Can iptables rules stop working if i connect to a specific WiFi?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I created iptables rules like this:



iptables --flush
iptables --delete-chain
iptables -t nat --flush
iptables -t nat --delete-chain
iptables -P OUTPUT DROP


Does internet work in that case? I guess it shouldn't.



But recently I found a nice cafe in my town and used their WiFi. I was surprised that with their WiFi I have an Internet connection even with the rules above.



How that can be possible?



Thank you for answers.



P.S. I tried to connect to many other hot spots and nowhere that problem appeared, except this cafe's WiFi.







share|improve this question















  • 1




    So what is the output of iptables -nvL while you can access the Internet?
    – Hauke Laging
    Apr 28 at 16:39










  • I'll go to this cafe and check it.
    – T. Abrams
    Apr 28 at 16:53














up vote
0
down vote

favorite












I created iptables rules like this:



iptables --flush
iptables --delete-chain
iptables -t nat --flush
iptables -t nat --delete-chain
iptables -P OUTPUT DROP


Does internet work in that case? I guess it shouldn't.



But recently I found a nice cafe in my town and used their WiFi. I was surprised that with their WiFi I have an Internet connection even with the rules above.



How that can be possible?



Thank you for answers.



P.S. I tried to connect to many other hot spots and nowhere that problem appeared, except this cafe's WiFi.







share|improve this question















  • 1




    So what is the output of iptables -nvL while you can access the Internet?
    – Hauke Laging
    Apr 28 at 16:39










  • I'll go to this cafe and check it.
    – T. Abrams
    Apr 28 at 16:53












up vote
0
down vote

favorite









up vote
0
down vote

favorite











I created iptables rules like this:



iptables --flush
iptables --delete-chain
iptables -t nat --flush
iptables -t nat --delete-chain
iptables -P OUTPUT DROP


Does internet work in that case? I guess it shouldn't.



But recently I found a nice cafe in my town and used their WiFi. I was surprised that with their WiFi I have an Internet connection even with the rules above.



How that can be possible?



Thank you for answers.



P.S. I tried to connect to many other hot spots and nowhere that problem appeared, except this cafe's WiFi.







share|improve this question











I created iptables rules like this:



iptables --flush
iptables --delete-chain
iptables -t nat --flush
iptables -t nat --delete-chain
iptables -P OUTPUT DROP


Does internet work in that case? I guess it shouldn't.



But recently I found a nice cafe in my town and used their WiFi. I was surprised that with their WiFi I have an Internet connection even with the rules above.



How that can be possible?



Thank you for answers.



P.S. I tried to connect to many other hot spots and nowhere that problem appeared, except this cafe's WiFi.









share|improve this question










share|improve this question




share|improve this question









asked Apr 28 at 16:27









T. Abrams

1




1







  • 1




    So what is the output of iptables -nvL while you can access the Internet?
    – Hauke Laging
    Apr 28 at 16:39










  • I'll go to this cafe and check it.
    – T. Abrams
    Apr 28 at 16:53












  • 1




    So what is the output of iptables -nvL while you can access the Internet?
    – Hauke Laging
    Apr 28 at 16:39










  • I'll go to this cafe and check it.
    – T. Abrams
    Apr 28 at 16:53







1




1




So what is the output of iptables -nvL while you can access the Internet?
– Hauke Laging
Apr 28 at 16:39




So what is the output of iptables -nvL while you can access the Internet?
– Hauke Laging
Apr 28 at 16:39












I'll go to this cafe and check it.
– T. Abrams
Apr 28 at 16:53




I'll go to this cafe and check it.
– T. Abrams
Apr 28 at 16:53










2 Answers
2






active

oldest

votes

















up vote
2
down vote













I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).






share|improve this answer




























    up vote
    0
    down vote













    Obviously other iptables calls have been made afterwards, probably by the component which configured the WiFi connection.






    share|improve this answer





















    • I'm using GNOME's network manager. So, it can did it? Is it possible at all?
      – T. Abrams
      Apr 28 at 16:52










    • @T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
      – Hauke Laging
      Apr 28 at 16:56










    • What do you use to connect to the wifi, if not NM? :)
      – T. Abrams
      Apr 28 at 17:07











    • @T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
      – Hauke Laging
      Apr 28 at 17:09










    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );








     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f440595%2fcan-iptables-rules-stop-working-if-i-connect-to-a-specific-wifi%23new-answer', 'question_page');

    );

    Post as a guest






























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    2
    down vote













    I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).






    share|improve this answer

























      up vote
      2
      down vote













      I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).






      share|improve this answer























        up vote
        2
        down vote










        up vote
        2
        down vote









        I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).






        share|improve this answer













        I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).







        share|improve this answer













        share|improve this answer



        share|improve this answer











        answered Apr 28 at 17:44









        Chiraag

        1968




        1968






















            up vote
            0
            down vote













            Obviously other iptables calls have been made afterwards, probably by the component which configured the WiFi connection.






            share|improve this answer





















            • I'm using GNOME's network manager. So, it can did it? Is it possible at all?
              – T. Abrams
              Apr 28 at 16:52










            • @T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
              – Hauke Laging
              Apr 28 at 16:56










            • What do you use to connect to the wifi, if not NM? :)
              – T. Abrams
              Apr 28 at 17:07











            • @T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
              – Hauke Laging
              Apr 28 at 17:09














            up vote
            0
            down vote













            Obviously other iptables calls have been made afterwards, probably by the component which configured the WiFi connection.






            share|improve this answer





















            • I'm using GNOME's network manager. So, it can did it? Is it possible at all?
              – T. Abrams
              Apr 28 at 16:52










            • @T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
              – Hauke Laging
              Apr 28 at 16:56










            • What do you use to connect to the wifi, if not NM? :)
              – T. Abrams
              Apr 28 at 17:07











            • @T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
              – Hauke Laging
              Apr 28 at 17:09












            up vote
            0
            down vote










            up vote
            0
            down vote









            Obviously other iptables calls have been made afterwards, probably by the component which configured the WiFi connection.






            share|improve this answer













            Obviously other iptables calls have been made afterwards, probably by the component which configured the WiFi connection.







            share|improve this answer













            share|improve this answer



            share|improve this answer











            answered Apr 28 at 16:42









            Hauke Laging

            53.2k1282130




            53.2k1282130











            • I'm using GNOME's network manager. So, it can did it? Is it possible at all?
              – T. Abrams
              Apr 28 at 16:52










            • @T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
              – Hauke Laging
              Apr 28 at 16:56










            • What do you use to connect to the wifi, if not NM? :)
              – T. Abrams
              Apr 28 at 17:07











            • @T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
              – Hauke Laging
              Apr 28 at 17:09
















            • I'm using GNOME's network manager. So, it can did it? Is it possible at all?
              – T. Abrams
              Apr 28 at 16:52










            • @T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
              – Hauke Laging
              Apr 28 at 16:56










            • What do you use to connect to the wifi, if not NM? :)
              – T. Abrams
              Apr 28 at 17:07











            • @T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
              – Hauke Laging
              Apr 28 at 17:09















            I'm using GNOME's network manager. So, it can did it? Is it possible at all?
            – T. Abrams
            Apr 28 at 16:52




            I'm using GNOME's network manager. So, it can did it? Is it possible at all?
            – T. Abrams
            Apr 28 at 16:52












            @T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
            – Hauke Laging
            Apr 28 at 16:56




            @T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
            – Hauke Laging
            Apr 28 at 16:56












            What do you use to connect to the wifi, if not NM? :)
            – T. Abrams
            Apr 28 at 17:07





            What do you use to connect to the wifi, if not NM? :)
            – T. Abrams
            Apr 28 at 17:07













            @T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
            – Hauke Laging
            Apr 28 at 17:09




            @T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
            – Hauke Laging
            Apr 28 at 17:09












             

            draft saved


            draft discarded


























             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f440595%2fcan-iptables-rules-stop-working-if-i-connect-to-a-specific-wifi%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?