[Tails-dev] Please review feature/firewall_lockdown

Delete this message

Reply to this message
Author: anonym
Date:  
To: The T(A)ILS public development discussion list
Subject: [Tails-dev] Please review feature/firewall_lockdown
Please review and merge feature/firewall_lockdown, currently merged into
experimental. This time it should merge cleanly into devel.

This branch modified the firewall to use a white-list/principle of least
privelege approach for local services, so only users that reasonably
need access to e.g. Tor's SOCKS port have it. It also adds logging
(visiable in dmesg) for rejected packets, disables some unwanted
services that bloat that log (e.g. Pidgin's UPnP support), and makes
some local services IPv6 only to avoid duplication of white-list rules.

Cheers!