From: Florian Westphal
Date: Fri, 14 Apr 2017 20:22:43 +0200
> We lack a saddr check for ::1. This causes security issues e.g. with acls
> permitting connections from ::1 because of assumption that these originate
> from local machine.
>
> Assuming a source address of ::1 is local seems reasonab
On Fri, Apr 14, 2017, at 20:22, Florian Westphal wrote:
> We lack a saddr check for ::1. This causes security issues e.g. with acls
> permitting connections from ::1 because of assumption that these
> originate
> from local machine.
>
> Assuming a source address of ::1 is local seems reasonable.
>
On Fri, 2017-04-14 at 20:22 +0200, Florian Westphal wrote:
> We lack a saddr check for ::1. This causes security issues e.g. with acls
> permitting connections from ::1 because of assumption that these originate
> from local machine.
>
> Assuming a source address of ::1 is local seems reasonable.
We lack a saddr check for ::1. This causes security issues e.g. with acls
permitting connections from ::1 because of assumption that these originate
from local machine.
Assuming a source address of ::1 is local seems reasonable.
RFC4291 doesn't allow such a source address either, so drop such pack
