Bitmask client left iptables rule behind blocking internet access completly
I used bitmask 0.9.1 yesterday, used the vpn service with demo.bm, quitted and hibernated my laptop. today i found that bitmask doesn't run anymore (as expected), but it left iptables rules behind that completely blocked my internet access:
--- ~ » sudo iptables -nL 1 ↵ Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 10.5.5.0/24 ctstate RELATED,ESTABLISHED ACCEPT all -- 10.5.5.0/24 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable ACCEPT all -- 0.0.0.0/0 10.255.0.0/16 ctstate RELATED,ESTABLISHED ACCEPT all -- 10.255.0.0/16 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable DOCKER-ISOLATION all -- 0.0.0.0/0 0.0.0.0/0 DOCKER all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 192.168.121.0/24 ctstate RELATED,ESTABLISHED ACCEPT all -- 192.168.121.0/24 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) target prot opt source destination bitmask all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 Chain DOCKER (1 references) target prot opt source destination Chain DOCKER-ISOLATION (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain bitmask (1 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 192.168.11.0/24 ACCEPT udp -- 192.168.11.0/24 0.0.0.0/0 udp dpt:53 ACCEPT tcp -- 192.168.11.0/24 0.0.0.0/0 tcp dpt:53 RETURN udp -- 0.0.0.0/0 239.255.255.250 udp dpt:1900 RETURN udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ACCEPT all -- 0.0.0.0/0 46.165.242.169 ACCEPT all -- 0.0.0.0/0 198.252.153.84 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable --- ~ » ps aux|grep bitmask varac 10413 0.0 0.0 11016 2172 pts/2 S+ 07:24 0:00 grep --color=tty bitm --- ~ » ping ix.de |head -5 PING ix.de (193.99.144.80) 56(84) bytes of data. From rocinante (192.168.11.19) icmp_seq=1 Destination Port Unreachable From rocinante (192.168.11.19) icmp_seq=1 Destination Port Unreachable From rocinante (192.168.11.19) icmp_seq=1 Destination Port Unreachable From rocinante (192.168.11.19) icmp_seq=1 Destination Port Unreachable
is this a known issue that can happen under rare circumstances ? i remeber that i had this a while ago as well.
(from redmine: created on 2016-04-19)