Can iptables rules stop working if i connect to a specific WiFi?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I created iptables rules like this:



iptables --flush
iptables --delete-chain
iptables -t nat --flush
iptables -t nat --delete-chain
iptables -P OUTPUT DROP


Does internet work in that case? I guess it shouldn't.



But recently I found a nice cafe in my town and used their WiFi. I was surprised that with their WiFi I have an Internet connection even with the rules above.



How that can be possible?



Thank you for answers.



P.S. I tried to connect to many other hot spots and nowhere that problem appeared, except this cafe's WiFi.




linux debian networking iptables




share|improve this question















  • 1




    So what is the output of iptables -nvL while you can access the Internet?
    – Hauke Laging
    Apr 28 at 16:39










  • I'll go to this cafe and check it.
    – T. Abrams
    Apr 28 at 16:53














up vote
0
down vote

favorite












I created iptables rules like this:



iptables --flush
iptables --delete-chain
iptables -t nat --flush
iptables -t nat --delete-chain
iptables -P OUTPUT DROP


Does internet work in that case? I guess it shouldn't.



But recently I found a nice cafe in my town and used their WiFi. I was surprised that with their WiFi I have an Internet connection even with the rules above.



How that can be possible?



Thank you for answers.



P.S. I tried to connect to many other hot spots and nowhere that problem appeared, except this cafe's WiFi.




linux debian networking iptables




share|improve this question















  • 1




    So what is the output of iptables -nvL while you can access the Internet?
    – Hauke Laging
    Apr 28 at 16:39










  • I'll go to this cafe and check it.
    – T. Abrams
    Apr 28 at 16:53












up vote
0
down vote

favorite









up vote
0
down vote

favorite











I created iptables rules like this:



iptables --flush
iptables --delete-chain
iptables -t nat --flush
iptables -t nat --delete-chain
iptables -P OUTPUT DROP


Does internet work in that case? I guess it shouldn't.



But recently I found a nice cafe in my town and used their WiFi. I was surprised that with their WiFi I have an Internet connection even with the rules above.



How that can be possible?



Thank you for answers.



P.S. I tried to connect to many other hot spots and nowhere that problem appeared, except this cafe's WiFi.




linux debian networking iptables




share|improve this question











I created iptables rules like this:



iptables --flush
iptables --delete-chain
iptables -t nat --flush
iptables -t nat --delete-chain
iptables -P OUTPUT DROP


Does internet work in that case? I guess it shouldn't.



But recently I found a nice cafe in my town and used their WiFi. I was surprised that with their WiFi I have an Internet connection even with the rules above.



How that can be possible?



Thank you for answers.



P.S. I tried to connect to many other hot spots and nowhere that problem appeared, except this cafe's WiFi.





linux debian networking iptables





share|improve this question










share|improve this question




share|improve this question









asked Apr 28 at 16:27









T. Abrams

1




1







  • 1




    So what is the output of iptables -nvL while you can access the Internet?
    – Hauke Laging
    Apr 28 at 16:39










  • I'll go to this cafe and check it.
    – T. Abrams
    Apr 28 at 16:53












  • 1




    So what is the output of iptables -nvL while you can access the Internet?
    – Hauke Laging
    Apr 28 at 16:39










  • I'll go to this cafe and check it.
    – T. Abrams
    Apr 28 at 16:53







1




1




So what is the output of iptables -nvL while you can access the Internet?
– Hauke Laging
Apr 28 at 16:39




So what is the output of iptables -nvL while you can access the Internet?
– Hauke Laging
Apr 28 at 16:39












I'll go to this cafe and check it.
– T. Abrams
Apr 28 at 16:53




I'll go to this cafe and check it.
– T. Abrams
Apr 28 at 16:53










2 Answers
2






active

oldest

votes

















up vote
2
down vote













I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).






share|improve this answer




























    up vote
    0
    down vote













    Obviously other iptables calls have been made afterwards, probably by the component which configured the WiFi connection.






    share|improve this answer





















    • I'm using GNOME's network manager. So, it can did it? Is it possible at all?
      – T. Abrams
      Apr 28 at 16:52










    • @T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
      – Hauke Laging
      Apr 28 at 16:56










    • What do you use to connect to the wifi, if not NM? :)
      – T. Abrams
      Apr 28 at 17:07











    • @T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
      – Hauke Laging
      Apr 28 at 17:09










    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );








     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f440595%2fcan-iptables-rules-stop-working-if-i-connect-to-a-specific-wifi%23new-answer', 'question_page');

    );

    Post as a guest

















    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    2
    down vote













    I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).






    share|improve this answer

























      up vote
      2
      down vote













      I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).






      share|improve this answer























        up vote
        2
        down vote










        up vote
        2
        down vote









        I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).






        share|improve this answer













        I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).







        share|improve this answer













        share|improve this answer



        share|improve this answer











        answered Apr 28 at 17:44









        Chiraag

        1968




        1968






















            up vote
            0
            down vote













            Obviously other iptables calls have been made afterwards, probably by the component which configured the WiFi connection.






            share|improve this answer





















            • I'm using GNOME's network manager. So, it can did it? Is it possible at all?
              – T. Abrams
              Apr 28 at 16:52










            • @T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
              – Hauke Laging
              Apr 28 at 16:56










            • What do you use to connect to the wifi, if not NM? :)
              – T. Abrams
              Apr 28 at 17:07











            • @T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
              – Hauke Laging
              Apr 28 at 17:09














            up vote
            0
            down vote













            Obviously other iptables calls have been made afterwards, probably by the component which configured the WiFi connection.






            share|improve this answer





















            • I'm using GNOME's network manager. So, it can did it? Is it possible at all?
              – T. Abrams
              Apr 28 at 16:52










            • @T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
              – Hauke Laging
              Apr 28 at 16:56










            • What do you use to connect to the wifi, if not NM? :)
              – T. Abrams
              Apr 28 at 17:07











            • @T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
              – Hauke Laging
              Apr 28 at 17:09












            up vote
            0
            down vote










            up vote
            0
            down vote









            Obviously other iptables calls have been made afterwards, probably by the component which configured the WiFi connection.






            share|improve this answer













            Obviously other iptables calls have been made afterwards, probably by the component which configured the WiFi connection.







            share|improve this answer













            share|improve this answer



            share|improve this answer











            answered Apr 28 at 16:42









            Hauke Laging

            53.2k1282130




            53.2k1282130











            • I'm using GNOME's network manager. So, it can did it? Is it possible at all?
              – T. Abrams
              Apr 28 at 16:52










            • @T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
              – Hauke Laging
              Apr 28 at 16:56










            • What do you use to connect to the wifi, if not NM? :)
              – T. Abrams
              Apr 28 at 17:07











            • @T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
              – Hauke Laging
              Apr 28 at 17:09
















            • I'm using GNOME's network manager. So, it can did it? Is it possible at all?
              – T. Abrams
              Apr 28 at 16:52










            • @T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
              – Hauke Laging
              Apr 28 at 16:56










            • What do you use to connect to the wifi, if not NM? :)
              – T. Abrams
              Apr 28 at 17:07











            • @T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
              – Hauke Laging
              Apr 28 at 17:09















            I'm using GNOME's network manager. So, it can did it? Is it possible at all?
            – T. Abrams
            Apr 28 at 16:52




            I'm using GNOME's network manager. So, it can did it? Is it possible at all?
            – T. Abrams
            Apr 28 at 16:52












            @T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
            – Hauke Laging
            Apr 28 at 16:56




            @T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
            – Hauke Laging
            Apr 28 at 16:56












            What do you use to connect to the wifi, if not NM? :)
            – T. Abrams
            Apr 28 at 17:07





            What do you use to connect to the wifi, if not NM? :)
            – T. Abrams
            Apr 28 at 17:07













            @T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
            – Hauke Laging
            Apr 28 at 17:09




            @T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
            – Hauke Laging
            Apr 28 at 17:09












             

            draft saved


            draft discarded


























             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f440595%2fcan-iptables-rules-stop-working-if-i-connect-to-a-specific-wifi%23new-answer', 'question_page');

            );

            Post as a guest
































































            -

            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this questi...
            Read more

            Christian Cage

            Image
            Christian Cage Christian in March 2015 Birth name William Jason Reso Born ( 1973-11-30 ) November 30, 1973 (age 45) Kitchener, Ontario, Canada Residence Tampa, Florida, United States Spouse(s) Denise Hartmann ( m.   2001 ) Children 1 Professional wrestling career Ring name(s) Christian [1] Christian Cage [2] Conquistador Dos [3] Male Nurse [4] Billed height 6 ft 1 in (1.85 m) [1] Billed weight 212 lb (96 kg) [1] Billed from Tampa, Florida (WM18, TNA) Toronto, Ontario, Canada [1] Trained by Dory Funk Jr. [2] Ron Hutchison [5] Debut 1995 [5] Retired 2014 [6] William Jason Reso (born November 30, 1973) is a Canadian actor, podcaster and retired professional wrestler best known for his time in WWE under the ring name Christian , a shortened version of his original ring name Christian Cage that was also used during his tenure in Total Nonstop Action Wrestling (TNA). Reso was trained by former professional wrestlers Ron Hutchison and Dory Funk Jr. and m...
            Read more

            How to properly install USB display driver for Fresco Logic FL2000DX on Ubuntu?

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 4 down vote favorite 1 I need to connect additional monitors on my computer and I get Fresco Logic FL2000DX USB display adapters. This adapters works perfect on Windows but I need to use on my development machine based on Ubuntu 16.04. I find this on git hub: https://github.com/fresco-fl2000/fl2000 and try to install it but installation fail. Can anyone help me regarding this? Thanks! ubuntu drivers display-settings proprietary-drivers share | improve this question asked Aug 16 '17 at 16:42 Ivijan Stefan Stipić 142 1 6 add a comment  |  up vote 4 down vote favorite 1 I need to connect additional monitors on my computer and I get Fresco Logic FL2000DX USB display adapters. This adapters works perfect on Windows but I need to use on my development machine based on Ubuntu 16.04. I find this on git hub: https://github.com/fresco-fl2000/fl2000 and ...
            Read more