subgraph-os-issues icon indicating copy to clipboard operation
subgraph-os-issues copied to clipboard

Published 20 hours ago verified publisher icon subgraph

Subgraph Firewall shouldn't fail open

Open dma opened this issue 8 years ago • 0 comments
trafficstars

This is something we've known about for a while, but tracking it here for remediation. SGFW fails open: if it crashes, or is stopped, traffic passes through as though it were never there in the first place. In production SGOS, SGFW should fail closed, especially because of possible issues like this: https://github.com/subgraph/go-nfnetlink/issues/5

dma avatar Sep 18 '17 19:09 dma