Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filtering loopback connections #58

Open
StephanErb opened this issue Sep 27, 2015 · 1 comment
Open

Filtering loopback connections #58

StephanErb opened this issue Sep 27, 2015 · 1 comment

Comments

@StephanErb
Copy link

Inspired by the Server Side Request Forgery security incident described here with important background on HN, I would like to filter access originating and targeting the loopback interface.

In order to achieve this, I would need a mechanism to drop traffic before it is allowed by the interface lo ACCEPT rule (see ferm.conf.j2).

Do you have an idea how this could be implemented?
@drybjed
Copy link
Member

drybjed commented Sep 27, 2015

@StephanErb Sure, I want to move all different rules currently defined in ferm.conf to separate rule files, this particular set of rules would be moved to filter/input/ subdirectory and included from there.

I'm also looking into a way to selectively disable specific default rules in the firewall in an idempotent way, so that for example you could replace a rule with your own in your own role without the need to mess with debops.ferm and at the same time debops.ferm will not revert the change on the next run.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@StephanErb @drybjed