Ask / Submit
19

Firewalling the jolla

asked 2013-12-27 13:54:19 +0300

rsainio gravatar image

updated 2013-12-27 14:02:55 +0300

eric gravatar image

There is no default firewall... Will this come together with tethering ?

edit retag flag offensive close delete

Comments

I hope that when the firewall comes, it's simple enough to use for everyone who wants to use it like ufw. Or would it even be possible to have ufw?

Mikaela ( 2015-06-14 10:16:53 +0300 )edit
2

Could anyone with knowledge and time port this or similar to Sailfish? https://code.launchpad.net/ufw

jecargo22 ( 2015-07-01 12:42:53 +0300 )edit

3 Answers

Sort by » oldest newest most voted
9

answered 2013-12-27 14:04:00 +0300

ibins gravatar image

There is "iptables" preinstalled. There is no GUI yet, as this would be a task for a separate app. For tethering applie the same rules than for tethering with N900, as these requires the same iptables rules. There is already a guide for tethering via USB already, I will provide a link, if I can find it quickly enough.

Unfortunatelly there is no ip6tables preinstalled :-(

This is going to be a serious security problem if actually a opterator enables IPv6! This would be a job for Jolla to at least drop everything on default.

edit flag offensive delete publish link more

Comments

Link: http://elinux.org/Jolla#How_do_I_enable_USB_tethering.3F

I'd like to know how to persist iptables rules as well... I don't mind the Jolla having the NAT rules for USB tethering as they don't pose a security risk for me.

gabriel ( 2013-12-27 14:07:04 +0300 )edit
1

Thanks, I found the iptables and actually wanted to comment that it was ACCEPTing all. Likewise you said: should drop all external interfaces and allow port 22

rsainio ( 2013-12-27 14:10:09 +0300 )edit

Yeap, the phone is pretty open... then again... why do I want it closed when most of the time I'm in battery saving mode? :-)

gabriel ( 2013-12-27 14:19:11 +0300 )edit
2

So, do you think that in battery-saving-mode there is no network activity possible ? Try with ssh commands like vmstat -5. With my Jolla it hangs until I activate the screen, however I am able to interrupt the command with cntrl-C. Checking dmesg for PM: suspend and what is happening around suspend and resume shows some interesting ways to wake up Anyway, back to topic: I would like to have my LINUX-system (Jolla) closed

rsainio ( 2013-12-27 14:29:26 +0300 )edit

I mean I'd shut down SSH access, although I wouldn't mind proper firewalling by default, which is slightly less power hungry.

gabriel ( 2013-12-27 15:56:26 +0300 )edit
8

answered 2014-01-14 10:17:43 +0300

Nux gravatar image

updated 2014-01-14 10:18:07 +0300

There are instructions on how to setup firewall on Jolla here: https://together.jolla.com/question/11075/how-to-setup-firewall-iptables-init-scripts/

edit flag offensive delete publish link more
6

answered 2014-02-14 15:43:22 +0300

theowb gravatar image

in my opinion jolla should provide maximum security even for users that aren't technically experienced as much as they could write iptables rules/scripts. why doesn't it come up with some simple drop rules and exceptions where really needed? surely for future concerns it would be great to have some GUI to define app-specific rules easily.

edit flag offensive delete publish link more

Comments

agree its very powerfull currently but not very useful, especially when you install new apps say every week.

DarkTuring ( 2016-11-10 04:37:45 +0300 )edit
Login/Signup to Answer

Question tools

Follow
8 followers

Stats

Asked: 2013-12-27 13:54:19 +0300

Seen: 1,114 times

Last updated: Jan 14 '14