Network hardening / firewall settings

DutchSparky · December 24, 2021, 10:42pm

Hi All,

I`m looking for the firewall settings to configure my gateway. Can someone specify which ports are used? Then I can block the rest due to network and security hardening.

Thanks in advance!

Connoropolous · December 25, 2021, 11:44pm

Hey @DutchSparky
your system will only bind to a networking port if you ask it to, otherwise, you’re likely interested in the proxy based networking configuration, in which case, you don’t open any ports for incoming connections.

To configure, you would use this section of the networking config, translated into the yaml format holochain binary utilizes.

github.com

holochain/holochain/blob/fae37dd36ffa27b901b39f3d0ce3dcf41c89c5cb/crates/kitsune_p2p/kitsune_p2p/src/config.rs#L115-L130

    
      
          Quic {
              /// To which network interface / port should we bind?
              /// Default: "kitsune-quic://0.0.0.0:0".
              bind_to: Option<Url2>,
          
          
    /// If you have port-forwarding set up,
              /// or wish to apply a vanity domain name,
              /// you may need to override the local NIC ip.
              /// Default: None = use NIC ip.
              override_host: Option<String>,
          
          
    /// If you have port-forwarding set up,
              /// you may need to override the local NIC port.
              /// Default: None = use NIC port.
              override_port: Option<u16>,
          },

If you want a specific port and ip, you just set it for the bind_to property

kitsune-quic://127.0.0.1:8000

DutchSparky · December 26, 2021, 12:11am

Thanks, So basically only outbound.

Connoropolous · December 26, 2021, 3:12am

Yeah, in many cases