[arch-general] Google Voice through iptables?
cap.sensitive at gmail.com
Wed Apr 25 22:56:47 EDT 2012
On Wed, Apr 25, 2012 at 12:35:46PM -0500, Leonid Isaev wrote:
> Assuming you are running a desktop machine, why would you want to DROP by
> default all outgoing traffic? AFAICT google voice app makes you browser
> establish some UDP connecyions + https. So here are few observations regarding
> your ruleset:
> 1. Default policy for OUTPUT should be ACCEPT and all following OUTPUT
> rules should be removed. Also, default DROP policy for INPUT is just impolite
> -- use REJECT instead.
> 2. Unless you have a good understanding of ICMP (which is way more than ping),
> all icmp should be allowed (please don't tell me about pings of death or DoS
> because of ping floods).
Good points. I've made changes regarding to your instruction.
> 3. You really have to start differentiating between NEW and other connections.
More information about the arch-general