mirror of
https://github.com/sshuttle/sshuttle.git
synced 2024-11-25 09:23:48 +01:00
Listen on localhost:0 instead of 0.0.0.0:0 by default.
This avoids any possible problem caused by other people on your network using you as a proxy. If you want to allow this, you can force it back to the old way using the --listen option. Thanks to 'tass' on github for reporting portscans that revealed this potential security problem.
This commit is contained in:
parent
cca69eb496
commit
7fa1c3c4e4
2
main.py
2
main.py
@ -49,7 +49,7 @@ sshuttle [-l [ip:]port] [-r [username@]sshserver[:port]] <subnets...>
|
||||
sshuttle --firewall <port> <subnets...>
|
||||
sshuttle --server
|
||||
--
|
||||
l,listen= transproxy to this ip address and port number [0.0.0.0:0]
|
||||
l,listen= transproxy to this ip address and port number [127.0.0.1:0]
|
||||
H,auto-hosts scan for remote hostnames and update local /etc/hosts
|
||||
N,auto-nets automatically determine subnets to route
|
||||
python= specify the name/path of the python interpreter on the remote server [python]
|
||||
|
12
sshuttle.md
12
sshuttle.md
@ -1,6 +1,6 @@
|
||||
% sshuttle(8) Sshuttle 0.42
|
||||
% sshuttle(8) Sshuttle 0.44
|
||||
% Avery Pennarun <apenwarr@gmail.com>
|
||||
% 2010-11-09
|
||||
% 2010-12-31
|
||||
|
||||
# NAME
|
||||
|
||||
@ -41,7 +41,13 @@ entire subnet to the VPN.
|
||||
-l, --listen=*[ip:]port*
|
||||
: use this ip address and port number as the transparent
|
||||
proxy port. By default sshuttle finds an available
|
||||
port automatically, so you don't need to override it.
|
||||
port automatically and listens on IP 127.0.0.1
|
||||
(localhost), so you don't need to override it, and
|
||||
connections are only proxied from the local machine,
|
||||
not from outside machines. If you want to accept
|
||||
connections from other machines on your network (ie. to
|
||||
run sshuttle on a router) try enabling IP Forwarding in
|
||||
your kernel, then using `--listen 0.0.0.0:0`.
|
||||
|
||||
-H, --auto-hosts
|
||||
: scan for remote hostnames and update the local /etc/hosts
|
||||
|
Loading…
Reference in New Issue
Block a user