Re: [Tails-dev] IPv6 firewall: accept RELATED, ESTABLISHED c…

This message is part of the following thread:
Mthe complete thread tree sorted by date
MAlan at <-
Misis agora lovecruft at ->
Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] IPv6 firewall: accept RELATED, ESTABLISHED connections?
Alan wrote (28 Oct 2013 12:41:45 GMT) :
> During 0.21 testing session, I noticed that we accept IPv6
> RELATED,ESTABLISHED connections while we drop everything else. Is there
> any good reason to do that?

No idea. As far as I understand it, removing these rules would have
absolutely no impact on the actual rules processing (my understanding
is that no packet can reach RELATED/ESTABLISHED state if new packets
are not allowed to start with). So, I see no problem that would need
to be solved here.

If anyone thinks differently, and believe there's an actual problem to
solve here, I'm happy to see people experiment and propose a branch.

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] Use version instead of release in apt preferencesRe: [Tails-dev] Ikiwiki Wikipedia Shortcut For Other Languages->
lists.autistici.org administrated by postmasterLurker (version 2.3)