Bug #11391

Reduce attack surface with firewall hardening

Added by intrigeri about 1 year ago. Updated 11 months ago.

Status:ResolvedStart date:04/29/2016
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:-
Target version:Tails_2.4
QA Check:Pass Blueprint:
Feature Branch:feature/11391-firewall-hardening Easy:
Type of work:Code Affected tool:

Description

Following up on "[Tails-dev] Reducing attack surface of kernel and tightening firewall/sysctls":

  • Disable netfilter's nf_conntrack_helper
  • don't accept RELATED packets
  • Enable Packetization Layer Path MTU Discovery for IPv4 (needed once we drop RELATED packets, and may fix unrelated problems)

Associated revisions

Revision a067603c
Added by anonym 12 months ago

Merge remote-tracking branch 'origin/feature/11391-firewall-hardening' into devel

Fix-committed: #11391

History

#1 Updated by intrigeri about 1 year ago

  • Feature Branch set to feature/11391-firewall-hardening

#2 Updated by intrigeri about 1 year ago

  • % Done changed from 10 to 40

I did a full test suite run (+ some retries to cope with the usual robustness issues) and everything now passes. Next (and hopefully last) step is to check if the design doc needs an update; there was some useful input in the thread on tails-dev@, that might be worth capturing.

#3 Updated by intrigeri 12 months ago

  • Assignee changed from intrigeri to anonym
  • % Done changed from 40 to 50
  • QA Check set to Ready for QA

Design doc drafted, please review and merge :)

#4 Updated by anonym 12 months ago

  • Status changed from In Progress to Fix committed
  • Assignee deleted (anonym)
  • % Done changed from 50 to 100
  • QA Check changed from Ready for QA to Pass

#5 Updated by anonym 11 months ago

  • Status changed from Fix committed to Resolved

Also available in: Atom PDF