diff options
| author | David Lönnhager <david.l@mullvad.net> | 2022-08-23 13:36:55 +0200 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2022-08-29 16:40:50 +0200 |
| commit | 9c8b457982d0fc4f7380d2a88456fb98155a47c3 (patch) | |
| tree | 8b0df440f46b21d62d41c40a978356f890a4eb27 /docs/security.md | |
| parent | ef4ef3846b621013fa9d29b77e9399153064f7d0 (diff) | |
| download | mullvadvpn-9c8b457982d0fc4f7380d2a88456fb98155a47c3.tar.xz mullvadvpn-9c8b457982d0fc4f7380d2a88456fb98155a47c3.zip | |
Allow admin-local v4 multicast range when LAN sharing is enabled
Diffstat (limited to 'docs/security.md')
| -rw-r--r-- | docs/security.md | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/docs/security.md b/docs/security.md index e4e77414ad..f8e1c511cc 100644 --- a/docs/security.md +++ b/docs/security.md @@ -81,15 +81,15 @@ The following network traffic is allowed or blocked independent of state: * `169.254.0.0/16` (Link-local IPv4 range) * `fe80::/10` (Link-local IPv6 range) * `fc00::/7` (Unique local address (ULA) range) - * Outgoing to any IP in a local, unroutable, multicast network, meaning these: + * Outgoing to any IP in globally unroutable multicast networks, meaning these: * `224.0.0.0/24` (Local subnet IPv4 multicast) - * `239.255.0.0/16` (IPv4 local scope. eg. SSDP and mDNS) + * `239.0.0.0/8` (Administratively scoped IPv4 multicast. E.g. SSDP and mDNS) * `255.255.255.255/32` (Broadcasts to the local network) * `ff01::/16` (Interface-local multicast. Local to a single interface on a node.) * `ff02::/16` (Link-local IPv6 multicast. IPv6 equivalent of `224.0.0.0/24`) * `ff03::/16` (Realm-local IPv6 multicast) * `ff04::/16` (Admin-local IPv6 multicast) - * `ff05::/16` (Site-local IPv6 multicast. Is routable, but should never leave the "site") + * `ff05::/16` (Site-local IPv6 multicast) * Incoming DHCPv4 requests and outgoing responses (be a DHCPv4 server): * Incoming UDP from `*:68` to `255.255.255.255:67` * Outgoing UDP from `*:67` to `*:68` |