How to create a rule with (old iptables style)"-m state --state NEW and/or ESTABLISHED and/or RELATED"
by Dan White
I see rules in my "iptables -S" dump like
-A IN_work_allow -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
But how do I create one ? I cannot find any documentation on "state" or "ctstate" setting.
Thanks.
Dan White | d_e_white(a)icloud.com
------------------------------------------------
“Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.” (Bill Waterson: Calvin & Hobbes)
7 years, 5 months
How can I do Internet Kill Switch from GUI of firewalld ? Please your
kind help !
by Yousif Kadom
Hi. I'm new user of Linux. I'm on Linux Fedora 24 X64 cinnamon edition.
I opened thread in Fedora help form about how achieve Internet kill switch. Please look to descusion within it on following link:
http://www.forums.fedoraforum.org/showthread.php?t=311476
My user name in Fedora help forum is User808 also.
As you see from thread, I'm not able to use command line iptables because it is deficult. I try my best but I can not.
I have Idea to achieve Internet kill switch from GUI of firewalld & not sure if it is correct or not ? It seem that it is correct or correct with need for minor additions. My idea is that:
After downloading VPN configuration files & set up VPN from network manager we do following:
1) open GUI of firewalld then change default zone to = drop
2) open GUI of VPN from network manager & before connect to VPN we change (from GUI of VPN within network manager) firewall zone setting of VPN to either trusted or home.
3) connect to VPN
4) after end session of VPN I have to disconnect from VPN then reopen GUI of firewalld to change back default zone to = public so as to restore normal Internet connection. Then restore zone setting of VPN from GUI of VPN in network manager to default zone.
Is this valid way
7 years, 5 months
Block all traffic except VPN IP, DNS, tun/tap?
by Jake Trader
I'd like to achieve Four things in Firewalld:
1. Add a rule that blocks all outgoing and incoming traffic on your Local Ethernet Device.
2. Add an exception for your favorite DNS Server (to resolve the hostname of your VPN provider)
3. Add an exception for your VPN provider’s IP addresses
4. Add an Rule for your tun/tap or any other VPN Device to allow all outgoing Traffic for the VPN Tunnel.
Can someone tell me how?
7 years, 6 months