Skip to content

avahi-daemon.conf requires interface whitelisting to ignore vpn interfaces #67

New issue
New issue
Open
Open
avahi-daemon.conf requires interface whitelisting to ignore vpn interfaces#67
Assignees
sarnold
Labels
distroOS or distro runtime environmentdocumentationImprovements or additions to documentationwatch itemhard to reproduce or rarely seen
@sarnold

Description

@sarnold
sarnold
opened on Sep 8, 2020

The default (as installed) avahi-daemon config allows all interfaces and denies none so it will attempt to bind to any interface it sees. The "fix" is editing the avahi-daemon.conf file to explicitly whitelist the interfaces avahi should listen on. This fix should also resolve the problem described in issue #39.

If you're not using avahi (or don't know what it is) and you're concerned about your privacy/security, then you can either a) remove the packages or b) disable and mask the service. To remove the primary avahi packages run:

sudo apt-get remove avahi-autoipd avahi-daemon avahi-utils

To keep the packages but stop any avahi services from running if you're using systemd (either Ubuntu or Gentoo) you'll need to run the following commands:

sudo systemctl disable avahi-daemon.socket avahi-daemon.service
sudo systemctl mask avahi-daemon.socket avahi-daemon.service

otherwise, for openrc run the following:

sudo /etc/init.d/avahi-daemon stop
sudo rc-update del avahi-daemon

If you are using avahi and have not modified the default config, you should uncomment the allow-interfaces line in the above config file and add your ethernet and/or wifi devices after the = (if more than one device, use a comma to separate the interface names).

Open the file in your favorite editor and change this:

use-ipv6=yes
#allow-interfaces=eth0
#deny-interfaces=eth1

to something like:

use-ipv6=yes
allow-interfaces=eth0,wlan0
#deny-interfaces=eth1

Do substitute the interface names for your system, since it may or may not be using predictable interface names. Check the names with ifconfig:

$ ifconfig 
enx000ec68929d2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet XXX.XXX.XXX.XXX  netmask 255.255.255.0  broadcast XXX.XXX.XXX.XXX
        inet6 fe80::20e:dead:beef:29d2  prefixlen 64  scopeid 0x20<link>
        ether 00:0e:c6:89:29:d2  txqueuelen 1000  (Ethernet)
        RX packets 14688  bytes 748393 (748.3 KB)
        RX errors 0  dropped 2572  overruns 0  frame 0
        TX packets 10444  bytes 2048942 (2.0 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

If ifconfig is not installed, use the ip command:

$ sudo ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether b8:27:eb:04:24:0e brd ff:ff:ff:ff:ff:ff
    inet XXX.XXX.XXX.XXX/24 brd XXX.XXX.XXX.XXX scope global dynamic eth0
       valid_lft 2019sec preferred_lft 2019sec
    inet6 fe80::dead:beef:fe04:240e/64 scope link 
       valid_lft forever preferred_lft forever

and use the displayed device name instead of eth0.

Metadata

Metadata

Assignees

Labels

distroOS or distro runtime environmentdocumentationImprovements or additions to documentationwatch itemhard to reproduce or rarely seen

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions