On 10/25/22 14:53, Luiz Angelo Daros de Luca wrote:
is much easier to let the firewall zones deal with that.
As aside, they don't see the iptables tool in the system, and don't
understand that that's been deprecated (although I since did add it
for some unrelated legacy usage), and think there's no firewall at all.
22.03? Did you read the release notes? nftables.
Luiz, I think you might have missed the context of my post - perhaps you
missed my earlier ones. I'm well aware that nftables is in use, but this
is in a security review, and they see what they want to see.
It would be better to improve the uhttpd startup script, allowing it
to bind to a list of openwrt interfaces. It is always better to
reference an existing config than to duplicate it.
Or leave the original bind address.
I agree that's a better solution. I don't think I've advocated
duplicating config though.
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
