat -N zone_wan_postrouting
iptables -t nat -N zone_wan_prerouting
iptables -t nat -N prerouting_wan_rule
iptables -t nat -N postrouting_wan_rule
iptables -t nat -A zone_wan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_wan_rule
iptables -t nat -A zone_wan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_wan_rule
iptables -t nat -D PREROUTING -j delegate_prerouting
iptables -t nat -A PREROUTING -j delegate_prerouting
iptables -t nat -D POSTROUTING -j delegate_postrouting
iptables -t nat -A POSTROUTING -j delegate_postrouting
iptables -t nat -A delegate_prerouting -m comment --comment "user chain for prerouting" -j prerouting_rule
iptables -t nat -A delegate_postrouting -m comment --comment "user chain for postrouting" -j postrouting_rule
iptables -t nat -D delegate_prerouting -i br0 -j zone_lan_prerouting
iptables -t nat -A delegate_prerouting -i br0 -j zone_lan_prerouting
iptables -t nat -D delegate_postrouting -o br0 -j zone_lan_postrouting
iptables -t nat -A delegate_postrouting -o br0 -j zone_lan_postrouting
iptables -t nat -A zone_wan_postrouting -j MASQUERADE
iptables -t nat -D delegate_prerouting -i eth1 -j zone_wan_prerouting
iptables -t nat -A delegate_prerouting -i eth1 -j zone_wan_prerouting
iptables -t nat -D delegate_postrouting -o eth1 -j zone_wan_postrouting
iptables -t nat -A delegate_postrouting -o eth1 -j zone_wan_postrouting
iptables -t nat -D delegate_prerouting -i eth1 -j zone_wan_prerouting
iptables -t nat -A delegate_prerouting -i eth1 -j zone_wan_prerouting
iptables -t nat -D delegate_postrouting -o eth1 -j zone_wan_postrouting
iptables -t nat -A delegate_postrouting -o eth1 -j zone_wan_postrouting
iptables -t nat -I delegate_postrouting -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`
iptables -t mangle -N mssfix
iptables -t mangle -N fwmark
iptables -t mangle -D FORWARD -j mssfix
iptables -t mangle -A FORWARD -j mssfix
iptables -t mangle -D PREROUTING -j fwmark
iptables -t mangle -A PREROUTING -j fwmark
iptables -t mangle -D mssfix -p tcp -o eth1 -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
iptables -t mangle -A mssfix -p tcp -o eth1 -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
iptables -t mangle -D mssfix -p tcp -o eth1 -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
iptables -t mangle -A mssfix -p tcp -o eth1 -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
iptables -t raw -N delegate_notrack
iptables -t raw -D PREROUTING -j delegate_notrack
iptables -t raw -A PREROUTING -j delegate_notrack


#2 cmh714

cmh714

    Tech Service & Beyond

  • Smod
  • 3,272 posts
  • LocationSoCal
  • Current Device(s):Nexus 6

Posted 27 May 2015 - 03:10 PM

I use DroidWall for my iptables so I dont have to deal with it :)



#3 jw0914

jw0914

    All it takes for evil to triumph, is for good men to do nothing

  • Members
  • PipPip
  • 275 posts
  • LocationMadison
  • Current Device(s):Nexus 6 [XT1103]

Posted 28 May 2015 - 04:38 AM

I do as well, but was looking for more fine grained control over network traffic.  While DroidWall can block or allow apps network and/or WiFi access, it's essentially an allow all or block all policy.  I don't know anyone who's at least someone knowledgeable about firewalls using that mindset on their PC (regardless of OS), and I don't think we should have to do that on a mobile device =]



#4 jw0914

jw0914

    All it takes for evil to triumph, is for good men to do nothing

  • Members
  • PipPip
  • 275 posts
  • LocationMadison
  • Current Device(s):Nexus 6 [XT1103]

Posted 28 May 2015 - 04:59 AM

For example. these are the rules applied with DroidWall:

u0_a111@shamu:/ $ su
root@shamu:/ # iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N bw_FORWARD
-N bw_INPUT
-N bw_OUTPUT
-N bw_costly_shared
-N bw_happy_box
-N bw_penalty_box
-N droidwall
-N droidwall-3g
-N droidwall-reject
-N droidwall-wifi
-N fw_FORWARD
-N fw_INPUT
-N fw_OUTPUT
-N natctrl_FORWARD
-N natctrl_tether_counters
-N oem_fwd
-N oem_out
-A INPUT -j bw_INPUT
-A INPUT -j fw_INPUT
-A FORWARD -j oem_fwd
-A FORWARD -j fw_FORWARD
-A FORWARD -j bw_FORWARD
-A FORWARD -j natctrl_FORWARD
-A OUTPUT -o rmnet_data7 -p udp -m udp --dport 1900 -m comment --comment "Drop SSDP on WWAN" -j DROP 
-A OUTPUT -o rmnet_data6 -p udp -m udp --dport 1900 -m comment --comment "Drop SSDP on WWAN" -j DROP 
-A OUTPUT -o rmnet_data5 -p udp -m udp --dport 1900 -m comment --comment "Drop SSDP on WWAN" -j DROP 
-A OUTPUT -o rmnet_data4 -p udp -m udp --dport 1900 -m comment --comment "Drop SSDP on WWAN" -j DROP 
-A OUTPUT -o rmnet_data3 -p udp -m udp --dport 1900 -m comment --comment "Drop SSDP on WWAN" -j DROP 
-A OUTPUT -o rmnet_data2 -p udp -m udp --dport 1900 -m comment --comment "Drop SSDP on WWAN" -j DROP 
-A OUTPUT -o rmnet_data1 -p udp -m udp --dport 1900 -m comment --comment "Drop SSDP on WWAN" -j DROP 
-A OUTPUT -o rmnet_data0 -p udp -m udp --dport 1900 -m comment --comment "Drop SSDP on WWAN" -j DROP 
-A OUTPUT -j oem_out 
-A OUTPUT -j fw_OUTPUT
-A OUTPUT -j bw_OUTPUT 
-A OUTPUT -j droidwall 
-A bw_INPUT -m quota2 ! --name globalAlert  --quota 2097152 
-A bw_INPUT -m owner --socket-exists 
-A bw_OUTPUT -m quota2 ! --name globalAlert  --quota 2097152 
-A bw_OUTPUT -m owner --socket-exists 
-A bw_costly_shared -j bw_penalty_box 
-A droidwall -p udp -m udp --dport 53 -j RETURN 
-A droidwall -o rmnet+ -j droidwall-3g 
-A droidwall -o pdp+ -j droidwall-3g 
-A droidwall -o ppp+ -j droidwall-3g 
-A droidwall -o uwbr+ -j droidwall-3g 
-A droidwall -o wimax+ -j droidwall-3g 
-A droidwall -o vsnet+ -j droidwall-3g 
-A droidwall -o ccmni+ -j droidwall-3g 
-A droidwall -o usb+ -j droidwall-3g 
-A droidwall -o tiwlan+ -j droidwall-wifi 
-A droidwall -o wlan+ -j droidwall-wifi 
-A droidwall -o eth+ -j droidwall-wifi 
-A droidwall -o ra+ -j droidwall-wifi 
-A droidwall-3g -m owner --uid-owner 1000 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10000 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10103 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10161 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10162 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10102 -j RETURN 
-A droidwall-3g -m owner --uid-owner 1002 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10142 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10128 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10043 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10005 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10114 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10166 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10046 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10047 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10193 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10048 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10157 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10004 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10174 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10141 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10049 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10021 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10130 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10008 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10054 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10053 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10061 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10134 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10138 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10188 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10137 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10084 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10206 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10192 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10116 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10168 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10085 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10034 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10013 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10015 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10014 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10016 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10187 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10164 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10098 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10019 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10040 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10091 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10073 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10074 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10024 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10165 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10081 -j RETURN 
-A droidwall-3g -m owner --uid-owner 1021 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10110 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10020 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10126 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10170 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10125 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10154 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10173 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10086 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10072 -j RETURN 
-A droidwall-3g -m owner --uid-owner 1013 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10010 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10169 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10201 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10082 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10123 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10156 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10176 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10131 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10149 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10101 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10147 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10099 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10113 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10087 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10175 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10151 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10152 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10121 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10143 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10204 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10124 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10025 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10120 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10198 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10163 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10026 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10055 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10056 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10060 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10090 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10207 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10097 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10178 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10150 -j RETURN 
-A droidwall-3g -m owner --uid-owner 1027 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10177 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10033 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10036 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10105 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10148 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10093 -j RETURN 
-A droidwall-3g -m owner --uid-owner 10066 -j RETURN 
-A droidwall-3g -m owner --uid-owner 0-999999999 -j droidwall-reject 
-A droidwall-reject -j LOG --log-prefix "[DROIDWALL] " --log-uid 
-A droidwall-reject -j REJECT --reject-with icmp-port-unreachable 
-A droidwall-wifi -m owner --uid-owner 1014 -j RETURN -A droidwall-wifi -m owner --uid-owner 1010 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 1000 -j RETURN -A droidwall-wifi -m owner --uid-owner 10000 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10103 -j RETURN -A droidwall-wifi -m owner --uid-owner 10161 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10162 -j RETURN -A droidwall-wifi -m owner --uid-owner 10102 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10142 -j RETURN -A droidwall-wifi -m owner --uid-owner 10128 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10043 -j RETURN -A droidwall-wifi -m owner --uid-owner 10005 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10114 -j RETURN -A droidwall-wifi -m owner --uid-owner 10166 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10046 -j RETURN -A droidwall-wifi -m owner --uid-owner 10047 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10193 -j RETURN -A droidwall-wifi -m owner --uid-owner 10048 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10157 -j RETURN -A droidwall-wifi -m owner --uid-owner 10004 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10174 -j RETURN -A droidwall-wifi -m owner --uid-owner 10139 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10141 -j RETURN -A droidwall-wifi -m owner --uid-owner 10049 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10021 -j RETURN -A droidwall-wifi -m owner --uid-owner 10130 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10008 -j RETURN -A droidwall-wifi -m owner --uid-owner 10054 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10053 -j RETURN -A droidwall-wifi -m owner --uid-owner 10061 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10134 -j RETURN -A droidwall-wifi -m owner --uid-owner 10138 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10188 -j RETURN -A droidwall-wifi -m owner --uid-owner 10137 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10084 -j RETURN -A droidwall-wifi -m owner --uid-owner 10206 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10192 -j RETURN -A droidwall-wifi -m owner --uid-owner 10116 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10168 -j RETURN -A droidwall-wifi -m owner --uid-owner 10085 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10034 -j RETURN -A droidwall-wifi -m owner --uid-owner 10013 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10015 -j RETURN -A droidwall-wifi -m owner --uid-owner 10014 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10016 -j RETURN -A droidwall-wifi -m owner --uid-owner 10187 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10164 -j RETURN -A droidwall-wifi -m owner --uid-owner 10098 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10019 -j RETURN -A droidwall-wifi -m owner --uid-owner 10040 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10091 -j RETURN -A droidwall-wifi -m owner --uid-owner 10073 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10074 -j RETURN -A droidwall-wifi -m owner --uid-owner 10024 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10165 -j RETURN -A droidwall-wifi -m owner --uid-owner 10081 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 1021 -j RETURN -A droidwall-wifi -m owner --uid-owner 10110 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10020 -j RETURN -A droidwall-wifi -m owner --uid-owner 10100 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10126 -j RETURN -A droidwall-wifi -m owner --uid-owner 10170 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10125 -j RETURN -A droidwall-wifi -m owner --uid-owner 10154 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10173 -j RETURN -A droidwall-wifi -m owner --uid-owner 10086 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 1013 -j RETURN -A droidwall-wifi -m owner --uid-owner 10010 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10169 -j RETURN -A droidwall-wifi -m owner --uid-owner 10201 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10082 -j RETURN -A droidwall-wifi -m owner --uid-owner 10123 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10156 -j RETURN -A droidwall-wifi -m owner --uid-owner 10176 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10131 -j RETURN -A droidwall-wifi -m owner --uid-owner 10149 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10101 -j RETURN -A droidwall-wifi -m owner --uid-owner 10147 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10099 -j RETURN -A droidwall-wifi -m owner --uid-owner 10113 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10087 -j RETURN -A droidwall-wifi -m owner --uid-owner 10175 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10151 -j RETURN -A droidwall-wifi -m owner --uid-owner 10152 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10121 -j RETURN -A droidwall-wifi -m owner --uid-owner 10143 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 1001 -j RETURN -A droidwall-wifi -m owner --uid-owner 10204 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10124 -j RETURN -A droidwall-wifi -m owner --uid-owner 10118 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10025 -j RETURN -A droidwall-wifi -m owner --uid-owner 10120 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10198 -j RETURN -A droidwall-wifi -m owner --uid-owner 10163 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10026 -j RETURN -A droidwall-wifi -m owner --uid-owner 10055 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10056 -j RETURN -A droidwall-wifi -m owner --uid-owner 10060 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10090 -j RETURN -A droidwall-wifi -m owner --uid-owner 10207 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10097 -j RETURN -A droidwall-wifi -m owner --uid-owner 10178 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10150 -j RETURN -A droidwall-wifi -m owner --uid-owner 1027 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10177 -j RETURN -A droidwall-wifi -m owner --uid-owner 10033 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10036 -j RETURN -A droidwall-wifi -m owner --uid-owner 10105 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10109 -j RETURN -A droidwall-wifi -m owner --uid-owner 10148 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 10093 -j RETURN -A droidwall-wifi -m owner --uid-owner 10066 -j RETURN 
-A droidwall-wifi -m owner --uid-owner 0-999999999 -j droidwall-reject -A natctrl_FORWARD -j DROP



#5 cmh714

cmh714

    Tech Service & Beyond

  • Smod
  • 3,272 posts
  • LocationSoCal
  • Current Device(s):Nexus 6

Posted 28 May 2015 - 06:22 AM

I wonder if you can use something like fwbuilder to assist in the pain :)

 

I may need to poke around when I find some time....lol



#6 jw0914

jw0914

    All it takes for evil to triumph, is for good men to do nothing

  • Members
  • PipPip
  • 275 posts
  • LocationMadison
  • Current Device(s):Nexus 6 [XT1103]

Posted 29 May 2015 - 06:51 PM

I've never heard of fwbuilder and will look into it. Out of curiosity, did the fw rules show up organized, 1 per line on your end or is it appearing as one large, continuous paragraph? I ask because I'm on Tapatalk right now and its appearing as one long, continuous paragraph when I know I spent over a half hour making it intelligible with 1 rule per line on my PC lol

#7 cmh714

cmh714

    Tech Service & Beyond

  • Smod
  • 3,272 posts
  • LocationSoCal
  • Current Device(s):Nexus 6

Posted 29 May 2015 - 09:03 PM

To look at it I would pipe it to a file so you can look at it on a PC. Tapatalk is tapacrap :)



#8 jw0914

jw0914

    All it takes for evil to triumph, is for good men to do nothing

  • Members
  • PipPip
  • 275 posts
  • LocationMadison
  • Current Device(s):Nexus 6 [XT1103]

Posted 30 May 2015 - 06:42 AM

I wasn't sure if you were saying that for my benefit, or asking for a txt for yourself as well, so I've attached the fw rules

Attached Files



#9 jw0914

jw0914

    All it takes for evil to triumph, is for good men to do nothing

  • Members
  • PipPip
  • 275 posts
  • LocationMadison
  • Current Device(s):Nexus 6 [XT1103]

Posted 30 May 2015 - 06:57 AM

I wonder if you can use something like fwbuilder to assist in the pain :)

 

I may need to poke around when I find some time....lol

Do you know if fwbuilder needs to be installed to a path without spaces?  I've been scouring the website and user guide and I've either missed where it mentions this, or it's not mentioned at all.  

 

I ask because the installer defaults to the root of the system drive (i.e. C:\fwbuilder), and for programs that must be installed to a path without spaces, I generally install it to ProgramData instead of Program Files (x86).



#10 cmh714

cmh714

    Tech Service & Beyond

  • Smod
  • 3,272 posts
  • LocationSoCal
  • Current Device(s):Nexus 6

Posted 30 May 2015 - 07:03 AM

Not sure and I have a Mac



#11 jw0914

jw0914

    All it takes for evil to triumph, is for good men to do nothing

  • Members
  • PipPip
  • 275 posts
  • LocationMadison
  • Current Device(s):Nexus 6 [XT1103]

Posted 30 May 2015 - 07:37 AM

Well... you're a lot of help =]






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users