Re: [Tails-dev] Reducing attack surface of kernel and tighte…

Delete this message

Reply to this message
Author: Michael Rogers
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Reducing attack surface of kernel and tightening firewall/sysctls
On 04/12/14 01:06, Oliver-Tobias Ripka wrote:
> - DHCP still works. Which is strange, isn't? I configured the
> firewall to drop everything so DHCP should not work.
>
> To debug a little I inserted some code into
> /etc/NetworkManager/dispatcher.d/00-firewall.sh to see what the
> state if ifconfig and iptables is right before bringing up the
> firewall:
>
> Result: The IP adress is already is configured (DHCP was renewed)
> and the iptables configuration is still set to DROP. So I am not
> sure how the DHCP packets could get through. Maybe I have a flaw in
> my debugging procedure or this is another issue.


Is it possible that the DHCP client still has a valid lease that was
granted before the firewall rules were changed? Perhaps deleting any
leases in /var/lib/dhcp and bringing the interface up again will
change the result?

Cheers,
Michael