Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 02c7abac authored by Lorenzo Colitti's avatar Lorenzo Colitti
Browse files

Don't make lockdown VPN source firewall rules over-broad. 

Currently, the lockdown VPN adds firewall allow rules matching
the whole subnet that the server assigned, so for example if
the VPN server assigns it the IP address 10.1.23.5/8, it will
allow the whole of 10.0.0.0/8 to pass the firewall.

This is needlessly overbroad and has a particularly bad corner
case where if the prefix length is 0, everything is allowed.

Bug: 17695048
Change-Id: Idbec4b3aea0f72f9bdfd26dcd72d6a97d026fb12
parent 0cb7903d
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment