[ale] OT: What the hell is XSS in Comcast land?
Jim Lynch
ale_nospam at fayettedigital.com
Mon Aug 12 20:16:39 EDT 2013
On 08/12/2013 04:36 PM, Alex Carver wrote:
> Consumer firmware is exactly why I replaced the firmware in the router
> the moment I bought it. It's especially important considering I use
> features that Linksys' own firmware does not support (changing port
> number when mapping, supporting multiple IPs on WAN, etc.) Installing
> is fairly trivial now, plenty of tools for multiple operating systems
> and OpenWRT now has Lua scripts to give you a web configuration system
> so you technically don't have to fiddle with terminal access. It took
> me almost as much time to set up the wiring for the firmware as it did
> to install the firmware itself. Customizing took a little time but
> for most applications it's not bad.
I'm still running the original firmware because, if I understand OpenWRT
it uses iptables, which is probably the most non intuitive, complex and
frustrating software on the planet. The firmware for the Linksys has
the right idea. Fill in the blanks for what ports you want routed to
where, and block the rest, not some arcane stuff like:
# iptables -A INPUT -i eth0 -s x.y.z.s/32 -j DROP
iptables -A INPUT -i eth0 -s x.y.z.c/32 -j DROP
iptables -A INPUT -i eth0 -s 192.168.0.0/24 -j DROP
iptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DROP
# iptables -A INPUT -i eth0 -s x.y.z.s/32 -j DROP
iptables -A INPUT -i eth0 -s x.y.z.c/32 -j DROP
iptables -A INPUT -i eth0 -s 192.168.0.0/24 -j DROP
iptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DROP
Total unnecessary gibberish. Designed to keep sys admins employed!
Jim.
More information about the Ale
mailing list