On 2016-05-24 00:01, Ralph Sanchez wrote:
> Also, it seems if I only allow Related and Established on OUTPUT I
> cannot access the internet, 90 percent of packets get dropped when I
> try to connect to anything, but allowing new established allows
> connection...but also any software would be able
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
140 DROP all -- * * 0.0.0.0/0
0.0.0.0/0ctstate INVALID
0 0 DROP icmp -- * * 0.0.0.0/0
0.0.0.0/0i
Also, it seems if I only allow Related and Established on OUTPUT I
cannot access the internet, 90 percent of packets get dropped when I
try to connect to anything, but allowing new established allows
connection...but also any software would be able to call home.
On Mon, May 23, 2016 at 5:28 PM, Ra
On 2016-05-23 23:28, Ralph Sanchez wrote:
> Thanks for the clarification : ) And you didn't confuse the two
> explicitly, but i wasn't sure if you were advising allow NEW,RELATED/
> NEW,ESTABLISHED or ESTABLISHED,RELATED on outbound packet, but now I
> know.
>
> I have read through quite a few ma
On 2016-05-23 22:32, Ralph Sanchez wrote:
> On Mon, May 23, 2016 at 4:13 PM, wrote:
>> On 2016-05-23 19:54, Ralph Sanchez wrote:
>>> Yes, this is a personal laptop. If you notice, I have default POLICY
>>> as DROP, which means if I don't accept on ports 80 and 443 I can't
>>> accept HTTPS and HTT
Thanks for the clarification : ) And you didn't confuse the two
explicitly, but i wasn't sure if you were advising allow NEW,RELATED/
NEW,ESTABLISHED or ESTABLISHED,RELATED on outbound packet, but now I
know.
I have read through quite a few manuals and online forums, although no
RFCs...I'm not re
On Mon, May 23, 2016 at 4:13 PM, wrote:
> On 2016-05-23 19:54, Ralph Sanchez wrote:
>> Yes, this is a personal laptop. If you notice, I have default POLICY
>> as DROP, which means if I don't accept on ports 80 and 443 I can't
>> accept HTTPS and HTTP, correct? I'm still learning how all this work
On 2016-05-23 19:54, Ralph Sanchez wrote:
> Yes, this is a personal laptop. If you notice, I have default POLICY
> as DROP, which means if I don't accept on ports 80 and 443 I can't
> accept HTTPS and HTTP, correct? I'm still learning how all this works,
> but that's what it seemed to me and was ex
Hi,
I personally do not block outbound traffic at all, which in my opinion
does not impose a significant risk.
Furthermore, I do not see a good reason to allow all NEW connections
while blocking most RELATED ones. Usually it is done the other way
round: You decide upon a NEW connection whether it
I'm not saying knowing iptables is bad, but Shorewall is much
better than these kind of things.
I think you may have some unlogged drops, that'd be the first
thing to check.
Ralph Sanchez wrote:
> Hello All, I have taken up to writing this bash script to
> change my iptables rules. It seems the
10 matches
Mail list logo
