TryQuiet / quiet

A private, p2p alternative to Slack and Discord built on Tor & IPFS

https://www.tryquiet.org

GNU General Public License v3.0

1.98k stars 86 forks source link

Libp2p is listening on 0:0:0:0 and globally reachable #1925

Open holmesworcester opened 1 year ago

holmesworcester commented 1 year ago

Right now, Tor onion address incoming connections are forwarded to libp2p, which listens on 0:0:0:0. Instead, it should listen on 127.0.0.1 or in such a way that it is only reachable by Tor.

holmesworcester commented 1 year ago

1897 mitigates this and should make it impossible to connect to peers but we should still fix this.