]> git.ipfire.org Git - ipfire-2.x.git/commit
projects / ipfire-2.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a36cd34) | patch
firewall: Prevent spoofing our own RED IP address
authorPeter Müller <peter.mueller@ipfire.org>
Sat, 18 Dec 2021 13:48:33 +0000 (14:48 +0100)
committerPeter Müller <peter.mueller@ipfire.org>
Fri, 14 Jan 2022 14:16:39 +0000 (14:16 +0000)
commite83ae0d43406ad6d988f2ea56d4dbfc6da1bab90
treee0a4476f293592d28d46cb7fc153d9cf35d8c965tree | snapshot
parenta36cd34eac2d1624720eb86e2f3c6985ae184e20commit | diff
firewall: Prevent spoofing our own RED IP address

There is no legitimate reason why traffic from our own IP address on RED
should ever appear incoming on that interface.

This prevents attackers from impersonating IPFire itself, and is only
cleared/reset if the RED interface is brought up. Therefore, an attacker
cannot bypass this by foring a dial-up or DHCP connection to break down.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
src/initscripts/system/firewall diff | blob | blame | history
IPFire 2.x development tree