Bug #11391: Reduce attack surface with firewall hardening

Bug #11391

Reduce attack surface with firewall hardening

Added by intrigeri 2016-04-29 11:56:10 . Updated 2016-06-08 01:26:33 .

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Target version:

Tails_2.4

Start date:

2016-04-29

Due date:

% Done:

100%

Feature Branch:

feature/11391-firewall-hardening

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

Following up on “[Tails-dev] Reducing attack surface of kernel and tightening firewall/sysctls”:

Disable netfilter’s nf_conntrack_helper
don’t accept RELATED packets
Enable Packetization Layer Path MTU Discovery for IPv4 (needed once we drop RELATED packets, and may fix unrelated problems)

Subtasks

History

#1 Updated by intrigeri 2016-04-29 11:57:26

Feature Branch set to feature/11391-firewall-hardening

#2 Updated by intrigeri 2016-04-30 06:27:24

% Done changed from 10 to 40

I did a full test suite run (+ some retries to cope with the usual robustness issues) and everything now passes. Next (and hopefully last) step is to check if the design doc needs an update; there was some useful input in the thread on tails-dev@, that might be worth capturing.

#3 Updated by intrigeri 2016-05-03 09:33:39

Assignee changed from intrigeri to anonym
% Done changed from 40 to 50
QA Check set to Ready for QA

Design doc drafted, please review and merge :)

#4 Updated by anonym 2016-05-09 03:22:26

Status changed from In Progress to Fix committed
Assignee deleted (~~anonym~~)
% Done changed from 50 to 100
QA Check changed from Ready for QA to Pass

#5 Updated by anonym 2016-06-08 01:26:33

Status changed from Fix committed to Resolved