On Fri, Apr 14, 2017, at 20:22, Florian Westphal wrote: > We lack a saddr check for ::1. This causes security issues e.g. with acls > permitting connections from ::1 because of assumption that these > originate > from local machine. > > Assuming a source address of ::1 is local seems reasonable. > RFC4291 doesn't allow such a source address either, so drop such packets. > > Reported-by: Eric Dumazet <eduma...@google.com> > Signed-off-by: Florian Westphal <f...@strlen.de>
Acked-by: Hannes Frederic Sowa <han...@stressinduktion.org> Thanks!
