irsl

It was not among design goals of dfwfw to cooperate with external iptables management frameworks; I'm even a little bit confused about the motivation here. Even Docker's built-in firewall management...

Which category are you targeting? What are you trying to accomplish?

So is your bug report about the wider_world_to_container category?

I still can't reproduce the issue. I created a network (wwtc) with one container (got name serene_turing), seems working well: ``` # cat /etc/dfwfw/dfwfw.conf { "wider_world_to_container": { "rules": [ {...

I am still not able to reproduce your issue, it is working fine for me for a single container as well, even the feature querying the exposed ports of the...

Thanks for this follow up. There is a known bypass of the security measure added into the Google image, so relying on it solely is not yet recommended.

I was considering to contact ISC, and even though their implementation could rely on additional entropy sources, I still think this is not a vulnerability in dhclient, but rather in...

Communication between VMs on the same network is unfiltered by default, so udp/68 is accessible and can be targeted. This is what attack 1 and 2 are about. Exploitation here...

You are correct, thanks for drawing this to my attention. I'm adding an entry about this in the FAQ soon. Btw, could you please reference the docs about the metadata...

Thanks. I tested AWS, Azure and Digital Ocean (they are not affected for various reasons, e.g. not using DHCP by default or udp/68 being filtered).