#i2p-dev (irc2p) | 2.10.0-10-rc | Network status http://zzz.i2p/topics/3714 | See important notes on zzz.i2p before updating | New beta site please review http://g5hrmnatotkavda5nnalr74ecvu44vigutrcb7h3qbrmsfdmoora.b32.i2p/ | Prop. 169 review Feb. 10, 8 PM UTC #ls2

#i2p-dev

/2022/03/24

Online: 62

&zzz

+R4SAS

+RN_

+T3s|4

+eche|off

+nilbog

+orignal

+postman

+qend-irc2p

+sourceress

Arch

Birdy

Danny

Irc2PGuest30010

Irc2PGuest36077

Irc2PGuest49364

Irc2PGuest51117

Irc2PGuest6564

Irc2PGuest65656

Irc2PGuest67278

Irc2PGuest74235

Irc2PGuest83482

MatrixBot

Onn4l7h

Over

Sleepy

Teeed

Yotsu

__bob_

aargh3

ac9f

acetone_

ahiru

anontor

b3t4f4c3__

cims

dr4wd3_

dr|z3d

duanin2

hababam

hagen_

leopold

makoto

marek

marek22k

noidea

not_bob_afk2

nyaa2pguy

o3d3_

poriori

profetikla

r00tobo

rapidash

solidx66

stormycloud[m]

test7363673

uop23ip

urist_

user_

w8rabbit

zelgomer

dr|z3d zzz: re ygg, just deny all inbound traffic on ygg's tun i/face except for the i2p port.

zzz still looking for somebody to make it easy for me

dr|z3d (and then see what breaks) :)

zzz and already tested

dr|z3d that's about as easy as it gets. presumably you're comfortable using ufw?

zzz not familiar

dr|z3d how do you configure your firewall rules? iptables?

zzz I dont. I have a router

dr|z3d openwrt. gotta love _their_ firewall *cough*

zzz this discussion is pointless. if you're not a ygg user, I'll await somebody who is

dr|z3d that's a bit dismissive. I've used ygg, have it installed in various places, and understand how to lock it down. but you carry on.

zzz I'm just looking for a tested solution, not guesses or RTFMs

dr|z3d you want to deny all traffic aside from the i2p port, so that's exactly what you'd do. if you want to use your router to do that, shouldn't be hard. or you can use a firewall in ubuntu which may give you extra piece of mind. easiest method is ufw + gufw. gufw is a front end to ufw which works with iptables. couldn't be much simpler than that.

zzz "I've never done it but it shouldn't be that hard" is the worst kind of non-answer when I'm looking for a tested solution

dr|z3d no, you misunderstand. I'm saying it shouldn't be that hard for someone not familiar with ufw to configure it via gufw. trivial, in fact.

zzz if I'm asking how to make a sandwich, sure. For a security-critical thing, I'm looking for somebody who's done it before

dr|z3d this may also help you get up to speed: maketecheasier.com/install-yggdrasil-network

eyedeekay I'll try out the instructions from the ArchWiki this weekend and share whatever script I come up with, they look like a good place to start

eyedeekay The gist is "Start by dropping everything on the tun interface corresponding to the yggdrasil connection, then accept on the services I want"