conntrackd: restrict multicast reception

Bind the socket to the multicast address specified by {IPv4,IPv6}_address
to discard unicast UDP packets and multicast traffic not coming to the
dedicated interface. There is already code to restrict the interface
but the socket was bound to any address.

Without this patch, multicast sync messages can be received from any
interface if your firewall policy does not restrict the interface used
for sending and receiving them.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1819
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

0 files changed, 0 insertions, 0 deletions