Hi, During 0.21 testing session, I noticed that we accept IPv6 RELATED,ESTABLISHED connections while we drop everything else. Is there any good reason to do that?
# ip6tables -L -n -v Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all * * ::/0 ::/0 state RELATED,ESTABLISHED Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all * * ::/0 ::/0 state RELATED,ESTABLISHED 0 0 LOG all * * ::/0 ::/0 LOG flags 8 level 7 prefix `Dropped outbound packet: ' 0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-port-unreachable Cheers _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
