dr|z3d
zzz: re ygg, just deny all inbound traffic on ygg's tun i/face except for the i2p port.
zzz
still looking for somebody to make it easy for me
dr|z3d
(and then see what breaks) :)
zzz
and already tested
dr|z3d
that's about as easy as it gets. presumably you're comfortable using ufw?
zzz
not familiar
dr|z3d
how do you configure your firewall rules? iptables?
zzz
I dont. I have a router
dr|z3d
openwrt. gotta love _their_ firewall *cough*
zzz
this discussion is pointless. if you're not a ygg user, I'll await somebody who is
dr|z3d
that's a bit dismissive. I've used ygg, have it installed in various places, and understand how to lock it down. but you carry on.
zzz
I'm just looking for a tested solution, not guesses or RTFMs
dr|z3d
you want to deny all traffic aside from the i2p port, so that's exactly what you'd do. if you want to use your router to do that, shouldn't be hard. or you can use a firewall in ubuntu which may give you extra piece of mind. easiest method is ufw + gufw. gufw is a front end to ufw which works with iptables. couldn't be much simpler than that.
zzz
"I've never done it but it shouldn't be that hard" is the worst kind of non-answer when I'm looking for a tested solution
dr|z3d
no, you misunderstand. I'm saying it shouldn't be that hard for someone not familiar with ufw to configure it via gufw. trivial, in fact.
zzz
if I'm asking how to make a sandwich, sure. For a security-critical thing, I'm looking for somebody who's done it before
dr|z3d
this may also help you get up to speed: maketecheasier.com/install-yggdrasil-network
eyedeekay
I'll try out the instructions from the ArchWiki this weekend and share whatever script I come up with, they look like a good place to start
eyedeekay
The gist is "Start by dropping everything on the tun interface corresponding to the yggdrasil connection, then accept on the services I want"