Create Task
Maniphest T430

review enabling proxy arp impact on Qubes-Whonix Firewall
Closed, ResolvedPublic
Actions

Description

Do you think there are situations, where /etc/xen/vif-route-qubes's enabling of proxy arp (echo 1 >/proc/sys/net/ipv4/conf/${vif}/proxy_arp) could lead to proxy bypass, leaks?

(Related: T426)

Details

Impact
High

Related Objects

Patrick created this task.Nov 13 2015, 6:51 PM
Patrick updated the task description. (Show Details)
Patrick raised the priority of this task from to Normal.
Patrick added projects: Qubes, whonix-gw-firewall, Whonix 12.
Patrick set Impact to High.
Patrick added subscribers: Patrick, marmarek, nrgaway.
marmarek added a comment.Nov 13 2015, 9:50 PM

I don't think so. But also I think it isn't needed anymore (since each
VM have proper routing set).

Patrick assigned this task to marmarek.Nov 13 2015, 10:03 PM
Patrick closed this task as Resolved.Nov 13 2015, 10:06 PM
In T430#7153, @marmarek wrote:

I don't think so.

Thank you, Marek! Done. Closing.

But also I think it isn't needed anymore (since each
VM have proper routing set).

Created https://github.com/QubesOS/qubes-issues/issues/1421 for it.

Whonix Community Issue Tracker · Unread Notifications · Open Issues · Homepage · Blog · Forum · Github · Legal · Impressum · Datenschutz · Haftungsausschluss