diff options
author | kali kaneko (leap communications) <kali@leap.se> | 2021-06-14 21:45:48 +0200 |
---|---|---|
committer | kali kaneko (leap communications) <kali@leap.se> | 2021-06-14 21:45:58 +0200 |
commit | 45939be0800f8cb77dcac854706ed1c7ac757931 (patch) | |
tree | 314b32733c5126c4b7f53349f2818f9fcf865b88 /pkg | |
parent | 1410e4cecccb860fc1dd29d1d4021ff72b5dc1ab (diff) |
[feat] allow to define explicitely allowed private address
By default, bitmask-root allows traffic to devices in local networks.
However, this behavior depends on it correctly identifying the local
network of the default route, and it can fail on more complex network
setups (one common failure mode is when one of the ifaces gets a
link-local ip).
This commit introduces an explicit mechanism, by parsing lines in
/etc/bitmask/ipv4.allow
/etc/bitmask/ipv6.allow
If valid private ips are defined in either of the files, the behavior
will change to fail close for local devices, and allow traffic (both tcp
and udp) to the defined ips, on all ports.
- Resolves: #503
Diffstat (limited to 'pkg')
0 files changed, 0 insertions, 0 deletions