GNU bug report logs - #48753
iptables example update

Previous Next

Package: guix-patches;

Reported by: Eric Brown <ecbrown <at> ericcbrown.com>

Date: Sun, 30 May 2021 21:08:01 UTC

Severity: normal

Done: Arun Isaac <arunisaac <at> systemreboot.net>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: "Eric Brown" <ecbrown <at> ericcbrown.com>
To: "Arun Isaac" <arunisaac <at> systemreboot.net>, 48753-done <at> debbugs.gnu.org
Subject: [bug#48753] iptables example update
Date: Sun, 06 Jun 2021 13:52:57 -0500

On Thu, Jun 3, 2021, at 1:46 PM, Arun Isaac wrote:
> 
> Hi Eric,
> 
> I wrote the iptables service and documentation. So, the mistake is
> entirely due to my poor grasp of iptables! :-)
> 
> I have applied your patch, and pushed to master. Thanks!
> 
> Cheers,
> Arun
> 
> Attachments:
> * signature.asc



Hi Arun,

Thank you for applying the patch, I think it’s much better. Truthfully i am relieved that you are an iptables newbie and so am I!

I think there could still be some work done to this recommendation.  For example, when I use this updated iptables firewall selection, I am unable to telnet into ports open on localhost.   An example is that I am a heavy user of VNC/SSH tunnel connections and it doesn’t let me do that, it blocks e.g. port 5902.    (A similar naive rule in nftables does let this work!!!)

But so many examples are given in iptables (esp. WireGuard stuff) and so if you have no objections, I would like to take a further look and maybe even ask around as to what the ‘ufw allow ssh’ behavior vis-a-vis iptables best practices.

Best regards,
Eric
This bug report was last modified 3 years and 342 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.