fw-daemon icon indicating copy to clipboard operation
fw-daemon copied to clipboard

Published 20 hours ago verified publisher icon subgraph

Crash under high socks5 load due to go-nfnetlink panic

Open dma opened this issue 7 years ago • 2 comments

See https://github.com/subgraph/go-nfnetlink/issues/5

dma avatar Sep 18 '17 13:09 dma

This is technically a vuln, because an unprivileged process in a sandbox can crash fw-daemon, disabling it system wide, and sgfw currently fails open (known issue).

dma avatar Sep 18 '17 19:09 dma

Shouldn't it be designed in such a way that if the firewall crashes, the internet should fail.

Can't you do this using IP tables which you seem to be mentioning in the readme.md

If what I said is not possible, then this is really sad.

I hope you figure out or implement a way so that if the firewall crashes, then the internet stops.

Like VPN kill switches. But then again I don't think these VPN kill switches work if the VPN software quits.

But I've seen VPN kill switch implemented using IP Tables.

Note: I'm a noob and don't know too much about firewalls in Linux, other than using a GUI Firewall.

Zerokami avatar Mar 26 '18 07:03 Zerokami