[Tails-dev] IPv6 firewall: accept RELATED, ESTABLISHED conne…

This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
Mintrigeri at ->
Delete this message

Reply to this message
Author: Alan
Date:  
To: tails-dev
Subject: [Tails-dev] IPv6 firewall: accept RELATED, ESTABLISHED connections?
Hi,

During 0.21 testing session, I noticed that we accept IPv6
RELATED,ESTABLISHED connections while we drop everything else. Is there
any good reason to do that?

# ip6tables -L -n -v 

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source     destination
 0    0     ACCEPT     all      *      *       ::/0       ::/0                state RELATED,ESTABLISHED 


Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source     destination         


Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source     destination
 0    0     ACCEPT     all      *      *       ::/0       ::/0                state RELATED,ESTABLISHED
 0    0     LOG        all      *      *       ::/0       ::/0                LOG flags 8 level 7 prefix `Dropped outbound packet: '
 0    0     REJECT     all      *      *       ::/0       ::/0                reject-with icmp6-port-unreachable


Cheers

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] Please test and review feature/sdio[Tails-dev] Use version instead of release in apt preferences->
lists.autistici.org administrated by postmasterLurker (version 2.3)