Priority
High
Description
The firewall currently allows DNS queries (port 53) to ANY IP address, not just the configured DNS servers. This creates a data exfiltration vector.
Current behavior
host-iptables.ts:181-192 allows UDP/TCP port 53 to any destination- An attacker could send data to
evil-dns-server.com:53 even if that domain isn't in the allowlist
- The
--dns-servers flag is documented but not enforced in the host-level filtering rules
Expected behavior
- DNS queries should only be allowed to explicitly allowlisted DNS server IPs
- Default:
8.8.8.8 and 8.8.4.4
- User-configurable via
--dns-servers flag
Code locations
src/host-iptables.ts:181-192 - Need to restrict by destination IPsrc/host-iptables.ts:setupHostIptables() - Add dnsServers parametersrc/cli.ts - Pass DNS server IPs to setupHostIptables()
Suggested fix
// Instead of allowing port 53 to any IP:
for (const dnsServer of dnsServers) {
await execa('iptables', [
'-t', 'filter', '-A', chainName,
'-p', 'udp', '-d', dnsServer, '--dport', '53',
'-j', 'ACCEPT',
]);
// Same for TCP
}Related documentation
CLAUDE.md:226-253 documents DNS allowlisting but implementation is incomplete
Priority
High
Description
The firewall currently allows DNS queries (port 53) to ANY IP address, not just the configured DNS servers. This creates a data exfiltration vector.
Current behavior
host-iptables.ts:181-192allows UDP/TCP port 53 to any destinationevil-dns-server.com:53even if that domain isn't in the allowlist--dns-serversflag is documented but not enforced in the host-level filtering rulesExpected behavior
8.8.8.8and8.8.4.4--dns-serversflagCode locations
src/host-iptables.ts:181-192- Need to restrict by destination IPsrc/host-iptables.ts:setupHostIptables()- AdddnsServersparametersrc/cli.ts- Pass DNS server IPs tosetupHostIptables()Suggested fix
Related documentation
CLAUDE.md:226-253documents DNS allowlisting but implementation is incomplete