Bug #11391

Reduce attack surface with firewall hardening

Added by intrigeri about 1 year ago. Updated about 1 year ago.

Status:ResolvedStart date:04/29/2016
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:-
Target version:Tails_2.4
QA Check:Pass Blueprint:
Feature Branch:feature/11391-firewall-hardening Easy:
Type of work:Code Affected tool:

Description

Following up on "[Tails-dev] Reducing attack surface of kernel and tightening firewall/sysctls":

  • Disable netfilter's nf_conntrack_helper
  • don't accept RELATED packets
  • Enable Packetization Layer Path MTU Discovery for IPv4 (needed once we drop RELATED packets, and may fix unrelated problems)

Associated revisions

Revision a067603c
Added by anonym about 1 year ago

Merge remote-tracking branch 'origin/feature/11391-firewall-hardening' into devel

Fix-committed: #11391

History

#1 Updated by intrigeri about 1 year ago

  • Feature Branch set to feature/11391-firewall-hardening

#2 Updated by intrigeri about 1 year ago

  • % Done changed from 10 to 40

I did a full test suite run (+ some retries to cope with the usual robustness issues) and everything now passes. Next (and hopefully last) step is to check if the design doc needs an update; there was some useful input in the thread on tails-dev@, that might be worth capturing.

#3 Updated by intrigeri about 1 year ago

  • Assignee changed from intrigeri to anonym
  • % Done changed from 40 to 50
  • QA Check set to Ready for QA

Design doc drafted, please review and merge :)

#4 Updated by anonym about 1 year ago

  • Status changed from In Progress to Fix committed
  • Assignee deleted (anonym)
  • % Done changed from 50 to 100
  • QA Check changed from Ready for QA to Pass

#5 Updated by anonym about 1 year ago

  • Status changed from Fix committed to Resolved

Also available in: Atom PDF