intrigeri transcribed 0.8K bytes: > Alan wrote (28 Oct 2013 12:41:45 GMT) : > > During 0.21 testing session, I noticed that we accept IPv6 > > RELATED,ESTABLISHED connections while we drop everything else. Is there > > any good reason to do that? > > No idea. As far as I understand it, removing these rules would have > absolutely no impact on the actual rules processing (my understanding > is that no packet can reach RELATED/ESTABLISHED state if new packets > are not allowed to start with). So, I see no problem that would need > to be solved here. > > If anyone thinks differently, and believe there's an actual problem to > solve here, I'm happy to see people experiment and propose a branch.
If it's useful to whoever wants to experiment with it, there is a script attached from my current firewall -- it handles Tor and Transproxy settings for IPv4 and IPv6. It would need to be triple checked for leaks, especially the IPv6 Transproxy parts, but it's perhaps a start. FWIW, there *are* quite a few IPv6 bridges and relays now, and IPv6 still seems to not be touched by all the various DPI boxes. -- ♥Ⓐ isis agora lovecruft _________________________________________________________ GPG: 4096R/A3ADB67A2CDB8B35 Current Keys: https://blog.patternsinthevoid.net/isis.txt
signature.asc
Description: Digital signature
_______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
