Lokinet Only Firewall (Add Documentation) if possible #2152
Comments
ghost
added
the
|
see #2140 on the topic of improvements i want to do. on the topic of that law, the technical details of lokinet or any other software are irrelevant as the usa federal government asserts they are competent enough to decide whether or not anyone is applicable to it. with the status quo in the usa, they decide who to smack down, who is guilty and who is exempt. everyone else's opinions are irrelevant as the blunt object they are building is too easy to use to smack everything that dares move with great prejudice. it is a sign of an irrefutably broken political leadership when they submit these "just do something" bills. if they really want to "just do something" the first item of the something they should try is jumping off a cliff. you should consider actively vocally shunning and publicly shaming any entity who entertains such legislation regardless of their political affinity or public office. i am not a fan of idiot politicians and thier pet NGOs. but i digress such discussion is out of scope of this issue tracker. |
majestrate
added
duplicate
|
To configure your firewall system to allow only Lokinet traffic, you can use the following firewall rules: Allow traffic on port 1194/udp: Lokinet uses port 1194/udp to communicate with other nodes in the network. You should allow traffic on this port. Block all other traffic: To prevent leaks, you should block all other traffic. This will ensure that only Lokinet traffic is allowed through the firewall. Here is an example of how to implement these rules using iptables: To configure your system environment to go through Lokinet, you can set the http_proxy and https_proxy environment variables to point to your Lokinet SOCKS proxy. Here is an example: To configure wget and curl to use Lokinet only, you can use the Note that you will need to have Lokinet running and listening on port 1090 for these commands to work. |
|
lokinet does not use udp/1194 for all wire proto traffic. it can be any udp port on the service node that they use. you should pin the outbound udp port you use locally instead and firewall based on that. |
@majestrate I agree with your response about the RESTRICT Act. Just worried about future for certain projects if passed. @hashmap0x012 Then setting in wget or this:
and then curl or set an alias for curl in Would Stream isolation be possible with Lokinet? @majestrate or |
|
stream isolation should be in with #2119 |
So no need to set in the /etc/environment to isolate? |
|
isolation metric is ipv6 flow label. see the sysfs tunable for linux that controls how the kernel determines the defaults, |
|
i'll review what we can do for windows next week. |
|
note to self: we also need to do docs for win32 and macos on this front. |
|
note: the proper term here isn't stream isolation, it's flow isolation since it's not done JUST on tcp, but on unicast ip flows. |
this is not correct. if you want to do this with a firewall, you'll want to pin your outbound udp port that lokinet uses, replace then you'll want to do a rule that allows udp on that source port, where then the remaining firewall rules you care for go here. |
Add Documentation
To firewall system to have Lokinet only traffic similar to a VPN or Tor only Firewall rules to prevent leaks. Also if its possible add documentation on how set system environment to go through Loki and config wget and curl to use lokinet only.
Device and Operating system:
P.S. - Will the RESTRICT Act if passed effect projects like Lokinet?
The text was updated successfully, but these errors were encountered: