Jump to content


ReceiverM

Member Since 11 Dec 2020
Offline Last Active 01 Feb 2021 13:49
-----

Posts I've Made

In Topic: iptables error (modinfo module not found)

14 December 2020 - 20:27

This is neither necessary nor requested :)

But a basic functionality would be nice - like blocking IP addresses/ranges or open just a few single ports.


In Topic: iptables error (modinfo module not found)

14 December 2020 - 19:16

I know that is was available for some of these "old boxes" (e.g. vusolose or dm520).

That's why I am surprised that it doesn't work with such new devices like the multibox.

 

As you mentioned the SF8008 in the wireguard thread, we may could have a look at this one, cause it looks like it is enabled there.


In Topic: iptables error (modinfo module not found)

14 December 2020 - 18:30

This is really a pity, because there is even an interesting OpenPLi Addon for it. ( enigma2-plugin-security-firewall.bb / firewall.sh )

In the past iptables were always included, why are these then not further supported?

Especially for not that experienced users an easy understandable and predefined standard protection via iptables would be more helping than harming?

Apparently I have but a heavy stand and the feature will no longer exist :(


In Topic: iptables error (modinfo module not found)

14 December 2020 - 17:23

Actually no: I have several (v)LANs and have controlled access/restriction using iptables so far. Just like some routings (masquerade).

What do you have against such a common system (security) feature? Even due to the bad secured system this is a very helpful tool?
My NAS or raspberry, for example, is also only not directly connected to the internet and I also set various access permissions there.


In Topic: iptables error (modinfo module not found)

14 December 2020 - 13:24

No matter which iptables command I want to execute it always comes up with the same error. Even if I want to create the table 'filter' or just output listings.

 

 

I am relatively sure that at least CONFIG_IP_NF_FILTER should be activated?

As it is described ( https://cateee.net/l..._NF_FILTER.html ) with:

"Packet filtering defines a table `filter', which has a series of rules for simple packet filtering at local input, forwarding and local output. See the man page for iptables(8)."

 

About all the other I am not sure but these looking useful as well

- CONFIG_NF_CONNTRACK for masquerading and NAT translation

- CONFIG_NF_REJECT_IPV4 / CONFIG_NF_REJECT_IPV6 to reject packets

...

 

Maybe one of the kernel professionals here could take a look at it and send a pull-request to the manufacturer?