Security changes - restricting uhttpd addresses
Peter Naulls
peter at chocky.org
Tue Oct 25 12:00:09 PDT 2022
On 10/25/22 14:53, Luiz Angelo Daros de Luca wrote:
is much easier to let the firewall zones deal with that.
>
>> As aside, they don't see the iptables tool in the system, and don't
>> understand that that's been deprecated (although I since did add it
>> for some unrelated legacy usage), and think there's no firewall at all.
>
> 22.03? Did you read the release notes? nftables.
Luiz, I think you might have missed the context of my post - perhaps you
missed my earlier ones. I'm well aware that nftables is in use, but this
is in a security review, and they see what they want to see.
>
> It would be better to improve the uhttpd startup script, allowing it
> to bind to a list of openwrt interfaces. It is always better to
> reference an existing config than to duplicate it.
> Or leave the original bind address.
I agree that's a better solution. I don't think I've advocated
duplicating config though.
More information about the openwrt-devel
mailing list