Jump to content


Photo

iptables: why is it available?

iptables

  • Please log in to reply
8 replies to this topic

#1 AllMassive

  • Senior Member
  • 30 posts

0
Neutral

Posted 8 April 2024 - 04:18

dont get me wrong, but why is it possible to install the 'iptables-conglomerate', since it doesnt seem to work on any image because of the missing kernel-module?

wouldnt 'you' safe a lot of compile-time if its removed from the repo?



Re: iptables: why is it available? #2 WanWizard

  • PLi® Core member
  • 70,497 posts

+1,810
Excellent

Posted 8 April 2024 - 11:30

Where is it available? Not in 8.3-release, not in 9.0-release, and not in develop:

/openpli/oe/release-8.3/build/tmp/deploy/ipk
[wanwizard@buildserver2] $ find . -name "*iptables-conglomerate*"
/openpli/oe/release-8.3/build/tmp/deploy/ipk
[wanwizard@buildserver2] $

/openpli/oe/develop/build/tmp/deploy/ipk 
[wanwizard@buildserver2] $ find . -name "*iptables-conglomerate*"
/openpli/oe/develop/build/tmp/deploy/ipk 
[wanwizard@buildserver2] $ 

/openpli/oe/release-9.0/build/tmp/deploy/ipk 
[wanwizard@buildserver2] $ find . -name "*iptables-conglomerate*"
/openpli/oe/release-9.0/build/tmp/deploy/ipk 
[wanwizard@buildserver2] $ 

and not on the box:

root@ustym4kpro:~# opkg list | grep iptables-con
root@ustym4kpro:~# 

Having said that, the presence or absence of kernel modules is dictated by the kernel defconfig the manucturer has created for every specific box model.

 

The fact one particular box misses a kernel module says nothing about others.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: iptables: why is it available? #3 40H3X

  • Forum Moderator
    PLi® Contributor
  • 5,956 posts

+191
Excellent

Posted 8 April 2024 - 12:09

Iptables is used for packet filtering, that is something for a router not een dvb receiver, that being said, there is a firewall you can install (never used it) it is in our feed. Then a note of caution, never ever connect your receiver directly to the internet.


Hardware: Vu+ Uno 4K SE - Vu+ Duo 4K  - Fuba 78 cm - Tripleblock LNB Quad 19.2/23.5/28.2 - DS918+
Software : OpenPLi - OSCam - Settings van Hans - Autotimer - EPGImport

---------------------------------------------------------------------------------------------------------------------------------------

Remember: Upvote with the rep_up.png button for any user/post you find to be helpful, informative, or deserving of recognition!

---------------------------------------------------------------------------------------------------------------------------------------

Many answers to your question can be found in our new and improved wiki

Note: I do not provide support via PM !.


Re: iptables: why is it available? #4 WanWizard

  • PLi® Core member
  • 70,497 posts

+1,810
Excellent

Posted 8 April 2024 - 12:24

iptables is included for historical reasons (there was a time when people thought connecting the box to the internet was a safe thing to do).

 

I personally would be in favour of removing iptables from the feed completely, if only to make sure people don't install it and then think it is safe to do so..


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: iptables: why is it available? #5 40H3X

  • Forum Moderator
    PLi® Contributor
  • 5,956 posts

+191
Excellent

Posted 8 April 2024 - 12:28

Yes, I agree, would be the best thing to do, remove it. Iptables has no reason to be on a settopbox where everything runs under root.


Hardware: Vu+ Uno 4K SE - Vu+ Duo 4K  - Fuba 78 cm - Tripleblock LNB Quad 19.2/23.5/28.2 - DS918+
Software : OpenPLi - OSCam - Settings van Hans - Autotimer - EPGImport

---------------------------------------------------------------------------------------------------------------------------------------

Remember: Upvote with the rep_up.png button for any user/post you find to be helpful, informative, or deserving of recognition!

---------------------------------------------------------------------------------------------------------------------------------------

Many answers to your question can be found in our new and improved wiki

Note: I do not provide support via PM !.


Re: iptables: why is it available? #6 WanWizard

  • PLi® Core member
  • 70,497 posts

+1,810
Excellent

Posted 8 April 2024 - 12:31

Appearently people still install it, we had 110 downloads from the feeds in the last 30 days...

 

Some of them just blindly installing iptables* (which also installs all available modules).


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: iptables: why is it available? #7 40H3X

  • Forum Moderator
    PLi® Contributor
  • 5,956 posts

+191
Excellent

Posted 8 April 2024 - 12:32

:o


Hardware: Vu+ Uno 4K SE - Vu+ Duo 4K  - Fuba 78 cm - Tripleblock LNB Quad 19.2/23.5/28.2 - DS918+
Software : OpenPLi - OSCam - Settings van Hans - Autotimer - EPGImport

---------------------------------------------------------------------------------------------------------------------------------------

Remember: Upvote with the rep_up.png button for any user/post you find to be helpful, informative, or deserving of recognition!

---------------------------------------------------------------------------------------------------------------------------------------

Many answers to your question can be found in our new and improved wiki

Note: I do not provide support via PM !.


Re: iptables: why is it available? #8 rantanplan

  • PLi® Contributor
  • 1,860 posts

+87
Good

Posted 8 April 2024 - 14:30

The crazy thing is that the Firewall application requires this

https://github.com/O...-firewall.bb#L5

and this Extension
https://github.com/O...s-xmodem.bb#L11

The two applications are the reason why it is built at all



Re: iptables: why is it available? #9 WanWizard

  • PLi® Core member
  • 70,497 posts

+1,810
Excellent

Posted 8 April 2024 - 14:42

Like I wrote, legacy junk. I vote for removing all of it. The STB is not and will not ever be a security device.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users