Jump to content
Not connected, Your IP: 100.24.113.182
Sign in to follow this  
cm0s

iptables script

Recommended Posts

Remove:

iptables -A INPUT -s 10.0.0.0/8 -j DROP

 

Air's infrastructure relies on this address space (DNS responses for example).

Many people have their LANs on it too.

 

The major section, let's just call it malformed packets, is imho redundant - the traffic never hits

your network directly when you are connected to the VPN, it reaches Air's servers first where

similar rules already apply, in any case malformed packets will never reach you as first SYN.

It will reach Air's server and stop there. Try to send random SYN with any flags to Air's servers

and open tcpdump at your end, none of those packets will reach you.

Same applies for most of these rules, like bruteforce protection. Traffic will never reach your ports,

unless you forward them in the dashboard. And ports below <1024 you can't forward, so 443 makes no sense.

 

Your script will have a better application on servers rather than on clients, imho.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...