From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-144212-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 971C4138296
	for <garchives@archives.gentoo.org>; Sat,  5 Jan 2013 03:27:40 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id D7AAD21C01F;
	Sat,  5 Jan 2013 03:27:24 +0000 (UTC)
Received: from mail-oa0-f44.google.com (mail-oa0-f44.google.com [209.85.219.44])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 2623421C004
	for <gentoo-user@lists.gentoo.org>; Sat,  5 Jan 2013 03:26:11 +0000 (UTC)
Received: by mail-oa0-f44.google.com with SMTP id n5so15761020oag.3
        for <gentoo-user@lists.gentoo.org>; Fri, 04 Jan 2013 19:26:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=ELSxx6j4XGjvCFdNDyrh17x4ze0XXb+JSGn1iuDJ+gk=;
        b=AOpl6rZBeh3gHAsdSLc7YFVtOmGDeUSlvT/yzx5YNGbrluGAcXUQlwRJU2Hv/NdXDP
         fVfl4q7H5fQmsaXl9xvSpi7H4qIcPIrDyZtxbNX1YT1geq+dPDkZIMAEEpoxc3cvBJOl
         m1n9GGww1RldjzF5J0FDUrDvX1RhCZFz9sshp0eJGZ2sAAtCjY8prrekE2r2ZKKhFjOn
         aj/WRMj3/zS0l3r03A3GoAdOo9QlZQbEtbpBfvJ0Iw61f67Gjm+aQsPClAtb0PGrz4jJ
         YBDLLceUeH7CKKUumzy5oWv3kB0HzEtaoFJpbFH0rTtvxx032u45qGdXcXlhr3yJq0bx
         rduA==
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.182.240.41 with SMTP id vx9mr35083387obc.10.1357356371222;
 Fri, 04 Jan 2013 19:26:11 -0800 (PST)
Received: by 10.76.20.243 with HTTP; Fri, 4 Jan 2013 19:26:10 -0800 (PST)
Received: by 10.76.20.243 with HTTP; Fri, 4 Jan 2013 19:26:10 -0800 (PST)
In-Reply-To: <20130105012949.GA17261@waltdnes.org>
References: <50DBA7D0.4060800@orlitzky.com>
	<87zk0zivjk.fsf@einstein.gmurray.org.uk>
	<20121227231150.GA9864@waltdnes.org>
	<50DCDEAF.9020002@orlitzky.com>
	<20121228035937.GA2949@waltdnes.org>
	<50DD370F.4070509@orlitzky.com>
	<20121231032150.GA2032@waltdnes.org>
	<50E509FA.3060204@orlitzky.com>
	<20130104201702.GA16813@waltdnes.org>
	<CA+czFiAfUwJUT0nvms5mM6eKmB-R3br0T27kgRGvy_1UVX0LmQ@mail.gmail.com>
	<20130105012949.GA17261@waltdnes.org>
Date: Fri, 4 Jan 2013 22:26:10 -0500
Message-ID: <CA+czFiCtRD-J9R22TxGr2ArzFUNxmPhY6-zuuR70STztEQW2XA@mail.gmail.com>
Subject: Re: [gentoo-user] IPTABLES syntax change?
From: Michael Mol <mikemol@gmail.com>
To: gentoo-user@lists.gentoo.org
Content-Type: multipart/alternative; boundary=14dae93b58e657205f04d2822883
X-Archives-Salt: e8581cb6-81a2-49ad-aca6-d200af774d1b
X-Archives-Hash: 4d233183c83c757a10d415a0c0137881

--14dae93b58e657205f04d2822883
Content-Type: text/plain; charset=UTF-8

On Jan 4, 2013 8:33 PM, "Walter Dnes" <waltdnes@waltdnes.org> wrote:
>
> On Fri, Jan 04, 2013 at 03:27:59PM -0500, Michael Mol wrote
> > On Fri, Jan 4, 2013 at 3:17 PM, Walter Dnes <waltdnes@waltdnes.org>
wrote:
> > >
> > >   The mere fact that you haven't manually typed in...
> > > http://www.facebook.com/blah_blah_blah does not mean you're not
> > > connecting to it.
> >
> > But all that's above layer 3, since it's an HTTP redirect, or a page
> > transclusion which necessitates a new GET request. Michael's point
> > stands.
>
>   And I want to make sure that new GET request is blocked coming and
> going.
>
> --
> Walter Dnes <waltdnes@waltdnes.org>
> I don't run "desktop environments"; I run useful applications
>

And it will, for the simple reason that outbound psckets are dropped, so
inbound packets are nevrr valid. That was Michael's point.

--14dae93b58e657205f04d2822883
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p><br>
On Jan 4, 2013 8:33 PM, &quot;Walter Dnes&quot; &lt;<a href=3D"mailto:waltd=
nes@waltdnes.org">waltdnes@waltdnes.org</a>&gt; wrote:<br>
&gt;<br>
&gt; On Fri, Jan 04, 2013 at 03:27:59PM -0500, Michael Mol wrote<br>
&gt; &gt; On Fri, Jan 4, 2013 at 3:17 PM, Walter Dnes &lt;<a href=3D"mailto=
:waltdnes@waltdnes.org">waltdnes@waltdnes.org</a>&gt; wrote:<br>
&gt; &gt; &gt;<br>
&gt; &gt; &gt; =C2=A0 The mere fact that you haven&#39;t manually typed in.=
..<br>
&gt; &gt; &gt; <a href=3D"http://www.facebook.com/blah_blah_blah">http://ww=
w.facebook.com/blah_blah_blah</a> does not mean you&#39;re not<br>
&gt; &gt; &gt; connecting to it.<br>
&gt; &gt;<br>
&gt; &gt; But all that&#39;s above layer 3, since it&#39;s an HTTP redirect=
, or a page<br>
&gt; &gt; transclusion which necessitates a new GET request. Michael&#39;s =
point<br>
&gt; &gt; stands.<br>
&gt;<br>
&gt; =C2=A0 And I want to make sure that new GET request is blocked coming =
and<br>
&gt; going.<br>
&gt;<br>
&gt; --<br>
&gt; Walter Dnes &lt;<a href=3D"mailto:waltdnes@waltdnes.org">waltdnes@walt=
dnes.org</a>&gt;<br>
&gt; I don&#39;t run &quot;desktop environments&quot;; I run useful applica=
tions<br>
&gt;</p>
<p>And it will, for the simple reason that outbound psckets are dropped, so=
 inbound packets are nevrr valid. That was Michael&#39;s point.</p>

--14dae93b58e657205f04d2822883--