[FS#482] Web server listens on all interfaces (Archer MR200)
LEDE Bugs
lede-bugs at lists.infradead.org
Wed Feb 15 11:39:57 PST 2017
The following task has a new comment added:
FS#482 - Web server listens on all interfaces (Archer MR200)
User who did this - Zero (zero)
----------
In my case, iptables -S shows:
/ # iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i rmnet0 -p tcp -m tcp --dport 443 -j DROP
-A INPUT -i rmnet0 -p tcp -m tcp --dport 80 -j DROP
-A FORWARD -i bridge0 -p tcp -m state --state INVALID -j DROP
It might not be strictly necessary, but it would protect us from any changes in iptables from modem updates or anything.
The only downside I see would be if the ip address of bridge0 changed, then it would not work, but in that case, anyway, we would need to know the new address to access it.
And if the IP changes, maybe the iptables also changes, so who knows.
I would like to have that option added. If it is not, I will consider patching my system as I have it patched now to listen in that interface only.
----------
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=482#comment1838
More information about the lede-bugs
mailing list