What is Nostr?
noname /
npub1kf8…gu9w
2023-08-26 11:32:34

noname on Nostr: because #udp is shit and doesnt support #anonymity protocols like tor, lets make ...

because #udp is shit and doesnt support #anonymity protocols like tor, lets make system #anonymous again. create #iptables rules to block basically all udp traffic. here i added two exceptions. first is to allow dns lookops in port 53, this way your #curl duckduckgo.com still works

second exception is 51820 port which is wireguard vpn uses by default, so if you need to connect to vpn, you need that one.

the last rule drops all other udp connections. here are the rules to add:

sudo iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A OUTPUT -p udp --dport 51820 -j ACCEPT
sudo iptables -A OUTPUT -p udp -j DROP

now lets test bittorrenting. i tried to add some normal http/https trackers from this list https://raw.githubusercontent.com/ngosang/trackerslist/master/trackers_best.txt to a popular torrent.

at first it seemed like #bittorrent didnt connect, but now it seems to download

lets try #ipfs:
ipfs swarm peers

it shows only tpc connections
excellent

however
sudo netstat -tulpn

still shows some udp connections. im not sure if these are real connected connections of not(?)

so here was some testing made. make your own decisions whether this works well enough or not

after blocking all udp traffic, using command like torify should be much less likely to leak your #ip
Author Public Key
npub1kf8sau5dejmcmfmzzj256rv728p5w7s0wytdyz8ypa0ne0y6k0vswhgu9w