runqemu: limit slirp host port forwarding to localhost 127.0.0.1

With default slirp port forwarding config qemu listens on TCP ports 2222 and 2323 on all IP addresses available on the build host. Most use cases with runqemu only need it for localhost and it is not safe to run qemu images with root login without password enabled and listening on all available, possibly Internet reachable network interfaces. Limit qemu port forwarding to localhost 127.0.0.1 IP address. Now qemu machine SSH and telnet ports are only reachable from the build host machine, not full Internet. If qemu machine needs to be reachable from network, then it can be enabled via local.conf or machine config variable QB_SLIRP_OPT: QB_SLIRP_OPT = "-netdev user,id=net0,hostfwd=tcp::2222-:22" (From OE-Core rev: c6b1e3d50bf2feea80b70a42c6fad868fa9e6042) Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-07-19 21:09:03 +02:00 · 2022-11-14 17:50:38 +02:00 · 2022-11-14 17:50:38 +02:00 · aa3cb188b8
commit aa3cb188b8
parent 248180ab2d
1 changed files with 1 additions and 1 deletions
--- a/scripts/runqemu
+++ b/scripts/runqemu
@ -1071,7 +1071,7 @@ class BaseConfig(object):
        logger.info("Network configuration:%s", netconf)
        self.kernel_cmdline_script += netconf
        # Port mapping
-        hostfwd = ",hostfwd=tcp::2222-:22,hostfwd=tcp::2323-:23"
+        hostfwd = ",hostfwd=tcp:127.0.0.1:2222-:22,hostfwd=tcp:127.0.0.1:2323-:23"
        qb_slirp_opt_default = "-netdev user,id=net0%s,tftp=%s" % (hostfwd, self.get('DEPLOY_DIR_IMAGE'))
        qb_slirp_opt = self.get('QB_SLIRP_OPT') or qb_slirp_opt_default
        # Figure out the port