Re: IPtables bash script

On 2016-05-23 23:28, Ralph Sanchez wrote:
> Thanks for the clarification : )  And you didn't confuse the two
> explicitly, but i wasn't sure if you were advising allow NEW,RELATED/
> NEW,ESTABLISHED or ESTABLISHED,RELATED on outbound packet, but now I
> know.
> I have read through quite a few manuals and online forums, although no
> RFCs...I'm not really sure I know what they are even haha. I have
> configured myself pretty wall, editing PAM and my sysctl.conf file
> rigourously, BIOS passwording and denying USB boots without admin
> access to the BIOS, as well as other various activities including
> attempting to configure SELinux, which is nigh impossible to do it and
> have it have any effect on Jessie right now, at least as far as me and
> someone else could find.
> I have noticed that DROP on invalid first actually drops more packets
> then simply allowing Established, related...does this imply a packet
> can have more then one state??
No (though I don't know about DNAT and SNAT), hence it must be due to
other rules.

