flokli
commented
2 weeks ago Isn't this something that can already be solved on the nftables/iptables layer?
Open LeeSmet opened 2 weeks ago
flokli
commented
2 weeks ago Isn't this something that can already be solved on the nftables/iptables layer?
iwanbk
commented
2 weeks ago Isn't this something that can already be solved on the nftables/iptables layer?
maybe to make it work on different OS?
flokli
commented
2 weeks ago Probably, though there's some small distinctions here. Are we talking about networking traffic destined to the local node, messages in general, forwarding, …
LeeSmet
commented
1 week ago This would be for packets destined to the local node yes. Essentially it would sit just before the tun interface for incoming packets
File based whitelist filter which specified allowed remotes (subnet/ip/pub key), which can talk to the local node. Ideally this includes src and dst port as well. By default, non listed addresses cause the packet to get dropped.