Option to disable I2P's Listen Ports

[Searinox]

In some cases for certain users it may not be possible to forward the ports that I2P listens to. This is okay for I2P since it has mechanisms in place to operate without open ports.

However, it would be nicer if users in these situations could disable the listen ports altogether so that other I2P nodes attempting to communicate with them do not waste time and resources attempting to connect to a node's advertised ports that will never be reached, only to give up.

Something simple like a checkbox that says "Don't open ports" alongside the TCP and UDP listen port setting.

[zlatinb]

If you are referring to the TCP and UDP port used for the I2NP protocol (the protocol between I2P nodes) then it's not possible to not open those - even if the user cannot forward them, the I2P router uses other I2P nodes to "hole-punch" through firewalls.

It is possible to completely disable the TCP or UDP transports in which case the router will not open these ports at all, but it needs at least one transport in order to communicate with other I2P nodes. I'm not aware of a way for an I2P router to work if both transports are completely disabled.

[Searinox]

If this is true then my concern is unfounded.

[zlatinb]

Yeah if I remember correctly the I2P router performs a "peer test" on start-up and if it discovers the open ports are unreachable then it doesn't advertise those ports in the "NetDB" but instead chooses other I2P nodes to act as "introducers". An I2P node that wants to connect to the firewalled node then contacts an introducer, which in turn forwards a special "hole-punch" request to the firewalled node which then establishes an outgoing connection to first I2P node.

There probably is an option to force a node to behave as if it is firewalled but even then the ports get open on the local machine. Maybe it's possible to add an ability to not open ports at all.. I'll pass this along to the I2P devs and see what they say.