~mdw / firewall / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 51988d0) | patch
local.m4: Untrusted source addresses appear on the backbone.
authorMark Wooding <mdw@distorted.org.uk>
Mon, 23 Apr 2012 00:20:28 +0000 (01:20 +0100)
committerMark Wooding <mdw@distorted.org.uk>
Mon, 23 Apr 2012 00:20:28 +0000 (01:20 +0100)
commitc353339c5f8e4afececd952fbebb09109b55dca1
tree07b82f91a60cbdcb8a4d8d85396bff7cc088ae63tree | snapshot (tar.gz zip)
parent51988d089b81f995878ae55853f9f92e0beeb7f3commit | diff
local.m4: Untrusted source addresses appear on the backbone.

This happens because of router redundancy.  Case in point: suppose
vampire is selected via IPv6 router discovery, but radius owns the
external tunnel.  Then vampire will forward the packet over the
backbone to radius, which mustn't reject it.

(This isn't a security problem because the untrusted network isn't (by
definition) trusted very much for anything.
local.m4 diff | blob | blame | history
Firewall scripts for distorted.org.uk.