著者: Michael Rogers 日付: To: The Tails public development discussion list 題目: Re: [Tails-dev] Reducing attack surface of kernel and tightening
firewall/sysctls
On 04/12/14 01:06, Oliver-Tobias Ripka wrote: > - DHCP still works. Which is strange, isn't? I configured the
> firewall to drop everything so DHCP should not work.
>
> To debug a little I inserted some code into
> /etc/NetworkManager/dispatcher.d/00-firewall.sh to see what the
> state if ifconfig and iptables is right before bringing up the
> firewall:
>
> Result: The IP adress is already is configured (DHCP was renewed)
> and the iptables configuration is still set to DROP. So I am not
> sure how the DHCP packets could get through. Maybe I have a flaw in
> my debugging procedure or this is another issue.
Is it possible that the DHCP client still has a valid lease that was
granted before the firewall rules were changed? Perhaps deleting any
leases in /var/lib/dhcp and bringing the interface up again will
change the result?