sendnrw/rdpgw
2
0
Fork 0
mirror of https://github.com/bolkedebruin/rdpgw.git synced 2026-05-13 19:59:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
449cd1e2fee773ce7be22ee8811767b3a5b08556
rdpgw/CHANGELOG.md
bolkedebruin 449cd1e2fe Gate hostselection=any to public destinations and a port allow-list (#188) 
The `roundrobin`, `signed`, and `unsigned` host-selection modes route
requests against an operator-curated `Server.Hosts` list. The `any`
mode does not -- it forwards to whatever `?host=` value the request
carries, which makes the gateway usable as a generic TCP relay
against whatever the gateway can reach (loopback, RFC1918, link-local,
the cloud metadata service, arbitrary high-numbered ports on public
hosts).

Add a small destination policy applied only in `any` mode:

* Reject hosts that resolve to loopback, RFC1918, IPv6 ULA,
  link-local, unspecified, or multicast addresses. Operators can opt
  back in with `Server.AllowPrivateDestinations: true`.
* Restrict the destination port to `Server.AllowedDestinationPorts`
  (default {3389}).

The other host-selection modes are unaffected -- the operator already
curates their hosts list.

The DestinationPolicy zero value is the secure default, so direct
&Handler{} constructions in tests still get the expected behavior.
DNS names are resolved at validation time and every returned address
is checked.
2026-04-30 18:42:24 +02:00

25 lines
986 B
Markdown
Raw Blame History

# Changelog
All user-visible changes to rdpgw will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and the project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
### Changed
- `server.hostselection: any` now refuses destinations that resolve to
loopback, RFC1918, link-local, IPv6 ULA, unspecified, or multicast
addresses, and only forwards to ports in `Server.AllowedDestinationPorts`
(default `[3389]`). Operators that need the old behavior can opt back in
with `Server.AllowPrivateDestinations: true` and an extended port list.
See [UPGRADING.md](UPGRADING.md) for migration notes. The other
host-selection modes (`roundrobin`, `signed`, `unsigned`) already used
the operator-curated `Server.Hosts` list and are unaffected.
### Added
- `Server.AllowedDestinationPorts` (`[]int`, default `[3389]`).
- `Server.AllowPrivateDestinations` (`bool`, default `false`).
Reference in New Issue View Git Blame Copy Permalink