Results 1 to 2 of 2

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: iptables for iphone?

  1. #1
    Question iptables for iphone?
    I've been exploring options of securing my iPhone network wise, and I want to stick to what I know and use, but I can't for the life of me find any mention of a working iptables package on the iphone.

    Does anyone know of one being developed, or any idea of the difficulty such a task would present.

    The main reason i'm doing this is I have recently had my carrier (Rogers Wireless) switch me over to a public IP APN so that i'm able to use VPN functionality. This presents unique security risks as a result which are not as much of a concern when behind the NAT they use for the majority of customers.

  2. #2
    Quote Originally Posted by Griever92 View Post
    I've been exploring options of securing my iPhone network wise, and I want to stick to what I know and use, but I can't for the life of me find any mention of a working iptables package on the iphone.

    Does anyone know of one being developed, or any idea of the difficulty such a task would present.

    The main reason i'm doing this is I have recently had my carrier (Rogers Wireless) switch me over to a public IP APN so that i'm able to use VPN functionality. This presents unique security risks as a result which are not as much of a concern when behind the NAT they use for the majority of customers.
    Sorry-
    for iptables you would need kernel support, and it just isn't there. It's wise to stick with "what you know" when you can, but since you're working in a Darwin / BSD world now, it doesn't hurt to try expanding your "what you know" part to cover their native tools too

    What you've got:
    ipfw userspace tools are there, but kernel support for that isn't present either, so it won't help you a whole lot.

    pf userspace tools are there, with (some) kernel support. I believe you get the standard packet filtering, but lack queuing and shaping support. (no ALTQ)

    try playing with /sbin/pfctl
    PF: The OpenBSD Packet Filter

    I haven't dug much into it yet, but pfctl rules and commands seem to be accepted, but return a bunch of ALTQ warnings - possibly safe to ignore (I think? You should be able to tell pretty quickly if the rules you want are being enforced).

    historical note - a good part of the reason for different and incompatible suites of FW tools for linux, bsd, mac is political infighting. Branching off in multiple directions was the easier alternative to sorting out one's personal differences with one's colleagues

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •