The documentation refers to the http server running on
127.0.0.1:5555 only, however doing a netstat -anp will
"tcp 0 0 0.0.0.0:5555 0.0.0.0:* LISTEN -"
This shows that there is a listen for tcp 5555 on ALL
interface, and will accept any source.
I believe the error in code is in HttpServer.cpp line186
"server.sin_addr.s_addr = INADDR_ANY;"
I believe it should read
"server.sin_addr.s_addr = inet_addr('127.0.0.1');"
I also verified there was no other code for source IP
checking - there isn't as verified by 192.168.0.0/24
and 10.0.0.0/23 ips and as well as misc internet ips.
This should be fixed on the listening line to prevent
possible overflow problems with refusing connections
past the listening state. An alternative would be to
make the listen address selectable by the user.
Personally I would preffer this approach as I am using
peerguardian on my linux transparent brouter/firewall.
Also on a related front, it should be possible to have
pg interface to the FORWARD chain as with out this is
will not filter routed packets.. which in the case of a
router with would be desired. I've already accomplished
this via my own hack to the source code.