this post was submitted on 09 Sep 2023
5 points (100.0% liked)

Linux

5234 readers
112 users here now

A community for everything relating to the linux operating system

Also check out !linux_memes@programming.dev

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 1 year ago
MODERATORS
 

cross-posted from: https://programming.dev/post/2768533

I have a vm for which I have s specific whitelist only firewall. It is supposed to only allow connections to the IPs an app connects to when syncing.

I first got the sync server IP's listening to tcpdump, then when I had the IP's I activated the whitelist.

This worked perfectly for some time, but now it appears that the IP's have changed. I could do the same thing again but repeating the process regularly is annoying and defeats the whole purpose of only ever allowing network connections to specific whitelisted serves.

Alternatively, I could set up a process to only allow network traffic from that app somewhat.

Using debian-11 btw.

Any help is appreceated !!!

EDIT: I don't own the sync servers, my app simply connects them, so I can get the updated state from my other devices

you are viewing a single comment's thread
view the rest of the comments
[–] Chobbes@lemmy.world 2 points 1 year ago (2 children)

If you want this service to only be available privately, it would probably make sense to stuff it behind a VPN like wireguard, instead of making it open to the public and only accessible by specific ips.

[–] mathiuscov@programming.dev 1 points 1 year ago (1 children)

wym look into a vpn? How would that work?

[–] Chobbes@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

Ah! People think of VPNs a bit narrowly now because of all of the commercial VPN companies, but VPNs can really be what they say on the tin "virtual private networks". Basically you set aside a private IP range for your network and you can tunnel traffic between devices as though they're all on one big LAN. This is often used to access internal resources remotely, and the VPN is used to authenticate your access to various servers. So, for example I can access my home servers to clone git repos or whatever from a wireguard VPN, but those servers are otherwise not exposed on the broader internet.

I think I'm confused about your use case, though. You're using somebody else's sync servers, but you can have an IP blocklist on them? What do you mean your app connects to the sync server? What devices is the app running on? Is it just your personal devices, or is it an app that other people would use? I think some more details might help people get you to the right solution. Would be good to know why you want an IP blocklist, what this is for specifically, where the blackllist is, and what you actually have access to changing!