m1k1o
commented
2 years ago You have multiple solutions:
- You can either block this with browser itself, or use forced proxy that decides what can be accessed.
- You can put neko on a different subnet.
- You can apply iptables or use firewall to block such connections.
Generally speaking according to best practices, neko should be installed in DMZ so that all of this should be handled by the server or your network.
Is there a way (or if not, could one be added) to prevent users within neko from connecting to local IPs within its hosted network?
for example - Neko is hosted on a docker instance on IP 192.168.1.10, is networked to a custom network directly to a reverse proxy and is in bridge network such that the UDP ports work correctly. A user within the neko instance can go to address 192.168.1.1. How can this be prevented?