Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
fmFirewall New,Established issue #295
I was trying to setup my firewall rules. As facileManager uses ALLOW Policy on INPUT/OUTPUT/FORWARD I was trying to allow some services and block the rest. But when it comes to allow established packets back in, the rule sets this in the rules file:
And I block everything with this rule:
But due to the NEW before the ESTABLISHED statement, nothing gets blocked and everything is allowed to inside. Is there an option to remove the NEW statement or replace it with RELATED ?
That is true with your particular two rules. However, there are many more rules that can be defined that would make it a firewall using the existing rule support by defining services to allow/deny. The feature that needs to be implemented in support to choose between NEW and RELATED.
Reading the iptables manpage more, it seems to me fmFirewall ought to add RELATED to the states when specifying ESTABLISHED (given the module is still in its infancy). So, for example, your allowed line would be
Or if you untick the "Established connection packets" box on the policy then it would look like