-
-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature request] There should be an option to only allow trough tcp protocol for security reasons. #1129
Comments
Rethink only allows ICMP, TCP, and UDP. So, by blocking UDP, you're getting close to what you're asking for. Not sure, if blocking ICMP is okay. |
Thank you for the quick response. Icmp allows wakeon wlan. Im not pro enough to understand the drivers source code, but ive been told nasty things can be done with icmp. |
Thank you for the quick response. Icmp allows wakeon wlan. Im not pro enough to understand the drivers source code, but ive been told nasty things can be done with icmp.
I wrote this because my uptodate android device has been infected with a spyware when every android component was firewalled. |
If every android component and app is firewalled, and the hackers still able to install software from remote to the phone, than there must be a vulnerability in the android system itself. (In the kernel and/or a system service) |
OEMs apps and services can bypass Rethink #224 (and root-based firewalls, if they are not careful enough). As a rule of thumb, if you can't trust OEMs, no amount of protections matter (see: https://en.wikipedia.org/wiki/Trusted_computing_base) |
There are other protocols which are unwanted or dangerous.
I know udp already can be blocked, except ntp and dns.
I would recommend a setting which allows only tcp protocol to drop all the rest.
The text was updated successfully, but these errors were encountered: