Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RELATED,ESTABLISHED -> ESTABLISHED #9

Closed
adrelanos opened this issue Jun 23, 2015 · 1 comment
Closed

RELATED,ESTABLISHED -> ESTABLISHED #9

adrelanos opened this issue Jun 23, 2015 · 1 comment
Labels
enhancement

Comments

@adrelanos
Copy link
Owner

For better security.

RELATED should be removed from...

  • iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT and
  • iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

More info:
https://phabricator.whonix.org/T28
adrelanos pushed a commit that referenced this issue May 11, 2016
fixed shared VPN/Tor server leak bug (#12)
f5a0d06 
use ip(6)tables --wait
made ip(6)tables commands configurable
RELATED,ESTABLISHED -> ESTABLISHED for better security (fixes #9)
ported from sysvinit to (systemd) netfilter-persistent
also source configuration folder /rw/config/vpn-firewall.d/*.conf
Debian packaging
licensing
refactoring
comments
@adrelanos
Copy link
Owner Author

This is done in development branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@adrelanos