Can iptables rules stop working if i connect to a specific WiFi?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I created iptables rules like this:
iptables --flush
iptables --delete-chain
iptables -t nat --flush
iptables -t nat --delete-chain
iptables -P OUTPUT DROP
Does internet work in that case? I guess it shouldn't.
But recently I found a nice cafe in my town and used their WiFi. I was surprised that with their WiFi I have an Internet connection even with the rules above.
How that can be possible?
Thank you for answers.
P.S. I tried to connect to many other hot spots and nowhere that problem appeared, except this cafe's WiFi.
linux debian networking iptables
asked Apr 28 at 16:27
T. Abrams
1
add a comment |Â
up vote
0
down vote
favorite
I created iptables rules like this:
iptables --flush
iptables --delete-chain
iptables -t nat --flush
iptables -t nat --delete-chain
iptables -P OUTPUT DROP
Does internet work in that case? I guess it shouldn't.
But recently I found a nice cafe in my town and used their WiFi. I was surprised that with their WiFi I have an Internet connection even with the rules above.
How that can be possible?
Thank you for answers.
P.S. I tried to connect to many other hot spots and nowhere that problem appeared, except this cafe's WiFi.
linux debian networking iptables
asked Apr 28 at 16:27
T. Abrams
1
1
So what is the output ofiptables -nvLwhile you can access the Internet?
– Hauke Laging
Apr 28 at 16:39
I'll go to this cafe and check it.
– T. Abrams
Apr 28 at 16:53
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I created iptables rules like this:
iptables --flush
iptables --delete-chain
iptables -t nat --flush
iptables -t nat --delete-chain
iptables -P OUTPUT DROP
Does internet work in that case? I guess it shouldn't.
But recently I found a nice cafe in my town and used their WiFi. I was surprised that with their WiFi I have an Internet connection even with the rules above.
How that can be possible?
Thank you for answers.
P.S. I tried to connect to many other hot spots and nowhere that problem appeared, except this cafe's WiFi.
linux debian networking iptables
asked Apr 28 at 16:27
T. Abrams
1
I created iptables rules like this:
iptables --flush
iptables --delete-chain
iptables -t nat --flush
iptables -t nat --delete-chain
iptables -P OUTPUT DROP
Does internet work in that case? I guess it shouldn't.
But recently I found a nice cafe in my town and used their WiFi. I was surprised that with their WiFi I have an Internet connection even with the rules above.
How that can be possible?
Thank you for answers.
P.S. I tried to connect to many other hot spots and nowhere that problem appeared, except this cafe's WiFi.
linux debian networking iptables
asked Apr 28 at 16:27
T. Abrams
1
asked Apr 28 at 16:27
T. Abrams
1
asked Apr 28 at 16:27
T. Abrams
1
asked Apr 28 at 16:27
T. Abrams
1
1
1
So what is the output ofiptables -nvLwhile you can access the Internet?
– Hauke Laging
Apr 28 at 16:39
I'll go to this cafe and check it.
– T. Abrams
Apr 28 at 16:53
add a comment |Â
1
So what is the output ofiptables -nvLwhile you can access the Internet?
– Hauke Laging
Apr 28 at 16:39
I'll go to this cafe and check it.
– T. Abrams
Apr 28 at 16:53
1
1
So what is the output of
iptables -nvL while you can access the Internet?– Hauke Laging
Apr 28 at 16:39
So what is the output of
iptables -nvL while you can access the Internet?– Hauke Laging
Apr 28 at 16:39
I'll go to this cafe and check it.
– T. Abrams
Apr 28 at 16:53
I'll go to this cafe and check it.
– T. Abrams
Apr 28 at 16:53
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
2
down vote
I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).
answered Apr 28 at 17:44
Chiraag
1968
add a comment |Â
up vote
0
down vote
Obviously other iptables calls have been made afterwards, probably by the component which configured the WiFi connection.
answered Apr 28 at 16:42
Hauke Laging
53.2k1282130
I'm using GNOME's network manager. So, it can did it? Is it possible at all?
– T. Abrams
Apr 28 at 16:52
@T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
– Hauke Laging
Apr 28 at 16:56
What do you use to connect to the wifi, if not NM? :)
– T. Abrams
Apr 28 at 17:07
@T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
– Hauke Laging
Apr 28 at 17:09
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).
answered Apr 28 at 17:44
Chiraag
1968
add a comment |Â
up vote
2
down vote
I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).
answered Apr 28 at 17:44
Chiraag
1968
add a comment |Â
up vote
2
down vote
up vote
2
down vote
I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).
answered Apr 28 at 17:44
Chiraag
1968
I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).
answered Apr 28 at 17:44
Chiraag
1968
answered Apr 28 at 17:44
Chiraag
1968
answered Apr 28 at 17:44
Chiraag
1968
answered Apr 28 at 17:44
Chiraag
1968
1968
add a comment |Â
add a comment |Â
up vote
0
down vote
Obviously other iptables calls have been made afterwards, probably by the component which configured the WiFi connection.
answered Apr 28 at 16:42
Hauke Laging
53.2k1282130
I'm using GNOME's network manager. So, it can did it? Is it possible at all?
– T. Abrams
Apr 28 at 16:52
@T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
– Hauke Laging
Apr 28 at 16:56
What do you use to connect to the wifi, if not NM? :)
– T. Abrams
Apr 28 at 17:07
@T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
– Hauke Laging
Apr 28 at 17:09
add a comment |Â
up vote
0
down vote
Obviously other iptables calls have been made afterwards, probably by the component which configured the WiFi connection.
answered Apr 28 at 16:42
Hauke Laging
53.2k1282130
I'm using GNOME's network manager. So, it can did it? Is it possible at all?
– T. Abrams
Apr 28 at 16:52
@T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
– Hauke Laging
Apr 28 at 16:56
What do you use to connect to the wifi, if not NM? :)
– T. Abrams
Apr 28 at 17:07
@T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
– Hauke Laging
Apr 28 at 17:09
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Obviously other iptables calls have been made afterwards, probably by the component which configured the WiFi connection.
answered Apr 28 at 16:42
Hauke Laging
53.2k1282130
Obviously other iptables calls have been made afterwards, probably by the component which configured the WiFi connection.
answered Apr 28 at 16:42
Hauke Laging
53.2k1282130
answered Apr 28 at 16:42
Hauke Laging
53.2k1282130
answered Apr 28 at 16:42
Hauke Laging
53.2k1282130
answered Apr 28 at 16:42
Hauke Laging
53.2k1282130
53.2k1282130
I'm using GNOME's network manager. So, it can did it? Is it possible at all?
– T. Abrams
Apr 28 at 16:52
@T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
– Hauke Laging
Apr 28 at 16:56
What do you use to connect to the wifi, if not NM? :)
– T. Abrams
Apr 28 at 17:07
@T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
– Hauke Laging
Apr 28 at 17:09
add a comment |Â
I'm using GNOME's network manager. So, it can did it? Is it possible at all?
– T. Abrams
Apr 28 at 16:52
@T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
– Hauke Laging
Apr 28 at 16:56
What do you use to connect to the wifi, if not NM? :)
– T. Abrams
Apr 28 at 17:07
@T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
– Hauke Laging
Apr 28 at 17:09
I'm using GNOME's network manager. So, it can did it? Is it possible at all?
– T. Abrams
Apr 28 at 16:52
I'm using GNOME's network manager. So, it can did it? Is it possible at all?
– T. Abrams
Apr 28 at 16:52
@T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
– Hauke Laging
Apr 28 at 16:56
@T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
– Hauke Laging
Apr 28 at 16:56
What do you use to connect to the wifi, if not NM? :)
– T. Abrams
Apr 28 at 17:07
What do you use to connect to the wifi, if not NM? :)
– T. Abrams
Apr 28 at 17:07
@T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
– Hauke Laging
Apr 28 at 17:09
@T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
– Hauke Laging
Apr 28 at 17:09
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f440595%2fcan-iptables-rules-stop-working-if-i-connect-to-a-specific-wifi%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
So what is the output of
iptables -nvLwhile you can access the Internet?– Hauke Laging
Apr 28 at 16:39
I'll go to this cafe and check it.
– T. Abrams
Apr 28 at 16:53