caclmgrd: remove permit source port 179 (#9827)
[Caclmgrd] Remove insecure opening of source port 179 Signed-off-by: Christian Svensson <blue@cmd.nu>
This commit is contained in:
parent
5ce75acfa5
commit
d540492834
@ -501,9 +501,7 @@ class ControlPlaneAclManager(daemon_base.DaemonBase):
|
||||
# Add iptables/ip6tables commands to allow all incoming BGP traffic
|
||||
# TODO: Determine BGP ACLs based on configured device sessions, and remove this blanket acceptance
|
||||
iptables_cmds.append(self.iptables_cmd_ns_prefix[namespace] + "iptables -A INPUT -p tcp --dport 179 -j ACCEPT")
|
||||
iptables_cmds.append(self.iptables_cmd_ns_prefix[namespace] + "iptables -A INPUT -p tcp --sport 179 -j ACCEPT")
|
||||
iptables_cmds.append(self.iptables_cmd_ns_prefix[namespace] + "ip6tables -A INPUT -p tcp --dport 179 -j ACCEPT")
|
||||
iptables_cmds.append(self.iptables_cmd_ns_prefix[namespace] + "ip6tables -A INPUT -p tcp --sport 179 -j ACCEPT")
|
||||
|
||||
# Get current ACL tables and rules from Config DB
|
||||
self._tables_db_info = self.config_db_map[namespace].get_table(self.ACL_TABLE)
|
||||
|
Loading…
Reference in New Issue
Block a user