understanding LF_BLOCKINONLY behavior
Posted: 16 Dec 2014, 07:30
In theory if LF_BLOCKINONLY is set to 1, shouldn't the server be able to make outgoing http requests to another ip listed in csf.deny?
Because it cannot.
If 1.2.3.4 is listed in csf.deny and LF_BLOCKINONLY is set to 1, a wget to 1.2.3.4 will fail (where 1.2.3.4 is just an example obviously)
Or does the iptables rules created only allow the connection to function in one direction, so the http connection is received but data never comes back?
Because it cannot.
If 1.2.3.4 is listed in csf.deny and LF_BLOCKINONLY is set to 1, a wget to 1.2.3.4 will fail (where 1.2.3.4 is just an example obviously)
Or does the iptables rules created only allow the connection to function in one direction, so the http connection is received but data never comes back?
