Closed TheGreatestJannet closed 3 years ago
loffa
commented
3 years ago This can be resolved on the docket host by blocking access to the network from the docket interface in the host machines firewall. Stack overflow
I don't know if the browser inside of Neko could handle a blocklist of that kind that can be reloaded at runtime.
TheGreatestJannet
commented
3 years ago Blocking it from within firefox would be a much easier solution it seems. Maybe adding variables to the firefox container to with IPs to block. If this isn't possible then iptables could be a solution.
nurdism
commented
3 years ago iptables is the solution on this one, adding a block to firefox would not be secure. That would be like putting a wall in front of you that you could just walk around.
I don't recommend you use neko publicly, there are potentially a lot of other attack vectors that can be used, neko was not made to be used publicly, just between friends to hang out.
but yeah that being said, if you want to block something, it must be at host level or in the containers internal networking, I've heard a few people talking about using proxies to filter out bad requests.
I'm going to close this as this is not really in the scope of neko itself, more of docker networking .
TheGreatestJannet
commented
3 years ago That's fine thanks for explaining!
m1k1o
commented
3 years ago @TheGreatestJannet depends on usecase, but VPN would be solution. I recently published my VPN neko stack, maybe you would be interested.
Is your feature request related to a problem? Please describe. I would like a way to block Neko access to local devices. This is important to prevent users from accessing router settings or other local devices.
Describe the solution you'd like Block access to local devices.