<blockquote><blockquote></blockquote></blockquote><div style="font-family: arial; font-size: 14px;"><div style="font-family: arial; font-size: 14px;"><span class="font" style="font-family: arial, sans-serif;">Hi!</span><span class="font" style="font-family: arial, sans-serif;"><br></span></div><div style="font-family: arial; font-size: 14px;"><span class="font" style="font-family: arial, sans-serif;">I noticed that after I have set up my ip(+6)tables up to filter unwanted incoming traffic all "inbound" and "directory" connections in nyx disappeared, only lot of "outbound" connections are there.</span><span class="font" style="font-family: arial, sans-serif;"><br></span></div><div style="font-family: arial; font-size: 14px;"><span class="font" style="font-family: arial, sans-serif;">I am running exit relay (IPv4+IPv6) on ORPort 443 and DIRPort 80.</span><span class="font" style="font-family: arial, sans-serif;"><br></span></div><div style="font-family: arial; font-size: 14px;"><span class="font" style="font-family: arial, sans-serif;">Is there someone willing to check my iptable rules? I am starting to lose it...</span><span class="font" style="font-family: arial, sans-serif;"><br></span></div><div style="font-family: arial; font-size: 14px;"></div></div><blockquote><pre class="prettyprint done" id="paste-content"><div><b><span class="font" style="font-family: arial, sans-serif;">My iptables:</span></b><span class="font" style="font-family: arial, sans-serif;">
-P INPUT DROP</span><span class="font" style="font-family: arial, sans-serif;"><br></span></div><div><span class="font" style="font-family: arial, sans-serif;">-P FORWARD DROP</span><span class="font" style="font-family: arial, sans-serif;"><br></span></div><div><span class="font" style="font-family: arial, sans-serif;">-P OUTPUT DROP</span><span class="font" style="font-family: arial, sans-serif;"><br></span></div><div><span class="font" style="font-family: arial, sans-serif;">-A INPUT -i lo -j ACCEPT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></div><div><span class="font" style="font-family: arial, sans-serif;">-A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 22 -j ACCEPT </span><b><i><span class="font" style="font-family: arial, sans-serif;"># SSH running there</span></i></b><span class="font" style="font-family: arial, sans-serif;"><br></span></div><div><span class="font" style="font-family: arial, sans-serif;">-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT </span><b><i><span class="font" style="font-family: arial, sans-serif;"># allow incoming comm to ORPort </span></i></b><span class="font" style="font-family: arial, sans-serif;"><br></span></div><div><span class="font" style="font-family: arial, sans-serif;">-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT </span><b><i><span class="font" style="font-family: arial, sans-serif;"># allow incoming comm to DIRPort</span></i></b><i><span class="font" style="font-family: arial, sans-serif;"> </span></i><span class="font" style="font-family: arial, sans-serif;"><br></span></div><div><span class="font" style="font-family: arial, sans-serif;">-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT </span><b><i><span class="font" style="font-family: arial, sans-serif;"># allow all already established incoming connections</span></i></b><span class="font" style="font-family: arial, sans-serif;"><br></span></div><div><span class="font" style="font-family: arial, sans-serif;">-A OUTPUT -o lo -j ACCEPT </span><b><i><span class="font" style="font-family: arial, sans-serif;"># allow all outgoing connections</span></i></b><span class="font" style="font-family: arial, sans-serif;"><br></span></div><div><span class="font" style="font-family: arial, sans-serif;">-A OUTPUT -o eth0 -j ACCEPT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></div></pre></blockquote><div style="font-family: arial; font-size: 14px;"><span class="font" style="font-family: arial, sans-serif;"><br></span></div><blockquote><div style="font-family: arial; font-size: 14px;"><b><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">My ip6tables:</span></span></b><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-P INPUT DROP</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-P FORWARD DROP</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-P OUTPUT DROP</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-N ICMPv6_IN</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-N ICMPv6_OUT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A INPUT -i lo -j ACCEPT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 22 -j ACCEPT </span></span><b><i><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;"># SSH running there</span></span></i></b><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT </span></span><b><i><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;"># allow incoming comm to ORPort</span></span></i></b><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT </span></span><b><i><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;"># allow incoming comm to DIRPort</span></span></i></b><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A INPUT -p ipv6-icmp -j ICMPv6_IN </span></span><b><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;"></span></span><i><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">#pass all icmpv6 related traffic to new chain</span></span></i></b><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT </span></span><b><i><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;"># allow all already established incoming connections</span></span></i></b><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A OUTPUT -o lo -j ACCEPT </span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A OUTPUT -p ipv6-icmp -j ICMPv6_OUT </span></span><b><i><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">#pass all icmpv6 related traffic to new chain</span></span></i></b><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A OUTPUT -o eth0 -j ACCEPT </span></span><b><i><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;"># allow all outgoing connections</span></span></i></b><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 1 -j ACCEPT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 129 -j ACCEPT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j ACCEPT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j ACCEPT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A ICMPv6_IN -j DROP</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A ICMPv6_OUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A ICMPv6_OUT -p ipv6-icmp -m icmp6 --icmpv6-type 129 -j ACCEPT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A ICMPv6_OUT -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j ACCEPT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A ICMPv6_OUT -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j ACCEPT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A ICMPv6_OUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A ICMPv6_OUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT</span><span class="font" style="font-family: arial, sans-serif;"><br></span></span></div><div style="font-family: arial; font-size: 14px;"><span class="size" style="font-size: 14"><span class="font" style="font-family: arial, sans-serif;">-A ICMPv6_OUT -j DROP</span></span><span class="font" style="font-family: arial, sans-serif;"><br></span></div></blockquote><div style="font-family: arial; font-size: 14px;"><span class="font" style="font-family: arial, sans-serif;"><br></span></div><div style="font-family: arial; font-size: 14px;"><span class="font" style="font-family: arial, sans-serif;">Thank you all for any replies!</span><span class="font" style="font-family: arial, sans-serif;"><br></span></div><div style="font-family: arial; font-size: 14px;"><span class="font" style="font-family: arial, sans-serif;">Have a nice day.</span><span class="font" style="font-family: arial, sans-serif;"><br></span></div><div style="font-family: arial; font-size: 14px;"><span class="font" style="font-family: arial, sans-serif;">Bye<br></span></div><div style="font-family: arial; font-size: 14px;"><span class="font" style="font-family: arial, sans-serif;"><br></span></div>