LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   iptables OUTPUT and Midnight Commander (https://www.linuxquestions.org/questions/linux-networking-3/iptables-output-and-midnight-commander-4175439622/)

dimm0k 12-01-2012 03:24 PM
iptables OUTPUT and Midnight Commander
 
Maybe it never bothered me before, but I realized that Midnight Commander has been really slow to start so I did a little digging and it looks like mc is making some net traffic during startup that's getting blocked by my iptables rules for the OUTPUT chain. Below are the four lines in my OUTPUT chain, which by default is set to DROP if it does not match the rules.

Code:
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state -p ICMP --state INVALID -j DROP
$IPTABLES -A OUTPUT -p ALL -j KEEP_STATE
$IPTABLES -A OUTPUT -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
From the looks of it that last line is causing the issue... if I remove that line mc starts up nice and fast, but nothing can get out anymore! Anyone know why this might be? That last line should be allowing everything out, should it not?!

DutchGeek 12-01-2012 05:23 PM
Did you check why mc is generating this traffic? and what type of traffic it is? If it is traffic you didn't authorize, it could be a security issue.

Yep looks like the last rule allows all traffic in-out, so only if you remove it, mc works smoothly. I'd say add a rule to allow specific traffic that you know, and deny the rest.

Cheers.


All times are GMT -5. The time now is 12:59 AM.