You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
NanoKVM v1.3.0 image (20241120_NanoKVM_Rev1_3_0.img.xz) comes with IPv4 and IPv6 routing enabled, with firewall accepting all routed connections unconditionally.
When IP forwarding is enabled, the device can potentially forward packets between different networks, which might expose internal network to unauthorized access or attacks. https://www.tenable.com/plugins/nessus/50686
NanoKVM is not a router, hence this function should be disabled.
Good, thanks for informing.
I have a DMZ, /30, just for the nanoKVM. This network doesn't have IPv6 enabled and it is blocked to reach any other VLAN in my network, only Internet access is allowed (for tailscale).
NanoKVM v1.3.0 image (20241120_NanoKVM_Rev1_3_0.img.xz) comes with IPv4 and IPv6 routing enabled, with firewall accepting all routed connections unconditionally.
When IP forwarding is enabled, the device can potentially forward packets between different networks, which might expose internal network to unauthorized access or attacks.
https://www.tenable.com/plugins/nessus/50686
NanoKVM is not a router, hence this function should be disabled.
Forwarding is enabled by
/etc/sysctl.d/99-tailscale.conf
, which I assume is not necessary for the client configuration.Workaround:
The text was updated successfully, but these errors were encountered: