Cannot apt-get behind my iptables rulesapt-get not working with iptablesiptables rules to block ssh remote forwarded portsFsockOpen problem with Iptables inside OpenVZ VMHelp With IPTables: Traffic Forced To Specific NIC?A minmal iptables ruleset for a high volume Nginx reverse proxy (or: how to use NOTRACK for http and https)?use iptables to limit the number of concurrent http requests per ipiptables fails to load nf_conntrack_ftpiptables block port range with single port exceptionConfiguring iptables on dd-wrt routerFirewall rules for ssh, ftp and webappsCentos 7 , Master-slave replication iptables?

How does the Earth's center produce heat?

Make the `diff` command look only for differences from a specified range of lines

Coloring lines in a graph the same color if they are the same length

Why did Nick Fury not hesitate in blowing up the plane he thought was carrying a nuke?

Caught with my phone during an exam

Is there a word for pant sleeves?

Team member is vehemently against code formatting

What does it mean when みたいな is at the end of a sentence?

Passport queue length in UK in relation to arrival method

Is being an extrovert a necessary condition to be a manager?

Wifi light switch needs neutral wire. Why? AND Can that wire be a skinny one?

(For training purposes) Are there any openings with rook pawns that are more effective than others (and if so, what are they)?

What pc resources are used when bruteforcing?

What does it mean for something to be strictly less than epsilon for an arbitrary epsilon?

Existence of a model of ZFC in which the natural numbers are really the natural numbers

Are there any tips to help hummingbirds find a new feeder?

Can the Conjure Barrage spell stack with the Disarming Attack or Trip Attack Battle Master maneuvers?

What is the required burn to keep a satellite at a Lagrangian point?

Can diplomats be allowed on the flight deck of a commercial European airline?

How could the B-29 bomber back up under its own power?

Why is a weak base more able to deprotonate a strong acid than a weak acid?

Is it normal to "extract a paper" from a master thesis?

If a character has cast the Fly spell on themselves, can they "hand off" to the Levitate spell without interruption?

Efficient Algorithms for Destroyed Document Reconstruction



Cannot apt-get behind my iptables rules


apt-get not working with iptablesiptables rules to block ssh remote forwarded portsFsockOpen problem with Iptables inside OpenVZ VMHelp With IPTables: Traffic Forced To Specific NIC?A minmal iptables ruleset for a high volume Nginx reverse proxy (or: how to use NOTRACK for http and https)?use iptables to limit the number of concurrent http requests per ipiptables fails to load nf_conntrack_ftpiptables block port range with single port exceptionConfiguring iptables on dd-wrt routerFirewall rules for ssh, ftp and webappsCentos 7 , Master-slave replication iptables?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








1















I'm trying to configure a new server's iptable.
Here are my rules inside a firewall.sh script that I execute:



#!/bin/bash

# Ports recap:
# ---- web: 80, 443
# ---- mail: 25 (smtp), 465 (smtps), 143 (imap), 993 (imaps), 110 (pop), 995 (pops)
# ---- ssh: 22
# ---- ftp: 20


# Allowed tcp ports
ALLOWED_TCP="80 443 22 20 25 465 143 993 110 995"
ALLOWED_TCP="80 443 22"





# Flush the filter table from INPUT or OUTPUT
iptables -F


# Permit loopback interface traffic (because our host is not a router)
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT


# Drop invalid traffic (good idea since we use the connexion track module)
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP


# Allow icmp traffic (ping)
iptables -A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT



for port in $ALLOWED_TCP
do
 iptables -A INPUT -p tcp --dport $port -j ACCEPT
done


# Allow DNS traffic
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT


# Permit no more than 50 concurrent connections from the same ip address to our web server
iptables -A INPUT -p tcp -m multiport --dports 80,443 -m connlimit --connlimit-above 50 -j DROP


# Allow all outgoing valid traffic 
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


# Set the default policy to drop
iptables -P INPUT DROP
iptables -P OUTPUT DROP


The problem with those rules is that then when I try to do:



apt-get install iptables-persistent


And then confirm with Y, the download freezes. I've done some tests and I know that without those rules the apt-get command works just fine, so I know there is something wrong with my iptables rules, but I can't figure what.
Any idea?
(basically I have the same problem as apt-get not working with iptables)



UPDATE



I did a few tests, and this works (I removed the INPUT DROP policy at the end), however, I still don't get what in the INPUT is causing problems.



@Ryan Gibbons, yes my first ALLOWED_TCP line is just a template in case I want to activate more ports (only the second line is considered



#!/bin/bash

# Ports recap:
# ---- web: 80, 443
# ---- mail: 25 (smtp), 465 (smtps), 143 (imap), 993 (imaps), 110 (pop), 995 (pops)
# ---- ssh: 22
# ---- ftp: 20


# Allowed tcp ports
ALLOWED_TCP="80 443 22 20 25 465 143 993 110 995"
ALLOWED_TCP="80 443 22 53"





# Flush the filter table from INPUT or OUTPUT
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F


# Permit loopback interface traffic (because our host is not a router)
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT


# Drop invalid traffic (good idea since we use the connexion track module)
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP


# Allow icmp traffic (ping)
iptables -A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT



for port in $ALLOWED_TCP
do
 iptables -A INPUT -p tcp --dport $port -j ACCEPT
done




# Permit no more than 50 concurrent connections from the same ip address to our web server
iptables -A INPUT -p tcp -m multiport --dports 80,443 -m connlimit --connlimit-above 50 -j DROP


# Allow all outgoing valid traffic 
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


# Set the default policy to drop
#iptables -P INPUT DROP
iptables -P OUTPUT DROP





iptables







share|improve this question
























  • You also need to accept established / related incoming traffic using something like -A INPUT -m state -- state ESTABLISHED,RELATED -j ACCEPT

    – Lenniey
    May 8 at 14:16


















1















I'm trying to configure a new server's iptable.
Here are my rules inside a firewall.sh script that I execute:



#!/bin/bash

# Ports recap:
# ---- web: 80, 443
# ---- mail: 25 (smtp), 465 (smtps), 143 (imap), 993 (imaps), 110 (pop), 995 (pops)
# ---- ssh: 22
# ---- ftp: 20


# Allowed tcp ports
ALLOWED_TCP="80 443 22 20 25 465 143 993 110 995"
ALLOWED_TCP="80 443 22"





# Flush the filter table from INPUT or OUTPUT
iptables -F


# Permit loopback interface traffic (because our host is not a router)
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT


# Drop invalid traffic (good idea since we use the connexion track module)
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP


# Allow icmp traffic (ping)
iptables -A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT



for port in $ALLOWED_TCP
do
 iptables -A INPUT -p tcp --dport $port -j ACCEPT
done


# Allow DNS traffic
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT


# Permit no more than 50 concurrent connections from the same ip address to our web server
iptables -A INPUT -p tcp -m multiport --dports 80,443 -m connlimit --connlimit-above 50 -j DROP


# Allow all outgoing valid traffic 
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


# Set the default policy to drop
iptables -P INPUT DROP
iptables -P OUTPUT DROP


The problem with those rules is that then when I try to do:



apt-get install iptables-persistent


And then confirm with Y, the download freezes. I've done some tests and I know that without those rules the apt-get command works just fine, so I know there is something wrong with my iptables rules, but I can't figure what.
Any idea?
(basically I have the same problem as apt-get not working with iptables)



UPDATE



I did a few tests, and this works (I removed the INPUT DROP policy at the end), however, I still don't get what in the INPUT is causing problems.



@Ryan Gibbons, yes my first ALLOWED_TCP line is just a template in case I want to activate more ports (only the second line is considered



#!/bin/bash

# Ports recap:
# ---- web: 80, 443
# ---- mail: 25 (smtp), 465 (smtps), 143 (imap), 993 (imaps), 110 (pop), 995 (pops)
# ---- ssh: 22
# ---- ftp: 20


# Allowed tcp ports
ALLOWED_TCP="80 443 22 20 25 465 143 993 110 995"
ALLOWED_TCP="80 443 22 53"





# Flush the filter table from INPUT or OUTPUT
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F


# Permit loopback interface traffic (because our host is not a router)
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT


# Drop invalid traffic (good idea since we use the connexion track module)
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP


# Allow icmp traffic (ping)
iptables -A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT



for port in $ALLOWED_TCP
do
 iptables -A INPUT -p tcp --dport $port -j ACCEPT
done




# Permit no more than 50 concurrent connections from the same ip address to our web server
iptables -A INPUT -p tcp -m multiport --dports 80,443 -m connlimit --connlimit-above 50 -j DROP


# Allow all outgoing valid traffic 
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


# Set the default policy to drop
#iptables -P INPUT DROP
iptables -P OUTPUT DROP





iptables







share|improve this question
























  • You also need to accept established / related incoming traffic using something like -A INPUT -m state -- state ESTABLISHED,RELATED -j ACCEPT

    – Lenniey
    May 8 at 14:16














1












1








1








I'm trying to configure a new server's iptable.
Here are my rules inside a firewall.sh script that I execute:



#!/bin/bash

# Ports recap:
# ---- web: 80, 443
# ---- mail: 25 (smtp), 465 (smtps), 143 (imap), 993 (imaps), 110 (pop), 995 (pops)
# ---- ssh: 22
# ---- ftp: 20


# Allowed tcp ports
ALLOWED_TCP="80 443 22 20 25 465 143 993 110 995"
ALLOWED_TCP="80 443 22"





# Flush the filter table from INPUT or OUTPUT
iptables -F


# Permit loopback interface traffic (because our host is not a router)
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT


# Drop invalid traffic (good idea since we use the connexion track module)
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP


# Allow icmp traffic (ping)
iptables -A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT



for port in $ALLOWED_TCP
do
 iptables -A INPUT -p tcp --dport $port -j ACCEPT
done


# Allow DNS traffic
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT


# Permit no more than 50 concurrent connections from the same ip address to our web server
iptables -A INPUT -p tcp -m multiport --dports 80,443 -m connlimit --connlimit-above 50 -j DROP


# Allow all outgoing valid traffic 
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


# Set the default policy to drop
iptables -P INPUT DROP
iptables -P OUTPUT DROP


The problem with those rules is that then when I try to do:



apt-get install iptables-persistent


And then confirm with Y, the download freezes. I've done some tests and I know that without those rules the apt-get command works just fine, so I know there is something wrong with my iptables rules, but I can't figure what.
Any idea?
(basically I have the same problem as apt-get not working with iptables)



UPDATE



I did a few tests, and this works (I removed the INPUT DROP policy at the end), however, I still don't get what in the INPUT is causing problems.



@Ryan Gibbons, yes my first ALLOWED_TCP line is just a template in case I want to activate more ports (only the second line is considered



#!/bin/bash

# Ports recap:
# ---- web: 80, 443
# ---- mail: 25 (smtp), 465 (smtps), 143 (imap), 993 (imaps), 110 (pop), 995 (pops)
# ---- ssh: 22
# ---- ftp: 20


# Allowed tcp ports
ALLOWED_TCP="80 443 22 20 25 465 143 993 110 995"
ALLOWED_TCP="80 443 22 53"





# Flush the filter table from INPUT or OUTPUT
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F


# Permit loopback interface traffic (because our host is not a router)
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT


# Drop invalid traffic (good idea since we use the connexion track module)
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP


# Allow icmp traffic (ping)
iptables -A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT



for port in $ALLOWED_TCP
do
 iptables -A INPUT -p tcp --dport $port -j ACCEPT
done




# Permit no more than 50 concurrent connections from the same ip address to our web server
iptables -A INPUT -p tcp -m multiport --dports 80,443 -m connlimit --connlimit-above 50 -j DROP


# Allow all outgoing valid traffic 
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


# Set the default policy to drop
#iptables -P INPUT DROP
iptables -P OUTPUT DROP





iptables







share|improve this question
















I'm trying to configure a new server's iptable.
Here are my rules inside a firewall.sh script that I execute:



#!/bin/bash

# Ports recap:
# ---- web: 80, 443
# ---- mail: 25 (smtp), 465 (smtps), 143 (imap), 993 (imaps), 110 (pop), 995 (pops)
# ---- ssh: 22
# ---- ftp: 20


# Allowed tcp ports
ALLOWED_TCP="80 443 22 20 25 465 143 993 110 995"
ALLOWED_TCP="80 443 22"





# Flush the filter table from INPUT or OUTPUT
iptables -F


# Permit loopback interface traffic (because our host is not a router)
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT


# Drop invalid traffic (good idea since we use the connexion track module)
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP


# Allow icmp traffic (ping)
iptables -A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT



for port in $ALLOWED_TCP
do
 iptables -A INPUT -p tcp --dport $port -j ACCEPT
done


# Allow DNS traffic
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT


# Permit no more than 50 concurrent connections from the same ip address to our web server
iptables -A INPUT -p tcp -m multiport --dports 80,443 -m connlimit --connlimit-above 50 -j DROP


# Allow all outgoing valid traffic 
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


# Set the default policy to drop
iptables -P INPUT DROP
iptables -P OUTPUT DROP


The problem with those rules is that then when I try to do:



apt-get install iptables-persistent


And then confirm with Y, the download freezes. I've done some tests and I know that without those rules the apt-get command works just fine, so I know there is something wrong with my iptables rules, but I can't figure what.
Any idea?
(basically I have the same problem as apt-get not working with iptables)



UPDATE



I did a few tests, and this works (I removed the INPUT DROP policy at the end), however, I still don't get what in the INPUT is causing problems.



@Ryan Gibbons, yes my first ALLOWED_TCP line is just a template in case I want to activate more ports (only the second line is considered



#!/bin/bash

# Ports recap:
# ---- web: 80, 443
# ---- mail: 25 (smtp), 465 (smtps), 143 (imap), 993 (imaps), 110 (pop), 995 (pops)
# ---- ssh: 22
# ---- ftp: 20


# Allowed tcp ports
ALLOWED_TCP="80 443 22 20 25 465 143 993 110 995"
ALLOWED_TCP="80 443 22 53"





# Flush the filter table from INPUT or OUTPUT
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F


# Permit loopback interface traffic (because our host is not a router)
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT


# Drop invalid traffic (good idea since we use the connexion track module)
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP


# Allow icmp traffic (ping)
iptables -A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT



for port in $ALLOWED_TCP
do
 iptables -A INPUT -p tcp --dport $port -j ACCEPT
done




# Permit no more than 50 concurrent connections from the same ip address to our web server
iptables -A INPUT -p tcp -m multiport --dports 80,443 -m connlimit --connlimit-above 50 -j DROP


# Allow all outgoing valid traffic 
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


# Set the default policy to drop
#iptables -P INPUT DROP
iptables -P OUTPUT DROP





iptables




iptables






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited May 8 at 14:07







ling

















asked May 8 at 13:10









lingling

1731111




1731111












  • You also need to accept established / related incoming traffic using something like -A INPUT -m state -- state ESTABLISHED,RELATED -j ACCEPT

    – Lenniey
    May 8 at 14:16


















  • You also need to accept established / related incoming traffic using something like -A INPUT -m state -- state ESTABLISHED,RELATED -j ACCEPT

    – Lenniey
    May 8 at 14:16

















You also need to accept established / related incoming traffic using something like -A INPUT -m state -- state ESTABLISHED,RELATED -j ACCEPT

– Lenniey
May 8 at 14:16






You also need to accept established / related incoming traffic using something like -A INPUT -m state -- state ESTABLISHED,RELATED -j ACCEPT

– Lenniey
May 8 at 14:16











2 Answers
2






active

oldest

votes


















2














First off, ALLOWED_TCP block is only going to be 80 443 and 22 as it's over riding the first definition.



# Allowed tcp ports
ALLOWED_TCP="80 443 22 20 25 465 143 993 110 995"
ALLOWED_TCP="80 443 22"


Next you only use these in allowing on the INPUT, meaning incoming to the server 



for port in $ALLOWED_TCP
do
 iptables -A INPUT -p tcp --dport $port -j ACCEPT
done


Then you never define what's allowed out from the server in OUTPUT besides DNS and related traffic,



iptables -A OUTPUT -p udp --dport 53 -j ACCEPT


and



iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


Then set default policy to drop outbound



iptables -P OUTPUT DROP



It might be as simple as in your for loop to add another line for adding those ALLOWED_TCP to OUTPUT while keeping your outbound filtering.






share|improve this answer






























    0














    Actually I had a typo, the only error I had was using tcp for DNS (instead of udp).



    So this script below will work just fine (and for those interested, I learned that syntax here: https://www.udemy.com/linux-security-the-complete-iptables-firewall-guide/):



    @Ryan Gibbons, yes my first ALLOWED_TCP line is just a template in case I want to activate more ports (only the second line is considered)



    UPDATE: fix typo
    UPDATE2: fixed problem with apt install fail2ban



    #!/bin/bash

    # Ports recap:
    # ---- web: 80, 443
    # ---- mail: 25 (smtp), 465 (smtps), 143 (imap), 993 (imaps), 110 (pop), 995 (pops)
    # ---- ssh: 22
    # ---- ftp: 20


    # Allowed tcp ports
    ALLOWED_TCP="80 443 22 20 25 465 143 993 110 995"
    ALLOWED_TCP="80 443 22"





    # Flush the filter table from INPUT or OUTPUT
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -F


    # Permit loopback interface traffic (because our host is not a router)
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o lo -j ACCEPT


    # Drop invalid traffic (good idea since we use the connexion track module)
    iptables -A INPUT -m state --state INVALID -j DROP
    iptables -A OUTPUT -m state --state INVALID -j DROP


    # Allow icmp traffic (ping)
    iptables -A INPUT -p icmp -j ACCEPT
    iptables -A OUTPUT -p icmp -j ACCEPT



    for port in $ALLOWED_TCP
    do
     iptables -A INPUT -p tcp --dport $port -j ACCEPT
    done



    # https://ubuntuforums.org/showthread.php?t=1441483
    # DNS
    iptables -A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
    iptables -A INPUT -p udp -m udp --sport 53 -j ACCEPT

    # apt-get
    iptables -A INPUT -p tcp --sport 80 -j ACCEPT




    # Permit no more than 50 concurrent connections from the same ip address to our web server
    iptables -A INPUT -p tcp -m multiport --dports 80,443 -m connlimit --connlimit-above 50 -j DROP


    # Allow all outgoing valid traffic 
    iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


    # Set the default policy to drop
    iptables -P INPUT DROP
    iptables -P OUTPUT DROP





    share|improve this answer

























    • This will only work for HTTP traffic, no HTTPS or anything else. And why do you set the default policy two times?

      – Lenniey
      May 8 at 14:17












    • So that I can execute the script many times without being blocked outside the server (I did a few tests, and I blocked myself a couple of times, so I figured that since the script is only called once on every reboot, it doesn't matter if I "spend" two more lines defining a policy that I override later in the same script). In other words, as soon as I execute the script for the second time, the policy is still set on DROP, and I get blocked out, whereas with those two first lines, the policy is forced to ACCEPT before and so the rest of the script can continue.

      – ling
      May 8 at 14:28











    • 443 is actually https, so it would cover http, https and ssh (but yes, nothing else, but that's just a configurable template...).

      – ling
      May 8 at 14:29











    • I meant your added # apt-get iptables -A INPUT -p tcp --sport 80 -j ACCEPT line from before your edit...

      – Lenniey
      May 8 at 14:34











    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "2"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f966383%2fcannot-apt-get-behind-my-iptables-rules%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    2














    First off, ALLOWED_TCP block is only going to be 80 443 and 22 as it's over riding the first definition.



    # Allowed tcp ports
    ALLOWED_TCP="80 443 22 20 25 465 143 993 110 995"
    ALLOWED_TCP="80 443 22"


    Next you only use these in allowing on the INPUT, meaning incoming to the server 



    for port in $ALLOWED_TCP
    do
     iptables -A INPUT -p tcp --dport $port -j ACCEPT
    done


    Then you never define what's allowed out from the server in OUTPUT besides DNS and related traffic,



    iptables -A OUTPUT -p udp --dport 53 -j ACCEPT


    and



    iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


    Then set default policy to drop outbound



    iptables -P OUTPUT DROP



    It might be as simple as in your for loop to add another line for adding those ALLOWED_TCP to OUTPUT while keeping your outbound filtering.






    share|improve this answer



























      2














      First off, ALLOWED_TCP block is only going to be 80 443 and 22 as it's over riding the first definition.



      # Allowed tcp ports
      ALLOWED_TCP="80 443 22 20 25 465 143 993 110 995"
      ALLOWED_TCP="80 443 22"


      Next you only use these in allowing on the INPUT, meaning incoming to the server 



      for port in $ALLOWED_TCP
      do
       iptables -A INPUT -p tcp --dport $port -j ACCEPT
      done


      Then you never define what's allowed out from the server in OUTPUT besides DNS and related traffic,



      iptables -A OUTPUT -p udp --dport 53 -j ACCEPT


      and



      iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


      Then set default policy to drop outbound



      iptables -P OUTPUT DROP



      It might be as simple as in your for loop to add another line for adding those ALLOWED_TCP to OUTPUT while keeping your outbound filtering.






      share|improve this answer

























        2












        2








        2







        First off, ALLOWED_TCP block is only going to be 80 443 and 22 as it's over riding the first definition.



        # Allowed tcp ports
        ALLOWED_TCP="80 443 22 20 25 465 143 993 110 995"
        ALLOWED_TCP="80 443 22"


        Next you only use these in allowing on the INPUT, meaning incoming to the server 



        for port in $ALLOWED_TCP
        do
         iptables -A INPUT -p tcp --dport $port -j ACCEPT
        done


        Then you never define what's allowed out from the server in OUTPUT besides DNS and related traffic,



        iptables -A OUTPUT -p udp --dport 53 -j ACCEPT


        and



        iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


        Then set default policy to drop outbound



        iptables -P OUTPUT DROP



        It might be as simple as in your for loop to add another line for adding those ALLOWED_TCP to OUTPUT while keeping your outbound filtering.






        share|improve this answer













        First off, ALLOWED_TCP block is only going to be 80 443 and 22 as it's over riding the first definition.



        # Allowed tcp ports
        ALLOWED_TCP="80 443 22 20 25 465 143 993 110 995"
        ALLOWED_TCP="80 443 22"


        Next you only use these in allowing on the INPUT, meaning incoming to the server 



        for port in $ALLOWED_TCP
        do
         iptables -A INPUT -p tcp --dport $port -j ACCEPT
        done


        Then you never define what's allowed out from the server in OUTPUT besides DNS and related traffic,



        iptables -A OUTPUT -p udp --dport 53 -j ACCEPT


        and



        iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


        Then set default policy to drop outbound



        iptables -P OUTPUT DROP



        It might be as simple as in your for loop to add another line for adding those ALLOWED_TCP to OUTPUT while keeping your outbound filtering.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered May 8 at 13:17









        Ryan GibbonsRyan Gibbons

        988920




        988920























            0














            Actually I had a typo, the only error I had was using tcp for DNS (instead of udp).



            So this script below will work just fine (and for those interested, I learned that syntax here: https://www.udemy.com/linux-security-the-complete-iptables-firewall-guide/):



            @Ryan Gibbons, yes my first ALLOWED_TCP line is just a template in case I want to activate more ports (only the second line is considered)



            UPDATE: fix typo
            UPDATE2: fixed problem with apt install fail2ban



            #!/bin/bash

            # Ports recap:
            # ---- web: 80, 443
            # ---- mail: 25 (smtp), 465 (smtps), 143 (imap), 993 (imaps), 110 (pop), 995 (pops)
            # ---- ssh: 22
            # ---- ftp: 20


            # Allowed tcp ports
            ALLOWED_TCP="80 443 22 20 25 465 143 993 110 995"
            ALLOWED_TCP="80 443 22"





            # Flush the filter table from INPUT or OUTPUT
            iptables -P INPUT ACCEPT
            iptables -P OUTPUT ACCEPT
            iptables -F


            # Permit loopback interface traffic (because our host is not a router)
            iptables -A INPUT -i lo -j ACCEPT
            iptables -A OUTPUT -o lo -j ACCEPT


            # Drop invalid traffic (good idea since we use the connexion track module)
            iptables -A INPUT -m state --state INVALID -j DROP
            iptables -A OUTPUT -m state --state INVALID -j DROP


            # Allow icmp traffic (ping)
            iptables -A INPUT -p icmp -j ACCEPT
            iptables -A OUTPUT -p icmp -j ACCEPT



            for port in $ALLOWED_TCP
            do
             iptables -A INPUT -p tcp --dport $port -j ACCEPT
            done



            # https://ubuntuforums.org/showthread.php?t=1441483
            # DNS
            iptables -A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
            iptables -A INPUT -p udp -m udp --sport 53 -j ACCEPT

            # apt-get
            iptables -A INPUT -p tcp --sport 80 -j ACCEPT




            # Permit no more than 50 concurrent connections from the same ip address to our web server
            iptables -A INPUT -p tcp -m multiport --dports 80,443 -m connlimit --connlimit-above 50 -j DROP


            # Allow all outgoing valid traffic 
            iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


            # Set the default policy to drop
            iptables -P INPUT DROP
            iptables -P OUTPUT DROP





            share|improve this answer

























            • This will only work for HTTP traffic, no HTTPS or anything else. And why do you set the default policy two times?

              – Lenniey
              May 8 at 14:17












            • So that I can execute the script many times without being blocked outside the server (I did a few tests, and I blocked myself a couple of times, so I figured that since the script is only called once on every reboot, it doesn't matter if I "spend" two more lines defining a policy that I override later in the same script). In other words, as soon as I execute the script for the second time, the policy is still set on DROP, and I get blocked out, whereas with those two first lines, the policy is forced to ACCEPT before and so the rest of the script can continue.

              – ling
              May 8 at 14:28











            • 443 is actually https, so it would cover http, https and ssh (but yes, nothing else, but that's just a configurable template...).

              – ling
              May 8 at 14:29











            • I meant your added # apt-get iptables -A INPUT -p tcp --sport 80 -j ACCEPT line from before your edit...

              – Lenniey
              May 8 at 14:34















            0














            Actually I had a typo, the only error I had was using tcp for DNS (instead of udp).



            So this script below will work just fine (and for those interested, I learned that syntax here: https://www.udemy.com/linux-security-the-complete-iptables-firewall-guide/):



            @Ryan Gibbons, yes my first ALLOWED_TCP line is just a template in case I want to activate more ports (only the second line is considered)



            UPDATE: fix typo
            UPDATE2: fixed problem with apt install fail2ban



            #!/bin/bash

            # Ports recap:
            # ---- web: 80, 443
            # ---- mail: 25 (smtp), 465 (smtps), 143 (imap), 993 (imaps), 110 (pop), 995 (pops)
            # ---- ssh: 22
            # ---- ftp: 20


            # Allowed tcp ports
            ALLOWED_TCP="80 443 22 20 25 465 143 993 110 995"
            ALLOWED_TCP="80 443 22"





            # Flush the filter table from INPUT or OUTPUT
            iptables -P INPUT ACCEPT
            iptables -P OUTPUT ACCEPT
            iptables -F


            # Permit loopback interface traffic (because our host is not a router)
            iptables -A INPUT -i lo -j ACCEPT
            iptables -A OUTPUT -o lo -j ACCEPT


            # Drop invalid traffic (good idea since we use the connexion track module)
            iptables -A INPUT -m state --state INVALID -j DROP
            iptables -A OUTPUT -m state --state INVALID -j DROP


            # Allow icmp traffic (ping)
            iptables -A INPUT -p icmp -j ACCEPT
            iptables -A OUTPUT -p icmp -j ACCEPT



            for port in $ALLOWED_TCP
            do
             iptables -A INPUT -p tcp --dport $port -j ACCEPT
            done



            # https://ubuntuforums.org/showthread.php?t=1441483
            # DNS
            iptables -A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
            iptables -A INPUT -p udp -m udp --sport 53 -j ACCEPT

            # apt-get
            iptables -A INPUT -p tcp --sport 80 -j ACCEPT




            # Permit no more than 50 concurrent connections from the same ip address to our web server
            iptables -A INPUT -p tcp -m multiport --dports 80,443 -m connlimit --connlimit-above 50 -j DROP


            # Allow all outgoing valid traffic 
            iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


            # Set the default policy to drop
            iptables -P INPUT DROP
            iptables -P OUTPUT DROP





            share|improve this answer

























            • This will only work for HTTP traffic, no HTTPS or anything else. And why do you set the default policy two times?

              – Lenniey
              May 8 at 14:17












            • So that I can execute the script many times without being blocked outside the server (I did a few tests, and I blocked myself a couple of times, so I figured that since the script is only called once on every reboot, it doesn't matter if I "spend" two more lines defining a policy that I override later in the same script). In other words, as soon as I execute the script for the second time, the policy is still set on DROP, and I get blocked out, whereas with those two first lines, the policy is forced to ACCEPT before and so the rest of the script can continue.

              – ling
              May 8 at 14:28











            • 443 is actually https, so it would cover http, https and ssh (but yes, nothing else, but that's just a configurable template...).

              – ling
              May 8 at 14:29











            • I meant your added # apt-get iptables -A INPUT -p tcp --sport 80 -j ACCEPT line from before your edit...

              – Lenniey
              May 8 at 14:34













            0












            0








            0







            Actually I had a typo, the only error I had was using tcp for DNS (instead of udp).



            So this script below will work just fine (and for those interested, I learned that syntax here: https://www.udemy.com/linux-security-the-complete-iptables-firewall-guide/):



            @Ryan Gibbons, yes my first ALLOWED_TCP line is just a template in case I want to activate more ports (only the second line is considered)



            UPDATE: fix typo
            UPDATE2: fixed problem with apt install fail2ban



            #!/bin/bash

            # Ports recap:
            # ---- web: 80, 443
            # ---- mail: 25 (smtp), 465 (smtps), 143 (imap), 993 (imaps), 110 (pop), 995 (pops)
            # ---- ssh: 22
            # ---- ftp: 20


            # Allowed tcp ports
            ALLOWED_TCP="80 443 22 20 25 465 143 993 110 995"
            ALLOWED_TCP="80 443 22"





            # Flush the filter table from INPUT or OUTPUT
            iptables -P INPUT ACCEPT
            iptables -P OUTPUT ACCEPT
            iptables -F


            # Permit loopback interface traffic (because our host is not a router)
            iptables -A INPUT -i lo -j ACCEPT
            iptables -A OUTPUT -o lo -j ACCEPT


            # Drop invalid traffic (good idea since we use the connexion track module)
            iptables -A INPUT -m state --state INVALID -j DROP
            iptables -A OUTPUT -m state --state INVALID -j DROP


            # Allow icmp traffic (ping)
            iptables -A INPUT -p icmp -j ACCEPT
            iptables -A OUTPUT -p icmp -j ACCEPT



            for port in $ALLOWED_TCP
            do
             iptables -A INPUT -p tcp --dport $port -j ACCEPT
            done



            # https://ubuntuforums.org/showthread.php?t=1441483
            # DNS
            iptables -A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
            iptables -A INPUT -p udp -m udp --sport 53 -j ACCEPT

            # apt-get
            iptables -A INPUT -p tcp --sport 80 -j ACCEPT




            # Permit no more than 50 concurrent connections from the same ip address to our web server
            iptables -A INPUT -p tcp -m multiport --dports 80,443 -m connlimit --connlimit-above 50 -j DROP


            # Allow all outgoing valid traffic 
            iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


            # Set the default policy to drop
            iptables -P INPUT DROP
            iptables -P OUTPUT DROP





            share|improve this answer















            Actually I had a typo, the only error I had was using tcp for DNS (instead of udp).



            So this script below will work just fine (and for those interested, I learned that syntax here: https://www.udemy.com/linux-security-the-complete-iptables-firewall-guide/):



            @Ryan Gibbons, yes my first ALLOWED_TCP line is just a template in case I want to activate more ports (only the second line is considered)



            UPDATE: fix typo
            UPDATE2: fixed problem with apt install fail2ban



            #!/bin/bash

            # Ports recap:
            # ---- web: 80, 443
            # ---- mail: 25 (smtp), 465 (smtps), 143 (imap), 993 (imaps), 110 (pop), 995 (pops)
            # ---- ssh: 22
            # ---- ftp: 20


            # Allowed tcp ports
            ALLOWED_TCP="80 443 22 20 25 465 143 993 110 995"
            ALLOWED_TCP="80 443 22"





            # Flush the filter table from INPUT or OUTPUT
            iptables -P INPUT ACCEPT
            iptables -P OUTPUT ACCEPT
            iptables -F


            # Permit loopback interface traffic (because our host is not a router)
            iptables -A INPUT -i lo -j ACCEPT
            iptables -A OUTPUT -o lo -j ACCEPT


            # Drop invalid traffic (good idea since we use the connexion track module)
            iptables -A INPUT -m state --state INVALID -j DROP
            iptables -A OUTPUT -m state --state INVALID -j DROP


            # Allow icmp traffic (ping)
            iptables -A INPUT -p icmp -j ACCEPT
            iptables -A OUTPUT -p icmp -j ACCEPT



            for port in $ALLOWED_TCP
            do
             iptables -A INPUT -p tcp --dport $port -j ACCEPT
            done



            # https://ubuntuforums.org/showthread.php?t=1441483
            # DNS
            iptables -A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
            iptables -A INPUT -p udp -m udp --sport 53 -j ACCEPT

            # apt-get
            iptables -A INPUT -p tcp --sport 80 -j ACCEPT




            # Permit no more than 50 concurrent connections from the same ip address to our web server
            iptables -A INPUT -p tcp -m multiport --dports 80,443 -m connlimit --connlimit-above 50 -j DROP


            # Allow all outgoing valid traffic 
            iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


            # Set the default policy to drop
            iptables -P INPUT DROP
            iptables -P OUTPUT DROP






            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited May 8 at 15:05

























            answered May 8 at 14:15









            lingling

            1731111




            1731111












            • This will only work for HTTP traffic, no HTTPS or anything else. And why do you set the default policy two times?

              – Lenniey
              May 8 at 14:17












            • So that I can execute the script many times without being blocked outside the server (I did a few tests, and I blocked myself a couple of times, so I figured that since the script is only called once on every reboot, it doesn't matter if I "spend" two more lines defining a policy that I override later in the same script). In other words, as soon as I execute the script for the second time, the policy is still set on DROP, and I get blocked out, whereas with those two first lines, the policy is forced to ACCEPT before and so the rest of the script can continue.

              – ling
              May 8 at 14:28











            • 443 is actually https, so it would cover http, https and ssh (but yes, nothing else, but that's just a configurable template...).

              – ling
              May 8 at 14:29











            • I meant your added # apt-get iptables -A INPUT -p tcp --sport 80 -j ACCEPT line from before your edit...

              – Lenniey
              May 8 at 14:34

















            • This will only work for HTTP traffic, no HTTPS or anything else. And why do you set the default policy two times?

              – Lenniey
              May 8 at 14:17












            • So that I can execute the script many times without being blocked outside the server (I did a few tests, and I blocked myself a couple of times, so I figured that since the script is only called once on every reboot, it doesn't matter if I "spend" two more lines defining a policy that I override later in the same script). In other words, as soon as I execute the script for the second time, the policy is still set on DROP, and I get blocked out, whereas with those two first lines, the policy is forced to ACCEPT before and so the rest of the script can continue.

              – ling
              May 8 at 14:28











            • 443 is actually https, so it would cover http, https and ssh (but yes, nothing else, but that's just a configurable template...).

              – ling
              May 8 at 14:29











            • I meant your added # apt-get iptables -A INPUT -p tcp --sport 80 -j ACCEPT line from before your edit...

              – Lenniey
              May 8 at 14:34
















            This will only work for HTTP traffic, no HTTPS or anything else. And why do you set the default policy two times?

            – Lenniey
            May 8 at 14:17






            This will only work for HTTP traffic, no HTTPS or anything else. And why do you set the default policy two times?

            – Lenniey
            May 8 at 14:17














            So that I can execute the script many times without being blocked outside the server (I did a few tests, and I blocked myself a couple of times, so I figured that since the script is only called once on every reboot, it doesn't matter if I "spend" two more lines defining a policy that I override later in the same script). In other words, as soon as I execute the script for the second time, the policy is still set on DROP, and I get blocked out, whereas with those two first lines, the policy is forced to ACCEPT before and so the rest of the script can continue.

            – ling
            May 8 at 14:28





            So that I can execute the script many times without being blocked outside the server (I did a few tests, and I blocked myself a couple of times, so I figured that since the script is only called once on every reboot, it doesn't matter if I "spend" two more lines defining a policy that I override later in the same script). In other words, as soon as I execute the script for the second time, the policy is still set on DROP, and I get blocked out, whereas with those two first lines, the policy is forced to ACCEPT before and so the rest of the script can continue.

            – ling
            May 8 at 14:28













            443 is actually https, so it would cover http, https and ssh (but yes, nothing else, but that's just a configurable template...).

            – ling
            May 8 at 14:29





            443 is actually https, so it would cover http, https and ssh (but yes, nothing else, but that's just a configurable template...).

            – ling
            May 8 at 14:29













            I meant your added # apt-get iptables -A INPUT -p tcp --sport 80 -j ACCEPT line from before your edit...

            – Lenniey
            May 8 at 14:34





            I meant your added # apt-get iptables -A INPUT -p tcp --sport 80 -j ACCEPT line from before your edit...

            – Lenniey
            May 8 at 14:34

















            draft saved

            draft discarded
















































            Thanks for contributing an answer to Server Fault!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f966383%2fcannot-apt-get-behind-my-iptables-rules%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Wikipedia:Vital articles Мазмуну Biography - Өмүр баян Philosophy and psychology - Философия жана психология Religion - Дин Social sciences - Коомдук илимдер Language and literature - Тил жана адабият Science - Илим Technology - Технология Arts and recreation - Искусство жана эс алуу History and geography - Тарых жана география Навигация менюсу

            Image
            centralized watchlist Wikipedia:Vital articles Wikipedia дан Jump to navigation Jump to search This is a list of basic subjects for which Wikipedia should have a corresponding high-quality article, and ideally a featured article. It also serves as a centralized watchlist and tracks the status of some of Wikipedia's most essential articles. Ideally this page should list approximately 1,000 of the most vital Wikipedia articles. Мазмуну 1 Biography - Өмүр баян 1.1 Actors, dancers and models - Актёрлор, бийчилер жана моделдер 1.2 Artists and architects - Сүрөтчүлөр жана архитекторлор 1.3 Authors, playwrights and poets - Жазуучулар, драматургдар жана акындар 1.4 Composers and musicians - Композиторлор жана музыканттар 1.5 Explorers and travelers - Изилдөөчүлөр менен саякатчылар 1.6 Film directors and screenwriters - Режиссёрлор жана сценаристтер 1.7 Inventors, scientists and mathematicians - Ойлоп табуучулар, окумуштуулар жана математиктер
            Read more

            Bruxelas-Capital Índice Historia | Composición | Situación lingüística | Clima | Cidades irmandadas | Notas | Véxase tamén | Menú de navegacióneO uso das linguas en Bruxelas e a situación do neerlandés"Rexión de Bruxelas Capital"o orixinalSitio da rexiónPáxina de Bruselas no sitio da Oficina de Promoción Turística de Valonia e BruxelasMapa Interactivo da Rexión de Bruxelas-CapitaleeWorldCat332144929079854441105155190212ID28008674080552-90000 0001 0666 3698n94104302ID540940339365017018237

            Image
            AnderlechtCidade de BruxelasIxellesEtterbeekEvereGanshorenJetteKoekelbergAuderghemSchaerbeekBerchem-Sainte-AgatheSaint-GillesMolenbeek-Saint-JeanSaint-Josse-ten-NoodeWoluwe-Saint-LambertWoluwe-Saint-PierreUccleForestWatermaal-Bosvoorde Comunidade Francesa de Bélxica Comunidade Flamenga de Bélxica Comunidade Xermanófona de Bélxica Bruxelas-CapitalRexións de Bélxica francésneerlandésRexiónsBélxicacomunidade francesacomunidade flamengafrancófonaflamengaUnión EuropeaMagrebMarrocosTurquíaAméricaÁfricaRepública Democrática do CongoEuropa central18 de xuño1989FlandresRexión Valoaflamengaséculo XIXClasificación climática de Köppen Bruxelas-Capital Na Galipedia, a Wikipedia en galego. Saltar ata a navegación Saltar á procura Para outras páxinas con títulos homónimos véxase: Bruxelas . Région de Bruxelles-Capitale Brussels Hoofdstedelijk Gewest Bandeira Estado Bélxica Capital Cidade de Bruxelas  • Poboación n/d Lingua oficial As dúas Superficie  • Total 1
            Read more

            What should I write in an apology letter, since I have decided not to join a company after accepting an offer letterShould I keep looking after accepting a job offer?What should I do when I've been verbally told I would get an offer letter, but still haven't gotten one after 4 weeks?Do I accept an offer from a company that I am not likely to join?New job hasn't confirmed starting date and I want to give current employer as much notice as possibleHow should I address my manager in my resignation letter?HR delayed background verification, now jobless as resignedNo email communication after accepting a formal written offer. How should I phrase the call?What should I do if after receiving a verbal offer letter I am informed that my written job offer is put on hold due to some internal issues?Should I inform the current employer that I am about to resign within 1-2 weeks since I have signed the offer letter and waiting for visa?What company will do, if I send their offer letter to another company

            Image
            When is the original BFGS algorithm still better than the Limited-Memory version? How well known and how commonly used was Huffman coding in 1979? Inverse-quotes-quine Can the US president have someone sent to jail? Employer wants to use my work email account after I quit, is this legal under German law? Is this a GDPR waiver? Do French speakers not use the subjunctive informally? Low-gravity Bronze Age fortifications Does ultrasonic bath cleaning damage laboratory volumetric glassware calibration? Why do some games show lights shine through walls? Unusual mail headers, evidence of an attempted attack. Have I been pwned? Smooth Julia set for quadratic polynomials Require advice on power conservation for backpacking trip Dimensions of list used in test C-152 carb heat on before landing in hot weather? Is my Rep in Stack-Exchange Form? What happens when your group is victim of a surprise attack but you can't be surprised? How come I was asked by a CBP
            Read more