vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Firewall: add warning message, saying that during boot, all interfaces are loaded before firewall. (#1524)

Browse Source
This commit is contained in:
Nicolás Fort 2024-08-17 05:23:09 -03:00 committed by GitHub
parent 5410ab6dcc
commit 1831fb6d97
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/configuration/firewall/index.rst
View File

@ -4,6 +4,11 @@
Firewall
########
.. warning:: Due to a race condition that can lead to a failure during boot
process, all interfaces are initialized before firewall is configured. This
leads to a situation where the system is open to all traffic, and can be
considered as a security risk.
As VyOS is based on Linux it leverages its firewall. The Netfilter project
created iptables and its successor nftables for the Linux kernel to
work directly on packet data flows. This now extends the concept of