Hi,
Jacob Appelbaum wrote (24 Jul 2014 22:59:38 GMT) :
> On 7/24/14, intrigeri wrote:
>> Jacob Appelbaum wrote (24 Jul 2014 21:27:54 GMT) :
> I have attached a basic patch to clean up the IPv6 firewall rules. It
> is a very simple patch. Still, I would love someone to test it and
> ensure that I
Jacob Appelbaum wrote:
>> > Jacob Appelbaum wrote (24 Jul 2014 21:27:54 GMT) :
>>> >> That sounds like a great reason to find a way to make it easy to
>>> >> dynamically change the firewall for such an application - can ferm
>>> >> easily load different rules on demand?
>> >
>> > No idea.
>
> Ok. T
Heya,
On 7/24/14, intrigeri wrote:
> Hi,
>
> Jacob Appelbaum wrote (24 Jul 2014 21:27:54 GMT) :
>> That sounds like a great reason to find a way to make it easy to
>> dynamically change the firewall for such an application - can ferm
>> easily load different rules on demand?
>
> No idea.
Ok. Thi
Hi,
Jacob Appelbaum wrote (24 Jul 2014 21:27:54 GMT) :
> That sounds like a great reason to find a way to make it easy to
> dynamically change the firewall for such an application - can ferm
> easily load different rules on demand?
No idea.
> On 7/24/14, intrigeri wrote:
>> 2. historically (bef
On 7/24/14, intrigeri wrote:
> Hi,
>
> (happy to see someone look at these rules in details, and question
> part of it!)
>
Thank you for the positive feedback!
> Jacob Appelbaum wrote (24 Jul 2014 01:28:54 GMT) :
>> When would we ever have a RELATED or ESTABLISHED ipv6 connection when
>> everyth
Hi,
(happy to see someone look at these rules in details, and question
part of it!)
Jacob Appelbaum wrote (24 Jul 2014 01:28:54 GMT) :
> When would we ever have a RELATED or ESTABLISHED ipv6 connection when
> everything is dropped?
I think the only reasons to have these rules are:
1. it makes i
Hi,
I've been looking at ferm.conf and I have some questions. It appears
that for ipv6, we have rules that state the following:
# IPv6:
domain ip6 {
table filter {
chain INPUT {
policy DROP;
# Established connections are accepted.
mod state state (
