Last active
August 29, 2015 14:05
-
-
Save patcon/8d45f4d809bed6f7bfc7 to your computer and use it in GitHub Desktop.
orWall bug. Firefox. `iptables --table filter`
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- iptable-vnL-no-auth.log 2014-08-24 01:00:43.964999966 -0300 | |
| +++ iptable-vnL-browser-auth.log 2014-08-24 01:00:50.708999638 -0300 | |
| @@ -1,7 +1,9 @@ | |
| -Chain INPUT (policy DROP 17 packets, 4512 bytes) | |
| +Chain INPUT (policy DROP 2 packets, 592 bytes) | |
| pkts bytes target prot opt in out source destination | |
| -13246 7849K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10058 ctstate NEW,RELATED,ESTABLISHED /* Allow Orbot inputs */ | |
| - 5400 6455K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED /* Allow related,established inputs */ | |
| +13624 8008K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10058 ctstate NEW,RELATED,ESTABLISHED /* Allow Orbot inputs */ | |
| + 5561 6567K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED /* Allow related,established inputs */ | |
| + 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10059 ctstate RELATED,ESTABLISHED udp spt:53 | |
| + 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate ESTABLISHED owner UID match 10059 | |
| Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | |
| pkts bytes target prot opt in out source destination | |
| @@ -10,15 +12,17 @@ | |
| 0 0 bw_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 natctrl_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| -Chain OUTPUT (policy DROP 99 packets, 5582 bytes) | |
| +Chain OUTPUT (policy DROP 26 packets, 1352 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 accounting_OUT tcp -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10058 tcp dpt:9030 /* Forward Directory traffic to accounting */ | |
| -11524 7545K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10058 ctstate NEW,RELATED,ESTABLISHED /* Allow Orbot outputs */ | |
| +11860 7698K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10058 ctstate NEW,RELATED,ESTABLISHED /* Allow Orbot outputs */ | |
| 35 2194 ACCEPT udp -- * * 0.0.0.0/0 127.0.0.1 owner UID match 0 ctstate NEW,RELATED,ESTABLISHED udp dpt:5400 /* Allow DNS queries */ | |
| 1043 78441 ACCEPT tcp -- * * 0.0.0.0/0 127.0.0.1 ctstate NEW,ESTABLISHED owner UID match 10055 tcp dpt:9040 /* Allow org.fdroid.fdroid through TransPort */ | |
| 674 80626 ACCEPT tcp -- * * 0.0.0.0/0 127.0.0.1 ctstate NEW,ESTABLISHED owner UID match 10019 tcp dpt:9040 /* Allow com.android.browser through TransPort */ | |
| 569 73973 ACCEPT tcp -- * * 0.0.0.0/0 127.0.0.1 ctstate NEW,ESTABLISHED owner UID match 10061 tcp dpt:9040 /* Allow org.tint through TransPort */ | |
| - 2230 203K ACCEPT tcp -- * * 0.0.0.0/0 127.0.0.1 ctstate NEW,ESTABLISHED owner UID match 10059 tcp dpt:9040 /* Allow org.mozilla.firefox through TransPort */ | |
| + 2394 228K ACCEPT tcp -- * * 0.0.0.0/0 127.0.0.1 ctstate NEW,ESTABLISHED owner UID match 10059 tcp dpt:9040 /* Allow org.mozilla.firefox through TransPort */ | |
| + 14 925 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10059 | |
| + 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10059 ctstate ESTABLISHED | |
| Chain accounting_IN (0 references) | |
| pkts bytes target prot opt in out source destination |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Chain INPUT (policy DROP 2 packets, 592 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 13624 8008K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10058 ctstate NEW,RELATED,ESTABLISHED /* Allow Orbot inputs */ | |
| 5561 6567K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED /* Allow related,established inputs */ | |
| 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10059 ctstate RELATED,ESTABLISHED udp spt:53 | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate ESTABLISHED owner UID match 10059 | |
| Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 oem_fwd all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 fw_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 bw_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 natctrl_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| Chain OUTPUT (policy DROP 26 packets, 1352 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 accounting_OUT tcp -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10058 tcp dpt:9030 /* Forward Directory traffic to accounting */ | |
| 11860 7698K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10058 ctstate NEW,RELATED,ESTABLISHED /* Allow Orbot outputs */ | |
| 35 2194 ACCEPT udp -- * * 0.0.0.0/0 127.0.0.1 owner UID match 0 ctstate NEW,RELATED,ESTABLISHED udp dpt:5400 /* Allow DNS queries */ | |
| 1043 78441 ACCEPT tcp -- * * 0.0.0.0/0 127.0.0.1 ctstate NEW,ESTABLISHED owner UID match 10055 tcp dpt:9040 /* Allow org.fdroid.fdroid through TransPort */ | |
| 674 80626 ACCEPT tcp -- * * 0.0.0.0/0 127.0.0.1 ctstate NEW,ESTABLISHED owner UID match 10019 tcp dpt:9040 /* Allow com.android.browser through TransPort */ | |
| 569 73973 ACCEPT tcp -- * * 0.0.0.0/0 127.0.0.1 ctstate NEW,ESTABLISHED owner UID match 10061 tcp dpt:9040 /* Allow org.tint through TransPort */ | |
| 2394 228K ACCEPT tcp -- * * 0.0.0.0/0 127.0.0.1 ctstate NEW,ESTABLISHED owner UID match 10059 tcp dpt:9040 /* Allow org.mozilla.firefox through TransPort */ | |
| 14 925 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10059 | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10059 ctstate ESTABLISHED | |
| Chain accounting_IN (0 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 bw_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| Chain accounting_OUT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 bw_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| Chain bw_FORWARD (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain bw_INPUT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 ! quota globalAlert: 2097152 bytes | |
| 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists | |
| Chain bw_OUTPUT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 ! quota globalAlert: 2097152 bytes | |
| 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists | |
| Chain bw_costly_shared (0 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 bw_penalty_box all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| Chain bw_happy_box (0 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain bw_penalty_box (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain fw_FORWARD (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain fw_INPUT (0 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain fw_OUTPUT (0 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain natctrl_FORWARD (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| Chain natctrl_tether_counters (0 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain oem_fwd (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain oem_out (0 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain witness (0 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Chain INPUT (policy DROP 17 packets, 4512 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 13246 7849K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10058 ctstate NEW,RELATED,ESTABLISHED /* Allow Orbot inputs */ | |
| 5400 6455K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED /* Allow related,established inputs */ | |
| Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 oem_fwd all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 fw_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 bw_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 natctrl_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| Chain OUTPUT (policy DROP 99 packets, 5582 bytes) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 accounting_OUT tcp -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10058 tcp dpt:9030 /* Forward Directory traffic to accounting */ | |
| 11524 7545K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 owner UID match 10058 ctstate NEW,RELATED,ESTABLISHED /* Allow Orbot outputs */ | |
| 35 2194 ACCEPT udp -- * * 0.0.0.0/0 127.0.0.1 owner UID match 0 ctstate NEW,RELATED,ESTABLISHED udp dpt:5400 /* Allow DNS queries */ | |
| 1043 78441 ACCEPT tcp -- * * 0.0.0.0/0 127.0.0.1 ctstate NEW,ESTABLISHED owner UID match 10055 tcp dpt:9040 /* Allow org.fdroid.fdroid through TransPort */ | |
| 674 80626 ACCEPT tcp -- * * 0.0.0.0/0 127.0.0.1 ctstate NEW,ESTABLISHED owner UID match 10019 tcp dpt:9040 /* Allow com.android.browser through TransPort */ | |
| 569 73973 ACCEPT tcp -- * * 0.0.0.0/0 127.0.0.1 ctstate NEW,ESTABLISHED owner UID match 10061 tcp dpt:9040 /* Allow org.tint through TransPort */ | |
| 2230 203K ACCEPT tcp -- * * 0.0.0.0/0 127.0.0.1 ctstate NEW,ESTABLISHED owner UID match 10059 tcp dpt:9040 /* Allow org.mozilla.firefox through TransPort */ | |
| Chain accounting_IN (0 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 bw_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| Chain accounting_OUT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 bw_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| Chain bw_FORWARD (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain bw_INPUT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 ! quota globalAlert: 2097152 bytes | |
| 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists | |
| Chain bw_OUTPUT (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 ! quota globalAlert: 2097152 bytes | |
| 0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists | |
| Chain bw_costly_shared (0 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 bw_penalty_box all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| Chain bw_happy_box (0 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain bw_penalty_box (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain fw_FORWARD (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain fw_INPUT (0 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain fw_OUTPUT (0 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain natctrl_FORWARD (1 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| Chain natctrl_tether_counters (0 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain oem_fwd (1 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain oem_out (0 references) | |
| pkts bytes target prot opt in out source destination | |
| Chain witness (0 references) | |
| pkts bytes target prot opt in out source destination | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 | |
| 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment