45 lines
2.9 KiB
HTML
Executable File
45 lines
2.9 KiB
HTML
Executable File
<html>
|
|
<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
|
<title>Re: GSoC Port Forwarding</title>
|
|
<link rel="important stylesheet" href="">
|
|
<style>div.headerdisplayname {font-weight:bold;}
|
|
</style></head>
|
|
<body>
|
|
<table border=0 cellspacing=0 cellpadding=0 width="100%" class="header-part1"><tr><td><div class="headerdisplayname" style="display:inline;">Oggetto: </div>Re: GSoC Port Forwarding</td></tr><tr><td><div class="headerdisplayname" style="display:inline;">Mittente: </div>Giulio <giulio@gmx.com></td></tr><tr><td><div class="headerdisplayname" style="display:inline;">Data: </div>17/07/2021, 21:52</td></tr></table><table border=0 cellspacing=0 cellpadding=0 width="100%" class="header-part2"><tr><td><div class="headerdisplayname" style="display:inline;">A: </div>Frédéric Pierret <frederic.pierret@qubes-os.org></td></tr><tr><td><div class="headerdisplayname" style="display:inline;">CC: </div>Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com></td></tr></table><br>
|
|
<div class="moz-text-flowed" style="font-family: -moz-fixed; font-size: 14px;" lang="x-unicode">Hi,
|
|
<br>
|
|
<br>Il 17/07/2021 21:07, Frédéric Pierret ha scritto:
|
|
<br><blockquote type=cite style="color: #007cff;">I've not an alternative idea yet but, I'm wondering if leaking appvm
|
|
names in "higher" untrusted appvms is reasonable, especially for
|
|
confidentiality. Maybe simply use the destination appvm ip, here in your
|
|
example that would be personal ip. dom0/GuiVM has access to the info so
|
|
getting appvm name from ip should be simple.
|
|
<br></blockquote>
|
|
<br>I understand. It is useful for now for me for debugging and following
|
|
the rules flow, but I will think for something better that solve this
|
|
problem.
|
|
<br>
|
|
<br><blockquote type=cite style="color: #007cff;">Here too, I'm not sure adding such info is a good idea for security.
|
|
What exactly do you have in mind for the last needs additional rules?
|
|
<br></blockquote>
|
|
<br>Well, the last hop, such as sys-net in my last example, needs to know
|
|
that it is the last hop. It has to set the 'srchost' and allow incoming
|
|
connections only from the allowed ranges, while middle hops just needs
|
|
to allow connections from the previous and the next hop. I have yet to
|
|
look into nft enough, but I guess something else might change when
|
|
dealing with the physical/external interface too. As for the first hop I
|
|
have no requirements in mind so maybe that can be avoided.
|
|
<br>
|
|
<br><blockquote type=cite style="color: #007cff;"><blockquote type=cite style="color: #007cff;">One more thing, maybe between internal hops it makes sense to randomize
|
|
<br>the forwarded ports? This way we can prevent forwarding from different
|
|
<br>appvm which shares the same network path or even just one hop from
|
|
<br>overlapping, at least internally. Does it makes sense for you?
|
|
<br></blockquote>
|
|
<br></blockquote>
|
|
<br>Thanks, I will think about that too.
|
|
<br>
|
|
<br>Cheers
|
|
<br>Giulio
|
|
<br></div></body>
|
|
</html>
|
|
</table></div> |