My system uses iptables firewall to block users directly accessing port 80,443. Instead the outbound connections for standard users are forced through privoxy proxy on 8118 and only privoxy can then access web on 80, 443 (the rules also allow established, related inbound packets).
In my logs I keep seeing dropped outbound UDP packets to openDNS block IP destination to destination port 80. What is the purpose of these packets? (I should mention that openDNS is otherwise working just fine and has the usual DNS port access etc and I can view the blocked page if go to banned domain). I'm just curious as to what these outbound UDP packets are on port 80 to the block site?
I could understand traffic to the block site on port 80 from requests privoxy makes to the block site when a blocked domain is attempted to be accessed, and I'm sure these type of requests are getting through. But given these other UDP packets are getting dropped, it suggests that it's not user's web access through privoxy that is initiating them...so what are they?
Please sign in to leave a comment.