| Version | Supported |
|---|---|
| 0.1.x | ✅ Active development |
Do not open a public issue. Please report security vulnerabilities privately:
- Email: security@pingless.org (PGP key available on request)
- Discord: DM
anavgbeingin the PingLess Studios Discord
We aim to respond within 48 hours and provide a fix timeline within 72 hours.
RouteX operates as a reverse proxy with kernel-level (iptables) and application-level (Go) defenses. Security considerations:
- iptables rules require
CAP_NET_ADMIN— the systemd service file grants this automatically - API keys are stored in YAML config files — restrict file permissions appropriately
- TLS for the management API is supported via
api.tlsconfig - TLS passthrough for proxy traffic forwards encrypted bytes without inspection
- L7 engine runs in-process with no external dependencies
- ACL system supports global + per-proxy whitelist/blacklist
- Use strong, unique API keys
- Enable TLS on the management API if exposed to networks
- Regularly review iptables orphan rules via
POST /api/iptables/orphan-sweep - Monitor L7 events via
/api/l7/eventsfor attack patterns - Set bandwidth quotas to prevent unexpected overages