Reduce attack surface with firewall hardening
Following up on "[Tails-dev] Reducing attack surface of kernel and tightening firewall/sysctls":
- Disable netfilter's
- don't accept RELATED packets
- Enable Packetization Layer Path MTU Discovery for IPv4 (needed once we drop RELATED packets, and may fix unrelated problems)
#2 Updated by intrigeri almost 2 years ago
- % Done changed from 10 to 40
I did a full test suite run (+ some retries to cope with the usual robustness issues) and everything now passes. Next (and hopefully last) step is to check if the design doc needs an update; there was some useful input in the thread on tails-dev@, that might be worth capturing.