Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
63d8065e4f
core-agent-linux/network
History
Pawel Marczewski 63d8065e4f
firewall: drop INVALID state TCP packets 
Packets detected as INVALID are ignored by NAT, so if they are not
dropped, packets with internal source IPs can leak to the outside
network.

See:

https://bugzilla.netfilter.org/show_bug.cgi?id=693
http://www.smythies.com/~doug/network/iptables_notes/

Fixes QubesOS/qubes-issues#5596.
2020-01-24 19:01:00 +01:00
..
00notify-hook Improved upgrade notifications sent to QVMM. 2015-11-11 15:45:00 +00:00
30-qubes-external-ip network: fix issues found by shellcheck 2017-09-30 04:43:04 +02:00
80-qubes.conf Stop Debian templates from forwarding by default. 2018-02-06 23:10:28 +00:00
ip6tables Update rule priorities for anti-spoofing 2020-01-10 09:19:32 +01:00
ip6tables-enabled firewall: drop INVALID state TCP packets 2020-01-24 19:01:00 +01:00
iptables firewall: drop INVALID state TCP packets 2020-01-24 19:01:00 +01:00
iptables-updates-proxy network: fix issues found by shellcheck 2017-09-30 04:43:04 +02:00
network-manager-prepare-conf-dir Refactor and handle new network qubesdb configuration 2019-06-18 18:49:42 +02:00
nm-30-qubes.conf Configure NetworkManager to keep /etc/resolv.conf as plain file 2016-09-15 01:26:35 +02:00
qubes-fix-nm-conf.sh NetworkManager config - Add dns=default 2019-08-16 14:21:13 +00:00
qubes-iptables Fixes issue #3939 2018-05-31 14:02:15 -04:00
qubes-nmhook network: reload DNS only on "up" event from NetworkManager 2018-02-10 22:12:44 +01:00
qubes-setup-dnat-to-ns network: fix issues found by shellcheck 2017-09-30 04:43:04 +02:00
setup-ip Handle errors for non-present ip gateways 2019-06-22 17:40:25 +02:00
show-hide-nm-applet.desktop Fix show-hide-nm-applet.desktop - use OnlyShowIn=X-QUBES 2015-09-03 00:43:54 +02:00
show-hide-nm-applet.sh network: fix issues found by shellcheck 2017-09-30 04:43:04 +02:00
tinyproxy-updates.conf updates-proxy: explicitly block connection looping back to the proxy IP 2015-12-04 14:57:07 +01:00
udev-qubes-network.rules Refactor and handle new network qubesdb configuration 2019-06-18 18:49:42 +02:00
update-proxy-configs Mention Update Proxy in configuration 2019-12-01 13:41:54 +01:00
updates-blacklist (redo) updates-proxy: explicitly block connection looping back to the proxy IP 2017-09-15 05:00:05 +02:00
vif-qubes-nat.sh network: fix issues found by shellcheck 2017-09-30 04:43:04 +02:00
vif-route-qubes network: don't fail the whole vif setup if IPv6 is disabled 2019-10-06 06:19:16 +02:00