Closed Gerrit91 closed 3 years ago
It's extremely dangerous that temp files for configuration are rendered in the destination folders. There were already some occasions when directories like these were found, leading to very interesting rule sets:
ls /etc/nftables ... -rw------- 1 root root 3474 Jul 29 13:08 firewall-controller.v43740410535 -rw------- 1 root root 3474 Jul 29 13:09 firewall-controller.v42263989221
The files should be rendered in a safer spot and then moved to the target directory.
Alternative: in /etc/nftables.conf do not import /etc/nftables/* but only the /etc/nftables/rules and /etc/nftables/firewall-controller.v4
/etc/nftables.conf
/etc/nftables/*
/etc/nftables/rules
/etc/nftables/firewall-controller.v4
It's extremely dangerous that temp files for configuration are rendered in the destination folders. There were already some occasions when directories like these were found, leading to very interesting rule sets:
The files should be rendered in a safer spot and then moved to the target directory.