fpnd icon indicating copy to clipboard operation
fpnd copied to clipboard
verified publisher icon freepn

avahi-daemon.conf requires interface whitelisting to ignore vpn interfaces

Open sarnold opened this issue 5 years ago • 0 comments

The default (as installed) avahi-daemon config allows all interfaces and denies none so it will attempt to bind to any interface it sees. The "fix" is editing the avahi-daemon.conf file to explicitly whitelist the interfaces avahi should listen on. This fix should also resolve the problem described in issue #39.

If you're not using avahi (or don't know what it is) and you're concerned about your privacy/security, then you can either a) remove the packages or b) disable and mask the service. To remove the primary avahi packages run:

sudo apt-get remove avahi-autoipd avahi-daemon avahi-utils

To keep the packages but stop any avahi services from running if you're using systemd (either Ubuntu or Gentoo) you'll need to run the following commands:

sudo systemctl disable avahi-daemon.socket avahi-daemon.service
sudo systemctl mask avahi-daemon.socket avahi-daemon.service

otherwise, for openrc run the following:

sudo /etc/init.d/avahi-daemon stop
sudo rc-update del avahi-daemon

If you are using avahi and have not modified the default config, you should uncomment the allow-interfaces line in the above config file and add your ethernet and/or wifi devices after the = (if more than one device, use a comma to separate the interface names).

Open the file in your favorite editor and change this:

use-ipv6=yes
#allow-interfaces=eth0
#deny-interfaces=eth1

to something like:

use-ipv6=yes
allow-interfaces=eth0,wlan0
#deny-interfaces=eth1

Do substitute the interface names for your system, since it may or may not be using predictable interface names. Check the names with ifconfig:

$ ifconfig 
enx000ec68929d2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet XXX.XXX.XXX.XXX  netmask 255.255.255.0  broadcast XXX.XXX.XXX.XXX
        inet6 fe80::20e:dead:beef:29d2  prefixlen 64  scopeid 0x20<link>
        ether 00:0e:c6:89:29:d2  txqueuelen 1000  (Ethernet)
        RX packets 14688  bytes 748393 (748.3 KB)
        RX errors 0  dropped 2572  overruns 0  frame 0
        TX packets 10444  bytes 2048942 (2.0 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

If ifconfig is not installed, use the ip command:

$ sudo ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether b8:27:eb:04:24:0e brd ff:ff:ff:ff:ff:ff
    inet XXX.XXX.XXX.XXX/24 brd XXX.XXX.XXX.XXX scope global dynamic eth0
       valid_lft 2019sec preferred_lft 2019sec
    inet6 fe80::dead:beef:fe04:240e/64 scope link 
       valid_lft forever preferred_lft forever

and use the displayed device name instead of eth0.

sarnold avatar Sep 08 '20 20:09 sarnold