Page MenuHomePhabricator

review enabling proxy arp impact on Qubes-Whonix Firewall
Closed, ResolvedPublic

Description

Do you think there are situations, where /etc/xen/vif-route-qubes's enabling of proxy arp (echo 1 >/proc/sys/net/ipv4/conf/${vif}/proxy_arp) could lead to proxy bypass, leaks?

(Related: T426)

Details

Impact
High

Event Timeline

Patrick created this task.Nov 13 2015, 6:51 PM
Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick set Impact to High.
Patrick added subscribers: Patrick, marmarek, nrgaway.

I don't think so. But also I think it isn't needed anymore (since each
VM have proper routing set).

Patrick assigned this task to marmarek.Nov 13 2015, 10:03 PM
Patrick closed this task as Resolved.Nov 13 2015, 10:06 PM
In T430#7153, @marmarek wrote:

I don't think so.

Thank you, Marek! Done. Closing.

But also I think it isn't needed anymore (since each
VM have proper routing set).

Created https://github.com/QubesOS/qubes-issues/issues/1421 for it.