On 9/23/23 12:51, Christian wrote:
I might be wrong but this thread reads like there is a misunderstanding of what the difference is between "inbound" and "INPUT". The two phrases are not the same. At the risk of mansplaining the difference, I hope this clears up some confusion.
Hey, There is nothing wrong with "mansplaning". I can read the documents, but that is no guarantee I don't come away with a incorrect understanding of the finer points of interplay between the chains. In fact I did. I was under the impression that INPUT and OUTPUT chains function was separate and entries in the INPUT chain would not prevent outbound traffic on a blocked IP or range in the INPUT chain. The subsequent messages in the thread show it's all to easy to miss a point or two. Thank you Christian, u34 and especially Genes for advancing my understanding of how the chains work together. I will redo my rule-set in a hopefully more stateful manner. It has been cobbled together to address the main ranges where intrusions attempts have come from since I installed Arch on the server in 2015 building on the default iptables.rules provided at that time -- it no-doubt has a bit of age-rot in the rule-set. Thanks again for the help. Now if we could just get Redis to play-nice with Nextcloud, life would be great :) -- David C. Rankin, J.D.,P.E.