go-mmproxy icon indicating copy to clipboard operation
go-mmproxy copied to clipboard
verified publisher icon path-network

better example file for systemd service

Open cs8425 opened this issue 3 years ago • 2 comments

drop root permission on go-mmproxy itself, enable CAP_NET_BIND_SERVICE, CAP_NET_ADMIN for binding < 1024 port and using IP_TRANSPARENT, and keep ip rule, ip route working.

cs8425 avatar Mar 14 '23 09:03 cs8425

@cs8425 I'm happy to merge this if you include @DanScharon's comments

kzemek avatar Oct 04 '23 09:10 kzemek

I'm proposing an alternative patch, including the suggestions along with more hardening options: https://github.com/path-network/go-mmproxy/pull/30.

tacerus avatar May 25 '24 23:05 tacerus