Snippets Groups Projects

Unverified Commit 45939be0 authored 3 years ago by Kali Kaneko

[feat] allow to define explicitely allowed private address

By default, bitmask-root allows traffic to devices in local networks.

However, this behavior depends on it correctly identifying the local
network of the default route, and it can fail on more complex network
setups (one common failure mode is when one of the ifaces gets a
link-local ip).

This commit introduces an explicit mechanism, by parsing lines in

/etc/bitmask/ipv4.allow
/etc/bitmask/ipv6.allow

If valid private ips are defined in either of the files, the behavior
will change to fail close for local devices, and allow traffic (both tcp
and udp) to the defined ips, on all ports.

- Resolves: #503

parent 1410e4ce

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 69 additions and 9 deletions

Kali Kaneko @kali
mentioned in merge request !139 (closed)
· 3 years ago

mentioned in merge request !139 (closed)

mentioned in merge request !139

Toggle commit list

Please register or to comment