Avatar
noname 2y ago

because #udp is shit and doesnt support #anonymity protocols like tor, lets make system #anonymous again. create #iptables rules to block basically all udp traffic. here i added two exceptions. first is to allow dns lookops in port 53, this way your #curl duckduckgo.com still works

second exception is 51820 port which is wireguard vpn uses by default, so if you need to connect to vpn, you need that one.

the last rule drops all other udp connections. here are the rules to add:

sudo iptables -A OUTPUT -p udp --dport 53 -j ACCEPT

sudo iptables -A OUTPUT -p udp --dport 51820 -j ACCEPT

sudo iptables -A OUTPUT -p udp -j DROP

now lets test bittorrenting. i tried to add some normal http/https trackers from this list https://raw.githubusercontent.com/ngosang/trackerslist/master/trackers_best.txt to a popular torrent.

at first it seemed like #bittorrent didnt connect, but now it seems to download

lets try #ipfs:

ipfs swarm peers

it shows only tpc connections

excellent

however

sudo netstat -tulpn

still shows some udp connections. im not sure if these are real connected connections of not(?)

so here was some testing made. make your own decisions whether this works well enough or not

after blocking all udp traffic, using command like torify should be much less likely to leak your #ip

Reply to this note

Please Login to reply.

Discussion

Avatar
noname 2y ago

with some firewall changes, you can afaik, seed ipfs content on tor without ip leak. the idea is to block udp, because it bypasses tor. got like 10 peers with only tcp, but that is enough to propagate content to the network.

sudo iptables -A OUTPUT -p udp --dport 53 -j ACCEPT

sudo iptables -A OUTPUT -p udp --dport 51820 -j ACCEPT

sudo iptables -A OUTPUT -p udp -j DROP

torify ipfs daemon

nostr:note1py8j85vlulyr9vx57zsggqcphh7gj83gjdnyjtdwj6qjaumelshq4q6nfr

nostr:note1cj7ke90y0j0zqjwyhu29aflfkp6qw8q0pm8x2tckh34yyrsgvdsq4eyndy

Avatar
James 2y ago

How do you feel about Arweave ? Sites accessed via wallet #Arconnect?