Can iptables rules stop working if i connect to a specific WiFi?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I created iptables rules like this:
iptables --flush
iptables --delete-chain
iptables -t nat --flush
iptables -t nat --delete-chain
iptables -P OUTPUT DROP
Does internet work in that case? I guess it shouldn't.
But recently I found a nice cafe in my town and used their WiFi. I was surprised that with their WiFi I have an Internet connection even with the rules above.
How that can be possible?
Thank you for answers.
P.S. I tried to connect to many other hot spots and nowhere that problem appeared, except this cafe's WiFi.
linux debian networking iptables
add a comment |Â
up vote
0
down vote
favorite
I created iptables rules like this:
iptables --flush
iptables --delete-chain
iptables -t nat --flush
iptables -t nat --delete-chain
iptables -P OUTPUT DROP
Does internet work in that case? I guess it shouldn't.
But recently I found a nice cafe in my town and used their WiFi. I was surprised that with their WiFi I have an Internet connection even with the rules above.
How that can be possible?
Thank you for answers.
P.S. I tried to connect to many other hot spots and nowhere that problem appeared, except this cafe's WiFi.
linux debian networking iptables
1
So what is the output ofiptables -nvL
while you can access the Internet?
â Hauke Laging
Apr 28 at 16:39
I'll go to this cafe and check it.
â T. Abrams
Apr 28 at 16:53
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I created iptables rules like this:
iptables --flush
iptables --delete-chain
iptables -t nat --flush
iptables -t nat --delete-chain
iptables -P OUTPUT DROP
Does internet work in that case? I guess it shouldn't.
But recently I found a nice cafe in my town and used their WiFi. I was surprised that with their WiFi I have an Internet connection even with the rules above.
How that can be possible?
Thank you for answers.
P.S. I tried to connect to many other hot spots and nowhere that problem appeared, except this cafe's WiFi.
linux debian networking iptables
I created iptables rules like this:
iptables --flush
iptables --delete-chain
iptables -t nat --flush
iptables -t nat --delete-chain
iptables -P OUTPUT DROP
Does internet work in that case? I guess it shouldn't.
But recently I found a nice cafe in my town and used their WiFi. I was surprised that with their WiFi I have an Internet connection even with the rules above.
How that can be possible?
Thank you for answers.
P.S. I tried to connect to many other hot spots and nowhere that problem appeared, except this cafe's WiFi.
linux debian networking iptables
asked Apr 28 at 16:27
T. Abrams
1
1
1
So what is the output ofiptables -nvL
while you can access the Internet?
â Hauke Laging
Apr 28 at 16:39
I'll go to this cafe and check it.
â T. Abrams
Apr 28 at 16:53
add a comment |Â
1
So what is the output ofiptables -nvL
while you can access the Internet?
â Hauke Laging
Apr 28 at 16:39
I'll go to this cafe and check it.
â T. Abrams
Apr 28 at 16:53
1
1
So what is the output of
iptables -nvL
while you can access the Internet?â Hauke Laging
Apr 28 at 16:39
So what is the output of
iptables -nvL
while you can access the Internet?â Hauke Laging
Apr 28 at 16:39
I'll go to this cafe and check it.
â T. Abrams
Apr 28 at 16:53
I'll go to this cafe and check it.
â T. Abrams
Apr 28 at 16:53
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
2
down vote
I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v
to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli
with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).
add a comment |Â
up vote
0
down vote
Obviously other iptables
calls have been made afterwards, probably by the component which configured the WiFi connection.
I'm using GNOME's network manager. So, it can did it? Is it possible at all?
â T. Abrams
Apr 28 at 16:52
@T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
â Hauke Laging
Apr 28 at 16:56
What do you use to connect to the wifi, if not NM? :)
â T. Abrams
Apr 28 at 17:07
@T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
â Hauke Laging
Apr 28 at 17:09
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v
to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli
with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).
add a comment |Â
up vote
2
down vote
I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v
to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli
with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).
add a comment |Â
up vote
2
down vote
up vote
2
down vote
I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v
to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli
with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).
I suspect something else is running scripts post-connect to modify the firewall rules. You can use sudo iptables -L -v
to figure out what the currently applied rules are. That being said, I've used several different methods to connect to the internet (first Network Manager, then Wicd, and now systemd-networkd and wpa_supplicant directly) and I've never had any of them modify the firewall rules after connection, so I'm not sure why that is happening. Worst case, you can start a system service which runs wpa_cli
with an action file that re-applies the firewall rules you desire upon connection (see the wpa_supplicant documentation for more information along with a sample action file).
answered Apr 28 at 17:44
Chiraag
1968
1968
add a comment |Â
add a comment |Â
up vote
0
down vote
Obviously other iptables
calls have been made afterwards, probably by the component which configured the WiFi connection.
I'm using GNOME's network manager. So, it can did it? Is it possible at all?
â T. Abrams
Apr 28 at 16:52
@T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
â Hauke Laging
Apr 28 at 16:56
What do you use to connect to the wifi, if not NM? :)
â T. Abrams
Apr 28 at 17:07
@T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
â Hauke Laging
Apr 28 at 17:09
add a comment |Â
up vote
0
down vote
Obviously other iptables
calls have been made afterwards, probably by the component which configured the WiFi connection.
I'm using GNOME's network manager. So, it can did it? Is it possible at all?
â T. Abrams
Apr 28 at 16:52
@T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
â Hauke Laging
Apr 28 at 16:56
What do you use to connect to the wifi, if not NM? :)
â T. Abrams
Apr 28 at 17:07
@T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
â Hauke Laging
Apr 28 at 17:09
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Obviously other iptables
calls have been made afterwards, probably by the component which configured the WiFi connection.
Obviously other iptables
calls have been made afterwards, probably by the component which configured the WiFi connection.
answered Apr 28 at 16:42
Hauke Laging
53.2k1282130
53.2k1282130
I'm using GNOME's network manager. So, it can did it? Is it possible at all?
â T. Abrams
Apr 28 at 16:52
@T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
â Hauke Laging
Apr 28 at 16:56
What do you use to connect to the wifi, if not NM? :)
â T. Abrams
Apr 28 at 17:07
@T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
â Hauke Laging
Apr 28 at 17:09
add a comment |Â
I'm using GNOME's network manager. So, it can did it? Is it possible at all?
â T. Abrams
Apr 28 at 16:52
@T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
â Hauke Laging
Apr 28 at 16:56
What do you use to connect to the wifi, if not NM? :)
â T. Abrams
Apr 28 at 17:07
@T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
â Hauke Laging
Apr 28 at 17:09
I'm using GNOME's network manager. So, it can did it? Is it possible at all?
â T. Abrams
Apr 28 at 16:52
I'm using GNOME's network manager. So, it can did it? Is it possible at all?
â T. Abrams
Apr 28 at 16:52
@T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
â Hauke Laging
Apr 28 at 16:56
@T.Abrams Software which modifies system interfaces runs with root privileges so it can certainly make changes to the firewall. Maybe that can be prevented by configuration but I am not familiar with NM.
â Hauke Laging
Apr 28 at 16:56
What do you use to connect to the wifi, if not NM? :)
â T. Abrams
Apr 28 at 17:07
What do you use to connect to the wifi, if not NM? :)
â T. Abrams
Apr 28 at 17:07
@T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
â Hauke Laging
Apr 28 at 17:09
@T.Abrams Strange as it may be: I do not have a private notebook. I do use something on the work notebook which may even be NM (or rather the KDE interface for it) but entering a password does not make me familiar with it.
â Hauke Laging
Apr 28 at 17:09
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f440595%2fcan-iptables-rules-stop-working-if-i-connect-to-a-specific-wifi%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
So what is the output of
iptables -nvL
while you can access the Internet?â Hauke Laging
Apr 28 at 16:39
I'll go to this cafe and check it.
â T. Abrams
Apr 28 at 16:53