Drop suspicious packets to tunnel IP in connecting state

author: David Lönnhager <david.l@mullvad.net> 2021-09-07 18:27:29 +0200
committer: David Lönnhager <david.l@mullvad.net> 2021-09-08 15:48:05 +0200
commit: 18cf65ba13a5852acbedeeee66ab4a654d4a3602 (patch)
tree: 4dc661070a0dcb5132a4b7508aa6a619132ce0a0 /talpid-core/src
parent: 032c6fc496cca35270cc48f337e20e6d771fdc04 (diff)
download: mullvadvpn-18cf65ba13a5852acbedeeee66ab4a654d4a3602.tar.xz
mullvadvpn-18cf65ba13a5852acbedeeee66ab4a654d4a3602.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/talpid-core/src/firewall/linux.rs b/talpid-core/src/firewall/linux.rs
index 057f9f68e8..674a95c9b6 100644
--- a/talpid-core/src/firewall/linux.rs
+++ b/talpid-core/src/firewall/linux.rs
@@ -563,6 +563,9 @@ impl<'a> PolicyBatch<'a> {
 
                 if let Some(tunnel) = tunnel {
                     self.add_allow_tunnel_rules(&tunnel.interface)?;
+                    if *allow_lan {
+                        self.add_block_cve_2019_14899(tunnel);
+                    }
                 }
                 *allow_lan
             }
author	David Lönnhager <david.l@mullvad.net>	2021-09-07 18:27:29 +0200
committer	David Lönnhager <david.l@mullvad.net>	2021-09-08 15:48:05 +0200
commit	18cf65ba13a5852acbedeeee66ab4a654d4a3602 (patch)
tree	4dc661070a0dcb5132a4b7508aa6a619132ce0a0 /talpid-core/src
parent	032c6fc496cca35270cc48f337e20e6d771fdc04 (diff)
download	mullvadvpn-18cf65ba13a5852acbedeeee66ab4a654d4a3602.tar.xz mullvadvpn-18cf65ba13a5852acbedeeee66ab4a654d4a3602.zip