On 24/10/2019 08:21, Patrick Brunschwig wrote:
> Your guess is perfectly right, that's exactly what happens. Enigmail
> uses a standard library provided by Mozilla for add-ons to execute
> processes. Earlier versions of the library did close all file
> descriptors correctly. But the library is
Let's assume you are right, and it's because of the way the linux works.
When I clear the conntrack table, the following messages appear in the FW log
(I don't block the gpg packets for now, just log and accept them in its rule):
Oct 23 17:59:14 morfikownia kernel: * gpg * IN= OUT=bond0 \
I'm filtering OUTPUT traffic on my Debian via
nftables+cgroups(net_cls)+cgrulesengd, and all apps, which want to connect to
the network, I have to assign some cgroups class and add a rule in the FW.
The gpg binary wants TCP/443 to speak with keyservers (optionally TCP/80).
I thought that's all