Skip to content

Incomplete network segmentation between users

(Accompanied by merge request for the specific changes I have in mind)

Non-admin users have full access to each others' ranges by either:

  • Logging in to Ludus via ssh and routing traffic directly, e.g. user2 poking 10.3.10.254
  • Adjusting their wireguard client to allow access to more routes, e.g. user2 changing their config to AllowedIPs=10.2.10.0/24

This protects users from each other, allowing use cases such as classes w/ students or exams where environments must be strictly isolated from other non-admin users.

Both of these are addressed in the merge request. A couple choices made:

  • iptables-persistent is used to save the additional rules. I see that it gets installed but not otherwise used, so I haven't seen this break anything else
  • All users have their ranges "shut off" from other users. If you want a shared range (i.e. using proxmox groups) you'll have to manually add the rules via iptables. This aligns with the manual group creation that happens anyway; state isn't stored in the Ludus db.
  • The ludus and root users have full access to all ranges.