Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Information / block access to CWP from the Internet
« on: April 15, 2023, 07:04:34 AM »
Hello, after having seen https://nvd.nist.gov/vuln/detail/CVE-2022-44877 i started thinking about closing my CWP interfaces from the Internet to protect from future vulnerabilities (we all know that even if we do our best, vulnerabilities are there...)
The option i'm currently scouting are:
use iptables to block cwpsrv ports from anything but my public IP address (having a static IP address)
add a virtual interface and make cwpsrv listen on that IP or 127.0.0.1, than use ssh port forward
setup a VPN (wireguard or openvpn) and make cwpsrv listen on that IP
I see that CWP doesn't support local IPs so probably some of them are not possible, but at least blocking everything using a firewall is an option?
Do you have any other advice?
Thanks
The option i'm currently scouting are:
use iptables to block cwpsrv ports from anything but my public IP address (having a static IP address)
add a virtual interface and make cwpsrv listen on that IP or 127.0.0.1, than use ssh port forward
setup a VPN (wireguard or openvpn) and make cwpsrv listen on that IP
I see that CWP doesn't support local IPs so probably some of them are not possible, but at least blocking everything using a firewall is an option?
Do you have any other advice?
Thanks
Pages: [1]
