Hi!
You can dissallow access to local hosts/nets with it's permission
file. In my case I've done this by clearing the appropriate bit
in the perms file and setting localnet to 192.168.1.0/24 which
works for the loopback and the network mentioned.
On the other hand I've allowed access to ampr.org addresses
which makes it useless to disallow localnets, because you can
then do "telnet 44.143.216.14" in my case (address of my ampr.org
interface) and have exactly the same as "telnet localhost".
config.c
static int is_local(unsigned long peer)
{
return ((peer & LocalMask) == LocalNet) || ((peer & 0xff) == 127);
}
It seems that it only checks for localnet and loopback.
Now I've done a dirty hack:
int check_perms(int what, unsigned long peer)
{
if (peer == 0x0ED88F2C) return -1; // 44.143.216.14 disallow!
if (what == PERM_TELNET) {....
In my scenario it was even more dangerous. I had permission
255 for users logging in from localhost and a node line in inetd
which allows me to access it from my network. Access from the
internet is blocked with a firewall. I thought that it's safe until I tried
to "telnet 44.143.216.14 3600" from the radio and got a new
node session with all rights.
Maybe someone can write a more beautiful fix in is_local that
reads IPs from all the local interfaces and checks for them.
73, Robert
OE8RSQ
