SamNet-dev 2aa4de7dd6 fix: add client-side firewall rules for GFK VIO port ...

GFK Linux clients had zero iptables rules, leaving the VIO client port
(default 40000) unprotected. The kernel's conntrack could drop incoming
VIO packets as INVALID, and the TCP stack would send RST responses to
the crafted VIO packets.

Added NOTRACK + INPUT DROP + RST DROP rules for GFK_VIO_CLIENT_PORT in:
- _apply_firewall() / _remove_firewall() in embedded script
- Outer install flow (replaces "no firewall rules needed")
- start-both.sh service startup script

2026-02-06 23:39:07 -06:00

290 KiB

Raw Blame History

View Raw