According to anonym on Thu, Dec 04 2014: > FWIW I experienced no issues during my tests with *only* ESTABLISHED in > both the INPUT and OUTPUT chains so neither NEW nor RELATED seems > essential for the basic usage I tested. And of course the above > "exploits" didn't work due to the absence of NEW.
You're right it work with ESTABLISHED only. This is due to whitelisted rule for the debian-tor user that may send any kind of packet. We might consider harden this rule to prevent leaks of other protocols by the debian-tor user; basically restrict it to only allow TCP SYN packets. The rest would be handled by the stateful rule. Cheers, Olli _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
