Open LeeSmet opened 2 weeks ago
Isn't this something that can already be solved on the nftables/iptables layer?
Isn't this something that can already be solved on the nftables/iptables layer?
maybe to make it work on different OS?
Probably, though there's some small distinctions here. Are we talking about networking traffic destined to the local node, messages in general, forwarding, …
This would be for packets destined to the local node yes. Essentially it would sit just before the tun interface for incoming packets
File based whitelist filter which specified allowed remotes (subnet/ip/pub key), which can talk to the local node. Ideally this includes src and dst port as well. By default, non listed addresses cause the packet to get dropped.