[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IPtables bash script

On 2016-05-24 00:01, Ralph Sanchez wrote:
> Also, it seems if I only allow Related and Established on OUTPUT I
> cannot access the internet, 90 percent of packets get dropped when I
> try to connect to anything, but allowing new established allows
> connection...but also any software would be able to call home.

That is correct behaviour, since there always needs to be a NEW
connection before any other may be RELATED or ESTABLISHED. Hence, if you
want to block outgoing traffic, you should allow at least ports 80 and
443 as you did before.

I assume you want your browser to be ablte to call anywhere, right?
Hence also home. Who tells you, that your browser is not a malicious
program? Or run by such a program?
Reply to: