diff options
| author | Linus Färnstrand <linus@mullvad.net> | 2019-12-02 18:18:10 +0100 |
|---|---|---|
| committer | Linus Färnstrand <linus@mullvad.net> | 2020-01-07 21:50:38 +0100 |
| commit | 154834de44be5ebd240a807557c660bdfddfcd64 (patch) | |
| tree | eaf60a592d5553ac6a9fb518052a4f34114feebf /docs/security.md | |
| parent | b7dc78e4b7b819324ed9a251c32c1af8497d49bd (diff) | |
| download | mullvadvpn-154834de44be5ebd240a807557c660bdfddfcd64.tar.xz mullvadvpn-154834de44be5ebd240a807557c660bdfddfcd64.zip | |
Small fixes
Diffstat (limited to 'docs/security.md')
| -rw-r--r-- | docs/security.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/security.md b/docs/security.md index 3d6783a7a7..8b6c56ada1 100644 --- a/docs/security.md +++ b/docs/security.md @@ -60,7 +60,7 @@ The following network traffic is always allowed to flow. It is never blocked, re * Incoming from `[fe80::]/10:547` to `[fe80::]/10:546` (server to client) 1. Router solicitation, advertisement and redirects (subset of NDP): - * Outgoing to `ff02::2``, but only ICMPv6 with type 133 and code 0. + * Outgoing to `ff02::2`, but only ICMPv6 with type 133 and code 0. * Incoming from `[fe80::]/10`, but only ICMPv6 type 134 or 137 and code 0. 1. If the "Allow LAN" setting is enabled, the following is also allowed: @@ -123,7 +123,7 @@ that affects the tunnel or until the tunnel goes down unexpectedly. In this state, all traffic in both directions over the tunnel interface is allowed. Minus DNS requests (TCP and UDP destination port 53) not to a gateway IP for that interface. Meaning we can -*only* request DNS from the relay server itself. +*only* request DNS inside the tunnel and *only* from the relay server itself. This state allows traffic on all interfaces to and from the IP and port combo that the tunnel runs over. See the [connecting] state for details. |