Android Security Tips

android iptables hardened

#!/system/bin/sh
ip link set wlan0 up
ip link set lo up
echo 1 > /proc/sys/net/ipv6/conf/wlan0/disable_ipv6
echo 0 > /proc/sys/net/ipv6/conf/wlan0/use_tempaddr
echo 1 > /proc/sys/net/ipv6/conf/lo/disable_ipv6
ip link set sit0 down
ip link set dummy0 down
ip link set rmnet0 down
ip link set rmnet1 down
ip link set rmnet2 down
ip link set rmnet3 down
ip link set rmnet4 down
ip link set rmnet5 down
ip link set rmnet6 down
ip link set rmnet7 down
ip link set rmnet_data0 down
ip link set rmnet_data1 down
ip link set rmnet_data2 down
ip link set rmnet_data3 down
ip link set rmnet_data4 down
ip link set rmnet_data5 down
ip link set rmnet_data6 down
ip link set rmnet_data7 down
ip link set p2p0 down
iptables -F
iptables -X
iptables -Z
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i wlan0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -s 192.168.0.0/16 -i wlan0 -j ACCEPT
iptables -A INPUT -s 172.16.0.0/16 -i wlan0 -j ACCEPT
iptables -A INPUT -s 10.0.0.0/8 -i wlan0 -j ACCEPT

only allow white ip address

iptables -P OUTPUT DROP
iptables -A OUTPUT -o wlan0 -m state --state ESTABLISHED,RELATED  -j ACCEPT
iptables -A OUTPUT -d [white-ip-address]  -j ACCEPT
iptables -A OUTPUT -p tcp -d [white-ip-address] -m tcp --dport 443 -j ACCEPT