Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash under high socks5 load due to go-nfnetlink panic #50

Open
dma opened this issue Sep 18, 2017 · 2 comments
Open

Crash under high socks5 load due to go-nfnetlink panic #50

dma opened this issue Sep 18, 2017 · 2 comments
Assignees
@shw700

Comments

@dma
Copy link
Contributor

dma commented Sep 18, 2017

See subgraph/go-nfnetlink#5
@dma
Copy link
Contributor Author

dma commented Sep 18, 2017

This is technically a vuln, because an unprivileged process in a sandbox can crash fw-daemon, disabling it system wide, and sgfw currently fails open (known issue).

@shw700 shw700 self-assigned this Sep 30, 2017
@Zerokami
Copy link

Shouldn't it be designed in such a way that if the firewall crashes, the internet should fail.

Can't you do this using IP tables which you seem to be mentioning in the readme.md

If what I said is not possible, then this is really sad.

I hope you figure out or implement a way so that if the firewall crashes, then the internet stops.

Like VPN kill switches. But then again I don't think these VPN kill switches work if the VPN software quits.

But I've seen VPN kill switch implemented using IP Tables.

Note: I'm a noob and don't know too much about firewalls in Linux, other than using a GUI Firewall.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shw700 shw700

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dma @Zerokami @shw700