bugzilla-daemon at netfilter.org
2014-Sep-22 18:24 UTC
[Bug 971] New: Dropping anything with iptables and still can chat on IRC.
https://bugzilla.netfilter.org/show_bug.cgi?id=971
Summary: Dropping anything with iptables and still can chat on
IRC.
Product: iptables
Version: 1.4.x
Platform: x86_64
OS/Version: Ubuntu
Status: NEW
Severity: critical
Priority: P5
Component: iptables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: thorstenkfr at gmail.com
Estimated Hours: 0.0
My iptables script is this here :
#!/bin/sh
iptables-restore <<END
# Generated by iptables-save v1.4.21 on Mon Sep 22 17:45:30 2014
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [2:441]
-A INPUT -p tcp --sport 80 -j ACCEPT
-A INPUT -p tcp --sport 443 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -j LOG
-A OUTPUT -p tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp --dport 443 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -j LOG
COMMIT
# Completed on Mon Sep 22 17:45:30 2014
END
It should block anything but http, https and domain.
But I still can chat on IRC on the linux box with these rules installed.
Looks like I have been hacked, or there is a bug.
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
bugzilla-daemon at netfilter.org
2016-Mar-10 17:32 UTC
[Bug 971] Dropping anything with iptables and still can chat on IRC.
https://bugzilla.netfilter.org/show_bug.cgi?id=971
Piyush Pangtey <gokuvsvegita at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |gokuvsvegita at gmail.com
Resolution|--- |FIXED
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160310/b381992c/attachment.html>
bugzilla-daemon at netfilter.org
2016-Mar-10 18:52 UTC
[Bug 971] Dropping anything with iptables and still can chat on IRC.
https://bugzilla.netfilter.org/show_bug.cgi?id=971
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |pablo at netfilter.org
Resolution|FIXED |INVALID
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160310/96dba732/attachment.html>
Apparently Analagous Threads
- [Bug 916] New: Build failure on Slackware 14.1 (./configure rejects libreadline.so)
- Centos 7 (using iptables) removed firewalld
- [Bug 1324] New: with kernel 4.20.11 ip6table REDIRECT, process listening on redirected port does not get a packet
- IRC Chat Room
- Centos 7 (using iptables) removed firewalld