Feature request: Firewall, port redirection

[Revertron]

Security

Normally, mobile devices use some NAT'ed networks or are firewalled by their ISPs. But if we create true-p2p network where every user gets "white" IP-address we may have a problem in terms of unsolicited actions by any bad actors in network.

I propose we implement some kind of filtering that will let through only outgoing and established connections as it is advised everywhere where we talk about configuring firewalls. I think that Android OS has some kind of firewall itself, but I'm not sure about decent configuration of it.

Features

Imagine, if you could host some website on your old mobile device? Just install some HTTP-server and use it to to serve some pages and files? Current state of Android app enables you to do this already, but (without root) not on low ports < 1024. But if your users want to get to your site you will need to make all links include port, like my-awesome-ygg-page.com:8080 or so. This is not aesthetic and not memorable.

Also, if we want to use DNS-server on local mobile device we can't bind to port 53 (again without root), and that is the only port that OS will use to make requests. But we can configure our own Ygg-address as DNS-server in already available UI and "patch" packets on TUN to change the ports.

[flikites]

Would love to see this happen.

[neilalexander]

I don’t believe this to be Android-specific, but instead a general Yggdrasil consideration. We might want to move this as a result, as it is true on all platforms.

[flikites]

I don’t believe this to be Android-specific, but instead a general Yggdrasil consideration. We might want to move this as a result, as it is true on all platforms.

I agree.

[basilgello]

Now we have yggstack for this purpose. If we integrate necessary parts into native library and adapt interface similar to Orbot (SOCKS/VPN mode, app selection, port forwarding view), we can solve this issue and maybe several others.