Narrow Port Range for HTTPS Block

ReliefLabs / EasyTomato

Easy Tomato is a modified version of TomatoUSB, which is in turn a modified version of Jonathan Zarate’s excellent open source Tomato firmware. Relief Labs has worked to make this powerful firmware accessible to less technical users through easy to use documentation and a simplified interface

http://www.easytomato.org/

Other

63 stars 19 forks source link

Narrow Port Range for HTTPS Block #45

Closed wrdixon closed 11 years ago

wrdixon commented 11 years ago

Right now its 1-600. We likely only need to be looking on 53 and 80.

djfurie commented 11 years ago

I think that rule refers to bytes to search (search the first 600 bytes for the string). I agree that we should limit the port range though; I think we're actually searching all packets going through (got to confirm that though). We may need to rearrange how all the iptables chains are setup. Almost recovered from jetlag, should have time to look into this later in the week.

wrdixon commented 11 years ago

Yeah, I figured as much after reading some iptables docs a few days ago (post posting this). I'm almost done too. Slept in until 6:30am today!