Modify

Opened 11 years ago

Closed 11 years ago

#852 closed defect (fixed)

init script doesn't protect against vlan1 when using pptp

Reported by: erez0001@… Owned by: developers
Priority: high Milestone: 0.9/rc6
Component: base system Version:
Keywords: Cc:

Description

the firewall init script accept anything which is not originating from $WAN.
however in the case of pptp, $WAN is ppp0, and it does not protect against vlan1
so someone on the local isp network can hack the router

relevant lines:

iptables -N LAN_ACCEPT

[ -z "$WAN" ]
iptables -A LAN_ACCEPT -i "$WAN" -j RETURN

iptables -A LAN_ACCEPT -j ACCEPT

Attachments (0)

Change History (1)

comment:1 Changed 11 years ago by nbd

  • Resolution set to fixed
  • Status changed from new to closed

fixed in [5136]

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.