aboutsummaryrefslogtreecommitdiffstats
path: root/package/libs/libmnl
diff options
context:
space:
mode:
authorPhilip Prindeville <philipp@redfish-solutions.com>2020-04-27 18:52:51 -0600
committerHans Dedecker <dedeckeh@gmail.com>2020-05-21 20:23:10 +0200
commitde8b88ce17c3e19cf1fe366be0de2e3c376762b0 (patch)
treefe89c28370c9d0933f8b2b13e0fc0d3cda0bb1fb /package/libs/libmnl
parentbc552584640eba0bd428b70f724640a8fe9ceca2 (diff)
downloadupstream-de8b88ce17c3e19cf1fe366be0de2e3c376762b0.tar.gz
upstream-de8b88ce17c3e19cf1fe366be0de2e3c376762b0.tar.bz2
upstream-de8b88ce17c3e19cf1fe366be0de2e3c376762b0.zip
firewall: add rule for traceroute support
Running your firewall's "wan" zone in REJECT zone (1) exposes the presence of the router, (2) depending on the sophistication of fingerprinting tools might identify the OS and release running on the firewall which then identifies known vulnerabilities with it and (3) perhaps most importantly of all, your firewall can be used in a DDoS reflection attack with spoofed traffic generating ICMP Unreachables or TCP RST's to overwhelm a victim or saturate his link. This rule, when enabled, allows traceroute to work even when the default input policy of the firewall for the wan zone has been set to DROP. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Diffstat (limited to 'package/libs/libmnl')
0 files changed, 0 insertions, 0 deletions