OESF Portables Forum
Model Specific Forums => Gemini PDA => Gemini PDA - Linux => Topic started by: depscribe on May 28, 2018, 03:08:23 pm
-
It seems that there's much blobitude from MediaTek, and MediaTek is infamous for inserting all sorts of phone-home stuff. So it could be that a good Linux firewall might make sense.
Anyone have any experience with a firewall that's both effective in controlling what comes in and goes out and that is relatively lightweight and easy to configure?
-
Just use iptables. Create an iptables file, then load it on boot. Complete control over what you can do. I have never used anything else, however I am sure there are front end firewall applications which manage this for you.
-
Just use iptables. Create an iptables file, then load it on boot. Complete control over what you can do. I have never used anything else, however I am sure there are front end firewall applications which manage this for you.
I'm a little worried about configuration, particularly of outgoing stuff, and fear that I'd make a dog's lunch of iptables.
-
You could let uncomplicated firewall (ufw) do the rules for you:
https://wiki.debian.org/Uncomplicated%20Firewall%20%28ufw%29 (https://wiki.debian.org/Uncomplicated%20Firewall%20%28ufw%29)
https://help.ubuntu.com/lts/serverguide/fir...GB#firewall-ufw (https://help.ubuntu.com/lts/serverguide/firewall.html.en-GB#firewall-ufw)
Note that if your actually concerned about the blobs taking liberties, they could be written to talk at a level below iptables so a firewall is not going to help. What we really need is a fake celltower (possibly using https://wiki.yatebts.com/ (https://wiki.yatebts.com/)) and then monitor all traffic. Would also need to do the same for wifi but thats a lot easier as any old linux box with wifi can be made into a logging router.
Also of interest is the fact that the Android Container used to talk to the drivers by Debian has no network permissions so it is effectively fire-walled for free just now. So personally I've not installed a firewall as I suspect any phone-home stuff is either already blocked or at too low a level to be block-able.
-
You could let uncomplicated firewall (ufw) do the rules for you:
https://wiki.debian.org/Uncomplicated%20Firewall%20%28ufw%29 (https://wiki.debian.org/Uncomplicated%20Firewall%20%28ufw%29)
https://help.ubuntu.com/lts/serverguide/fir...GB#firewall-ufw (https://help.ubuntu.com/lts/serverguide/firewall.html.en-GB#firewall-ufw)
Note that if your actually concerned about the blobs taking liberties, they could be written to talk at a level below iptables so a firewall is not going to help. What we really need is a fake celltower (possibly using https://wiki.yatebts.com/ (https://wiki.yatebts.com/)) and then monitor all traffic. Would also need to do the same for wifi but thats a lot easier as any old linux box with wifi can be made into a logging router.
Also of interest is the fact that the Android Container used to talk to the drivers by Debian has no network permissions so it is effectively fire-walled for free just now. So personally I've not installed a firewall as I suspect any phone-home stuff is either already blocked or at too low a level to be block-able.
Thank you, Adam. I installed ufw and its gtk frontend, but the latter is one of those applications that is extremely small onscreen. There is, someplace, a configuration file for gtk and Gnome applications that allows fonts to be specified, but I haven't found it yet -- will look some more today. This would make a lot of apps useful.
As to the firewall, I am interested in large measure in a firewall's logging capabilities, to see what if anything is going on. But if it happens at a level a firewall can't block, I suppose a firewall couldn't monitor and log it, either. I wonder if there is an application that looks at all connections at the point they enter or leave the device, or if such a thing is even possible.