Skip to content
Blame History Permalink
  • Kali Kaneko's avatar
    [feat] allow to define explicitely allowed private address · 45939be0
    Kali Kaneko authored 
    By default, bitmask-root allows traffic to devices in local networks.

However, this behavior depends on it correctly identifying the local
network of the default route, and it can fail on more complex network
setups (one common failure mode is when one of the ifaces gets a
link-local ip).

This commit introduces an explicit mechanism, by parsing lines in

/etc/bitmask/ipv4.allow
/etc/bitmask/ipv6.allow

If valid private ips are defined in either of the files, the behavior
will change to fail close for local devices, and allow traffic (both tcp
and udp) to the defined ips, on all ports.

- Resolves: #503
    45939be0
To find the state of this project's repository at the time of any of these versions, check out the tags.