[android] iptables의 conf파일을 android build 이미지에 포함시키고 싶습니다.
글쓴이: doraq / 작성시간: 화, 2018/09/11 - 5:18오후
아래와 같은 몇개의 iptables 설정파일을 가지고 있습니다.
예전에 하던 linux프로젝트에서 얻은건데 이걸 부팅시에 적용되게 하고 싶습니다.
서버에 적용하는게 아니라 대량생산할 제품이라 이렇습니다.
start_iptables.sh, (iptables-restore < 아래 파일들)
00_base.conf (-A INPUT ... blah~)
10_harden.conf
20_p2p_drop.conf
30_debug.conf
...
리눅스에서야 보통은 /etc/init.d/start_iptables.sh 식으로 호출하고 설정파일들은 따로 /etc/iptables/xxx 식으로 넣어두면 됐었는데, 이걸 안드로이드에서 하는 방법을 모르겠습니다.
아래에 비슷한 기능의 파일을 찾았는데 이런 파일들을 이용해서 하는건지 어떤건지 알고싶습니다.
1. start_iptables.sh 을 넣어야 할 위치 (안드로이드 소스트리중 어디에 어떻게..)
2. 00_등등의 설정파일들 을 타겟이미지에 넣어둘 방법
완전한 예제라면 엄청 기쁘겠지만, 힌트가 될만한 정보라도 좋습니다.
비슷한 글의 URL 등도 반갑게 받겠습니다.
android/system/core/rootdir/init.rc (for start_iptables.sh)
android/external/iptables/Android.mk (for insert conf files)
Forums:
참고해보세요.
대충 찾아봤습니다.
안드로이드 방화벽 앱'을 사용하시는것이 좋을것 같습니다.
책 / 전문기업 / 블로그 .등에 조언을 받으시는것도 좋을것 같습니다.
- DroidWall firewalld 가 있네요
- save load 명령어도 보입니다.
- 스크립트로 실행해도 될것 같습니다.
- NETFILTER 도 보이네요.
- 모듈 올리는것도 보이고...
이것도 검색해볼만 할것 같습니다.
안드로이드 만에 보안 설정과 옵션이 다를 수 있을겁니다.
android base.conf
android harden.conf
android p2p_drop.conf
android debug.conf
//
android base.conf
네트워크 보안 구성
https://developer.android.com/training/articles/security-config
Bypassing Android’s Network Security Configuration
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/november/bypassing-androids-network-security-configuration/
android / platform / frameworks / base / master / . / core / res / res / values / config.xml
https://android.googlesource.com/platform/frameworks/base/+/master/core/res/res/values/config.xml
Changes to Trusted Certificate Authorities in Android Nougat
https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html
Android Configuration Settings
https://docs.telerik.com/teststudio/test-studio-mobile/troubleshooting/configure-android-settings
Android에서 Firebase 원격 구성 사용
https://firebase.google.com/docs/remote-config/use-config-android
Android Resource Configuration override and Large Text Mode
https://xebia.com/blog/android-config-override-and-large-text/
Chapter 4. The Build System
https://www.oreilly.com/library/view/embedded-android/9781449327958/ch04.html
How to change the language on Android at runtime and don’t go mad
https://proandroiddev.com/change-language-programmatically-at-runtime-on-android-5e6bc15c758
//
android harden.conf
Mission Impossible: Hardening Android for Security and Privacy
https://blog.torproject.org/mission-impossible-hardening-android-security-and-privacy
. /data/local/firewall-torify-all.sh
#. /data/local/firewall-allow-adb.sh
#. /data/local/firewall-allow-linphone-udp.sh
#. /data/local/firewall-allow-nontor-browser.sh
//
android p2p_drop.conf
Block Torrents & p2p Traffic 100% working on all versions
https://forum.mikrotik.com/viewtopic.php?t=59234
Block Torrent and P2P on Mikrotik
http://revo-brain.blogspot.com/2015/08/mikrotik-block-torrent-and-p2p.html
Security Device Manager: NBAR を使用した Cisco IOS ル?タの P2P トラフィックのブロックの設定例
https://www.cisco.com/c/ja_jp/support/docs/routers/3800-series-integrated-services-routers/110388-ios-block-p2p.html
لينكس،Virtualization
أضف تعليق
كل ما تريد معرفته عن نظام التشغيل الشبكي Vyatta “عدو سيسكو”
https://net2works.wordpress.com
//
[android] iptables의 conf
iptables in android
https://stackoverflow.com/questions/4577268/iptables-in-android#comment5083350_4577478
iptables (호스트기반의 방화벽)
http://blog.seabow.pe.kr/?p=219
Where should I place iptables update on Android at boot time?
https://superuser.com/questions/1187560/where-should-i-place-iptables-update-on-android-at-boot-time
linux - Reload this Page Location iptables config file
https://www.linuxquestions.org/questions/linux-software-2/location-iptables-config-file-352435/
iptables-save > /path/to/save
iptables-restore < /path/to/save
Linux - iptables를 이용한 포트포워딩
http://linuxism.tistory.com/685
내용보기
#iptables -L
저장
service iptables save
iptables을 이용한 port forwarding
https://blog.asamaru.net/2016/03/18/iptables-port-forwarding/
iptables을 재시작한다.
/etc/init.d/iptables restart
# 아래는 systemd를 사용하는 경우
service ipstables restart
CentOS 7 firewalld vs iptables
https://blog.asamaru.net/2015/10/16/centos-7-firewalld/
새로운 방화벽 (firewalld)
$ systemctl stop firewalld
$ systemctl mask firewalld
$ yum install iptables-services
$ systemctl enable iptables
$ service iptables save
LINUX - iptables 명령어 - 방화벽 설정
http://www.dreamy.pe.kr/zbxe/CodeClip/3768253
처음 설치시 방화벽을 설정하면 /etc/sysconfig/iptables 파일이 생성된다.
디폴트 iptables 파일을 삭제한 후 아래의 포트를 추가하도록 하자
// iptables 를 저장
# service iptables save
방화벽 규칙을 /etc/sysconfig/iptables에 저장 중: [ OK ]
# ls /etc/sysconfig/iptables*
/etc/sysconfig/iptables /etc/sysconfig/iptables-config
// iptables 재시작
# service iptables start
// iptables 상태
# service iptables status
// nmap 포트 스캔
# nmap localhost
[Linux] iptables 샘플
http://blog.devez.net/333
iptables 그림보면서 이해하기
http://webterror.net/?p=1622
//
adb shell /system/bin/update_iptables.sh
Where should I place iptables update on Android at boot time?
https://android.stackexchange.com/questions/170818/where-should-i-place-iptables-update-on-android-at-boot-time
/system/bin/sh: adb: not found
https://stackoverflow.com/questions/41481364/system-bin-sh-adb-not-found
$ adb push /app/build/outputs/apk/app-debug.apk data/local/tmp/testjar/load.apk
You should add your android sdk to your bash_profile shell script.
//
android iptables
Using iptables in android
https://groups.google.com/forum/#!topic/android-kernel/fkpkVgQV7vU
The dependencies aren't that great... for intance, to do basic
tethering you'll need:
insmod /system/libmodules/nf_conntrack.ko
insmod /system/libmodules/nf_conntrack_ipv4.ko
insmod /system/libmodules/nf_nat.ko
insmod /system/libmodules/x_tables.ko
insmod /system/libmodules/ip_tables.ko
insmod /system/libmodules/xt_multiport.ko
insmod /system/libmodules/iptable_filter.ko
insmod /system/libmodules/iptable_nat.ko
insmod /system/libmodules/ipt_MASQUERADE.ko
insmod /system/libmodules/xt_state.ko
I think CONFIG_NETFILTER needs to be set in your kernel config.
Why is this iptables rule that does port forwarding not working?
https://superuser.com/questions/363056/why-is-this-iptables-rule-that-does-port-forwarding-not-working
I think you must use --sport 24 instead of --dport 24, because de traffic is incoming, not outgoing. Although, as Garret said, probably you must use ip6tables...
iptables: Small manual and tutorial with some examples and tips
https://www.garron.me/en/linux/iptables-manual.html
DroidWall - Android Firewall (iptables front-end) [v1.5.5] [Dec/01/11]
https://forum.xda-developers.com/showthread.php?t=541380&page=23
DNAT iptables rule on rooted Android phone?
https://android.stackexchange.com/questions/81753/dnat-iptables-rule-on-rooted-android-phone
android / platform / external / iptables / android-8.0.0_r1
https://android.googlesource.com/platform/external/iptables/+/android-8.0.0_r1
How to debug/examine data usage leaks in Android using iptables
http://muzso.hu/2012/11/13/how-to-debug-examine-data-usage-leaks-in-android-using-iptables
$ adb shell su -c "iptables -L -n -v"
$ adb shell su -c "fgrep '[IPT IN ' /proc/kmsg"
$ adb shell su -c "fgrep '[IPT OUT ' /proc/kmsg"
Network Stack Configuration Tools
https://source.android.com/devices/architecture/hidl/network-stack
Netutils wrapper
/system/bin/netutils-wrapper-1.0
All utilities wrapped by netutils-wrapper-1.0 must be launched using their symlinks.
For example, change the vendor code that did this before (/system/bin/ip )
to /system/bin/ip-wrapper-1.0 .
Android Spywaller: Firewall-Style Antivirus Blocking
https://www.fortinet.com/blog/threat-research/android-spywaller-firewall-style-antivirus-blocking.html
Redirect Androids traffic to Burp
http://blog.dornea.nu/2015/02/19/redirect-androids-traffic-to-burp/
Flush iptables NAT table
$ adb shell "iptables -t nat -F"
Redirect HTTP traffic to Burp
$ adb shell "iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 192.168.0.2:8080
Redirect HTTPS traffic to Burp¶
$ adb shell "iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination 192.168.0.2:8080
Activate Masquerading
$ adb shell "iptables -t nat -A POSTROUTING -p tcp --dport 80 -j MASQUERADE"
$ adb shell "iptables -t nat -A POSTROUTING -p tcp --dport 443 -j MASQUERADE"
iptables on Android
https://forums.androidcentral.com/android-7-0-nougat/775328-iptables-android.html
AFWall+ (Android Firewall +)
https://play.google.com/store/apps/details?id=dev.ukanth.ufirewall&hl=en_US
Using Android App to manage iptables?
https://together.jolla.com/question/160740/using-android-app-to-manage-iptables/
How to enable Android Ip forwarding
https://android.stackexchange.com/questions/131086/how-to-enable-android-ip-forwarding
How to keep iptables changes on android after reboot?
https://android.stackexchange.com/questions/184971/how-to-keep-iptables-changes-on-android-after-reboot
How can I add iptables rules that persist across reboots?
https://android.stackexchange.com/questions/85018/how-can-i-add-iptables-rules-that-persist-across-reboots
Does Android support the /etc/sysconfig/iptables path?
I got this path from a PC Linux installation ( I tested /etc/iptables/rules.v4 as well, it also did not work).
부팅 시 스크립트 실행(초기화)은 커널이 지원하는 경우에만 지원됩니다.
그러나 stock 커널을 사용하는 경우에는 방화벽이 기본 지원 기능을 포함하는 사용자 지정 커널을 설치해야 할 수 있습니다.
또한 Android로 시작하는 앱도 있습니다. 루트 액세스 없이 iptables 규칙을 수정할 수 없습니다.
그러나 VPN 연결을 사용하여 루트 액세스 없이 Android 4.0+ 기기에서 작동하는 네트워크 트래픽을 라우팅할 수 있습니다.
How to customize iptable in Android OS Source code Version 4.0.4
https://stackoverflow.com/questions/19494681/how-to-customize-iptable-in-android-os-source-code-version-4-0-4
Android Iptables: Can´t drop port
https://stackoverflow.com/questions/10046573/android-iptables-can´t-drop-port
Android Change iptable rules in android source code
https://stackoverflow.com/questions/20078575/android-change-iptable-rules-in-android-source-code
How to use iptables in an Android application
https://stackoverflow.com/questions/4658619/how-to-use-iptables-in-an-android-application
How to use Static IP address at Android Phones
http://unlockforus.blogspot.com/2012/05/how-to-use-static-ip-address-at-android.html
IptablesHowTo
https://help.ubuntu.com/community/IptablesHowTo
sudo sh -c "iptables-save > /etc/iptables.rules"
iwconfig
sudo nano /etc/network/interfaces
pre-up iptables-restore < /etc/iptables.rules
post-down iptables-restore < /etc/iptables.downrules
auto eth0
iface eth0 inet dhcp
pre-up iptables-restore < /etc/iptables.rules
post-down iptables-restore < /etc/iptables.downrules
sudo sh -c "iptables-save -c > /etc/iptables.rules"
#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0
#!/bin/sh
iptables-save -c > /etc/iptables.rules
if [ -f /etc/iptables.downrules ]; then
iptables-restore < /etc/iptables.downrules
fi
exit 0
sudo chmod +x /etc/network/if-post-down.d/iptablessave
sudo chmod +x /etc/network/if-pre-up.d/iptablesload
gksudo gedit /etc/NetworkManager/dispatcher.d/01firewall
kdesu kate /etc/NetworkManager/dispatcher.d/01firewall
sudo chmod +x /etc/NetworkManager/dispatcher.d/01firewall
pre-up iptables-restore < /etc/iptables.rules
post-down iptables-save > /etc/iptables.rules
sudo sh -c "iptables-save > /etc/iptables.rules"
gksudo gedit /etc/iptables.rules
sudo iptables-restore < /etc/iptables.rules
sudo iptables-apply /etc/iptables.rules
sudo sh -c "iptables-save > /etc/iptables.rules"
iptables block access to port 8000 except from IP address
https://stackoverflow.com/questions/7423309/iptables-block-access-to-port-8000-except-from-ip-address
iptables-save > myfile
iptables-load < myfile and you're good to go.
----------------------------------------------------------------------------
젊음'은 모든것을 가능하게 만든다.
매일 1억명이 사용하는 프로그램을 함께 만들어보고 싶습니다.
정규 근로 시간을 지키는. 야근 없는 회사와 거래합니다.
각 분야별. 좋은 책'이나 사이트' 블로그' 링크 소개 받습니다. shintx@naver.com
댓글 달기