mirror of
https://github.com/sshuttle/sshuttle.git
synced 2024-11-26 01:43:29 +01:00
Avoid port forwarding from loopback address
When doing port forwarding on lo0 avoid the special case where the traffic on lo0 did not came from sshuttle pass out rule but from the lo0 address itself. Fixes #159.
This commit is contained in:
parent
be559fc78b
commit
4e8c2b9c68
@ -189,8 +189,8 @@ class FreeBsd(Generic):
|
|||||||
|
|
||||||
tables = []
|
tables = []
|
||||||
translating_rules = [
|
translating_rules = [
|
||||||
b'rdr pass on lo0 %s proto tcp to %s '
|
b'rdr pass on lo0 %s proto tcp from ! %s to %s '
|
||||||
b'-> %s port %r' % (inet_version, subnet, lo_addr, port)
|
b'-> %s port %r' % (inet_version, lo_addr, subnet, lo_addr, port)
|
||||||
for exclude, subnet in includes if not exclude
|
for exclude, subnet in includes if not exclude
|
||||||
]
|
]
|
||||||
filtering_rules = [
|
filtering_rules = [
|
||||||
|
@ -199,7 +199,7 @@ def test_setup_firewall_darwin(mock_pf_get_dev, mock_ioctl, mock_pfctl):
|
|||||||
call('-s all'),
|
call('-s all'),
|
||||||
call('-a sshuttle6-1024 -f /dev/stdin',
|
call('-a sshuttle6-1024 -f /dev/stdin',
|
||||||
b'table <dns_servers> {2404:6800:4004:80c::33}\n'
|
b'table <dns_servers> {2404:6800:4004:80c::33}\n'
|
||||||
b'rdr pass on lo0 inet6 proto tcp to '
|
b'rdr pass on lo0 inet6 proto tcp from ! ::1 to '
|
||||||
b'2404:6800:4004:80c::/64 port 8000:9000 -> ::1 port 1024\n'
|
b'2404:6800:4004:80c::/64 port 8000:9000 -> ::1 port 1024\n'
|
||||||
b'rdr pass on lo0 inet6 proto udp '
|
b'rdr pass on lo0 inet6 proto udp '
|
||||||
b'to <dns_servers> port 53 -> ::1 port 1026\n'
|
b'to <dns_servers> port 53 -> ::1 port 1026\n'
|
||||||
@ -248,7 +248,7 @@ def test_setup_firewall_darwin(mock_pf_get_dev, mock_ioctl, mock_pfctl):
|
|||||||
call('-s all'),
|
call('-s all'),
|
||||||
call('-a sshuttle-1025 -f /dev/stdin',
|
call('-a sshuttle-1025 -f /dev/stdin',
|
||||||
b'table <dns_servers> {1.2.3.33}\n'
|
b'table <dns_servers> {1.2.3.33}\n'
|
||||||
b'rdr pass on lo0 inet proto tcp to 1.2.3.0/24 '
|
b'rdr pass on lo0 inet proto tcp from ! 127.0.0.1 to 1.2.3.0/24 '
|
||||||
b'-> 127.0.0.1 port 1025\n'
|
b'-> 127.0.0.1 port 1025\n'
|
||||||
b'rdr pass on lo0 inet proto udp '
|
b'rdr pass on lo0 inet proto udp '
|
||||||
b'to <dns_servers> port 53 -> 127.0.0.1 port 1027\n'
|
b'to <dns_servers> port 53 -> 127.0.0.1 port 1027\n'
|
||||||
@ -296,8 +296,8 @@ def test_setup_firewall_freebsd(mock_pf_get_dev, mock_ioctl, mock_pfctl):
|
|||||||
call('-s all'),
|
call('-s all'),
|
||||||
call('-a sshuttle6-1024 -f /dev/stdin',
|
call('-a sshuttle6-1024 -f /dev/stdin',
|
||||||
b'table <dns_servers> {2404:6800:4004:80c::33}\n'
|
b'table <dns_servers> {2404:6800:4004:80c::33}\n'
|
||||||
b'rdr pass on lo0 inet6 proto tcp to 2404:6800:4004:80c::/64 '
|
b'rdr pass on lo0 inet6 proto tcp from ! ::1 to '
|
||||||
b'port 8000:9000 -> ::1 port 1024\n'
|
b'2404:6800:4004:80c::/64 port 8000:9000 -> ::1 port 1024\n'
|
||||||
b'rdr pass on lo0 inet6 proto udp '
|
b'rdr pass on lo0 inet6 proto udp '
|
||||||
b'to <dns_servers> port 53 -> ::1 port 1026\n'
|
b'to <dns_servers> port 53 -> ::1 port 1026\n'
|
||||||
b'pass out quick inet6 proto tcp to '
|
b'pass out quick inet6 proto tcp to '
|
||||||
@ -343,8 +343,8 @@ def test_setup_firewall_freebsd(mock_pf_get_dev, mock_ioctl, mock_pfctl):
|
|||||||
call('-s all'),
|
call('-s all'),
|
||||||
call('-a sshuttle-1025 -f /dev/stdin',
|
call('-a sshuttle-1025 -f /dev/stdin',
|
||||||
b'table <dns_servers> {1.2.3.33}\n'
|
b'table <dns_servers> {1.2.3.33}\n'
|
||||||
b'rdr pass on lo0 inet proto tcp to 1.2.3.0/24 -> '
|
b'rdr pass on lo0 inet proto tcp from ! 127.0.0.1 '
|
||||||
b'127.0.0.1 port 1025\n'
|
b'to 1.2.3.0/24 -> 127.0.0.1 port 1025\n'
|
||||||
b'rdr pass on lo0 inet proto udp '
|
b'rdr pass on lo0 inet proto udp '
|
||||||
b'to <dns_servers> port 53 -> 127.0.0.1 port 1027\n'
|
b'to <dns_servers> port 53 -> 127.0.0.1 port 1027\n'
|
||||||
b'pass out quick inet proto tcp to 1.2.3.66/32 port 80:80\n'
|
b'pass out quick inet proto tcp to 1.2.3.66/32 port 80:80\n'
|
||||||
|
Loading…
Reference in New Issue
Block a user