[Bug 971] New: Dropping anything with iptables and still can chat on IRC.
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Mon Sep 22 20:24:55 CEST 2014
https://bugzilla.netfilter.org/show_bug.cgi?id=971
Summary: Dropping anything with iptables and still can chat on
IRC.
Product: iptables
Version: 1.4.x
Platform: x86_64
OS/Version: Ubuntu
Status: NEW
Severity: critical
Priority: P5
Component: iptables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: thorstenkfr at gmail.com
Estimated Hours: 0.0
My iptables script is this here :
#!/bin/sh
iptables-restore <<END
# Generated by iptables-save v1.4.21 on Mon Sep 22 17:45:30 2014
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [2:441]
-A INPUT -p tcp --sport 80 -j ACCEPT
-A INPUT -p tcp --sport 443 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -j LOG
-A OUTPUT -p tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp --dport 443 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -j LOG
COMMIT
# Completed on Mon Sep 22 17:45:30 2014
END
It should block anything but http, https and domain.
But I still can chat on IRC on the linux box with these rules installed.
Looks like I have been hacked, or there is a bug.
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the netfilter-buglog
mailing list