review.fuel-infra Code Review - puppet-modules/puppetlabs-firewall.git/commit

]> review.fuel-infra Code Review - puppet-modules/puppetlabs-firewall.git/commit

Code Review / puppet-modules / puppetlabs-firewall.git / commit

author	Rudy Grigar <rudy@grigar.net>
	Wed, 12 Aug 2015 18:25:16 +0000 (11:25 -0700)
committer	Rudy Grigar <rudy@grigar.net>
	Wed, 12 Aug 2015 18:25:16 +0000 (11:25 -0700)
commit	6ecf2118b28f7714cdd4c6d6c8aa2d3d43a3ba66
tree	7cea8e4192a9b8a44138d7b5bc6f2613ee7b5168	tree \| snapshot
parent	f77dc9016e6d21185c5bf1a2ef08a0c1fb9cd304	commit \| diff

Always use dport

Using 'port' allows you to spoof a source port and offers a backdoor by sending a different destination port. sport 80 -> dport 11211 would be valid for 'port => 80' and give access to a memcache instance (port 11211) running on the server.

README.markdown

diff | blob | history

RSS Atom