Use IPTables to block access to internal network resources
Closedopened 6 months ago by aryak · 3 comments
Reference in New Issue
There is no content yet.
Delete Branch '%!s(<nil>)'
Deleting a branch is permanent. It CANNOT be undone. Continue?
Currently, a malicious user can access things in the internal network of @a.
Using a rule like this could prevent this.
iptables -A OUTPUT -d 192.168.1.0/24 -j REJECT --reject-with icmp-net-unreachable
With the limited testing i did, going to dsldevice.attlocal.net gave me the MAC address of the devices connected too..
I am not sure if this would mess with port forwarding tho..
I added the
ufw deny out to 192.168.1.254 port 80. I think this should be enough to prevent exposure of the MAC addresses, but let me know if more needs to be done.
https is still open @a