why u don't accept remix of security for linux ?
I told you this upgraded rule is for paranoid linux user to use only http and https, cups, dnsand 8080 if anyone smart can configure port how s/he...
Anyway if anyone think bout this shown upgraded iptables and security how is not need to be then, feel free to remove
Your is fine, OK. You start discussion for rule, i show only upgraded rule.... Nothing else.....
And your rule is only --sport without --dport $IPT -A INPUT -p tcp -m tcp --sport 1:65535 --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j drop_invalid
Ok let's show your rule " Fragment scan only works with TCP, ICMP Timestamp or ICMP Mask (mtu=8) ping types or ACK, FIN, Maimon, NULL, SYN,...
Trust me use only iptables with your original rule without my reconfiguration, in your port 1900 uPnP is open for road also another port i test to...
I use more time just, default deny firewall without helped lock port and in netstat -a i found two address nsa.http listen and established, also...
In about:config 'media.peerconnection.enable' is good thing because 'WebRTC detection' is not posible, no script and httpeverywhere, firejail and...
You can be Custom user with sudo also and etc/firejail work for usermos --shell
Ok you say that, but please watch on youtube about backdoor port, bypass, etc. blackhat #CONF
Also for people who know how to enter in ip address around any port default allow and default deny is not helper, that why i use ufw default deny...
After reboot that settings is off ? For me is always On
First i want thank you, for your rule.... I add that command because much of encrypted backdoor can surf on any port. Why not 'locked port' if...
why you don't try usermod --shell /usr/bin/firejail yourusername then restart computer, laptop. And then open terminal you can se alot...
First things in any linux, ubuntu, mate, etc is ufw. In my way i' use GUFW before internet connection, enable gufw and outgoing and incoming...
Separate names with a comma.