On Wed, 4 Apr 2018 09:00:01 -0400 James Knott <james.knott@rogers.com> wrote:
On 04/04/2018 07:51 AM, Michal Suchánek wrote:
Linux is often used as a router and I have used it as one in the past
(currently using pfSense on BSD). A router requires that function. Otherwise, it would be a useless router, if it couldn't connect to 2 networks at once.
If you're worried about it, turn off routing.
It is not about connecting to two networks. It is about connecting to two networks *separately* without leaking unneeded data between them. And that's exactly what a router or firewall is supposed to do. You completely miss the point.
Well, lets not forget that it's the user that connects to the 2 networks. If they didn't want to, then they wouldn't. Also, common practice these days is to use a firewall. Of course, for someone to take advantage of the connections to 2 networks they'd have to know about that.
What are you talking about? This is not about connecting to multiple networks. This is about not leaking information between different networks. net1 +--+ net2 | |PC| | +-----+--+----+ if1 if2 ip1 ip2 When I connect my PC to two networks I have not subscribed to connecting if2 to net1 and people in net1 should not see the ip2. Linux does show the ip2 the other devices connected to net1. This is broken and has been the default behavior in Linux for ages. These days with half dozen firewall types supported in the kernel you can probably craft a brittle firewalling rule to prevent this. However, this should not happen in the first place. As people these days still abuse this behaviour to access their WiFi IP over wired Ethernet it seems it has not changed - the bug is still there. Thanks Michal -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org