cwinfo/yggdrasil-network.github.io
5
0
Fork 0
mirror of https://github.com/cwinfo/yggdrasil-network.github.io.git synced 2025-02-28 16:21:33 +00:00
Code Releases Activity

Add ufw FW command (#271)

Browse Source 
* Add `ufw` FW command

* Explain `ufw` default

* ...
This commit is contained in:
Per Guth 2024-04-14 17:21:41 +02:00 committed by GitHub
parent 4f2c7bc89d
commit 2cffb100ce
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
faq.md
View File

@ -30,16 +30,27 @@ No, it is not a goal of the Yggdrasil project to provide anonymity. Direct peers
Typically yes, you will be routable from other nodes on the network. If you want to restrict incoming connections to your machine, you should use an IPv6 firewall. The steps for this will vary from platform to platform.
#### Linux (with `ip6tables`)
#### Linux
Assuming your TUN/TAP adapter is named `tun0`:
##### with `ip6tables`
```
ip6tables -A INPUT -i tun0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
ip6tables -A INPUT -i tun0 -m conntrack --ctstate INVALID -j DROP
ip6tables -A INPUT -i tun0 -j DROP
```
##### with `ufw`
```
# The default of ufw is to block all incoming connections
# The following blocks incoming connections if the default has been set to allow by:
# ufw default allow
ufw deny in on tun0 proto ipv6
```
#### Windows (with Windows Firewall)
Windows, by default, should classify the TAP adapter as a "Public Network". Configure Windows Firewall to prevent incoming connections on Public networks.