Reduce attack surface with firewall hardening
Originally created by @intrigeri on #11391 (Redmine)
Following up on “[Tails-dev] Reducing attack surface of kernel and tightening firewall/sysctls”:
- Disable netfilter’s
nf_conntrack_helper - don’t accept RELATED packets
- Enable Packetization Layer Path MTU Discovery for IPv4 (needed once we drop RELATED packets, and may fix unrelated problems)
Feature Branch: feature/11391-firewall-hardening
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information