diff options
| author | Emīls <emils@mullvad.net> | 2021-12-09 16:29:23 +0000 |
|---|---|---|
| committer | Emīls Piņķis <emils@mullvad.net> | 2021-12-13 15:42:55 +0000 |
| commit | 2729ca03f9192a6ab60dd6ba041ff2d7ab3209f3 (patch) | |
| tree | a7f219bd02feb6464226771f5ad1e0a94e67e013 /docs | |
| parent | 785254150f39e42256cf36fbf2d2901694dc6e7c (diff) | |
| download | mullvadvpn-2729ca03f9192a6ab60dd6ba041ff2d7ab3209f3.tar.xz mullvadvpn-2729ca03f9192a6ab60dd6ba041ff2d7ab3209f3.zip | |
Allow only root to reach the API in blocked state
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/security.md | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/docs/security.md b/docs/security.md index 8f1986642c..b7ddfea71e 100644 --- a/docs/security.md +++ b/docs/security.md @@ -101,10 +101,11 @@ forwarded. All other forward traffic is rejected. #### Mullvad API -The firewall allows traffic for the API regardless of tunnel state, to allow for updating keys, -fetching account data, etc. In the [Connected] state, this is only allowed inside the tunnel. -For the other states, it is allowed regardless. On Windows, only the Mullvad service and problem -report tool are able to communicate with the API in any of the blocking states. +The firewall allows traffic to the API regardless of tunnel state, so the daemon is able to update +keys, fetch account data, etc. In the [Connected] state, API traffic is only allowed inside the tunnel. +For the other states, API traffic will bypass the firewall. On Windows, only the Mullvad service and +problem report tool are able to communicate with the API in any of the blocking states. On macOS and +Linux all applications runnning as root are able to reach the API in blocking states. ### Disconnected |