Closed Merith-TK closed 1 year ago
I am not a Windows expert by any means but I was always under the understanding that Windows Firewall will treat all interfaces as Public until otherwise configured.
I guess if Windows is mis-classifying the interface as something more trustworthy (which may be the fault of the Wintun driver), or if it is allowing connections on a Public interface (probably a user configuration thing somewhere), then it makes sense that incoming connections would not be filtered.
Well it is not showing up as any form of connection to configure, all I can find is in the "Network Connections" control panel, and even then there is little to no configuration options for it. And windows, as of windows 8.1 no longer asks if the network you connect to is a home or public network,
and the places it does show up, it reports that it is disconnected when I am able to use it just fine
yes, all your ports will be opened (if you have firewall disabled) all ports like 3389, 139, will be available by your ipv6 address
To disable incoming connections by default you need to flag Yggdrasil network interface as Public
.
You can do this by running this command in admin PowerShell:
Set-NetConnectionProfile -Name "Yggdrasil" -NetworkCategory Public
for linux exist same command?
Linux would have you use IP Tables, also Linux doesnt open a bunch of unnessecary ports like windows so unless you have an ssh server running on your computer, your pretty much good, if you do, look into iptables
Linux would have you use IP Tables, also Linux doesnt open a bunch of unnessecary ports like windows so unless you have an ssh server running on your computer, your pretty much good, if you do, look into
iptables
I think it would be better just to bind SSH server to any specific IPv4 address.
I am running windows 11 and I have noticed that yggdrasil does not show up in any of windows's firewall settings outside as a network interface.
I have also found that others are just straight up able to directly connect to open ports on my machine, I had some a few friends test port
:80
,:443
, and several random minecraft "open to lan" ports, and all were able to connect without issue.it appears that every single port, regardless of what it is, on a windows machine is open, which is concerning due to windows security issues that have been around for a while.
This is a serious concern I have as it feels like I have my computer connected directly inplace of a router to the clearnet, which anyone can just scan and find open ports on and exploit them as i have gotten no firewall pop up for windows, which is concerning as even for docker, I had to allow a firewall popup