because #udp is shit and doesnt support #anonymity protocols like tor, lets make ...

npub1kf8…gu9w

2023-08-26 11:32:34

because #udp is shit and doesnt support #anonymity protocols like tor, lets make system #anonymous again. create #iptables rules to block basically all udp traffic. here i added two exceptions. first is to allow dns lookops in port 53, this way your #curl duckduckgo.com still works

second exception is 51820 port which is wireguard vpn uses by default, so if you need to connect to vpn, you need that one.

the last rule drops all other udp connections. here are the rules to add:

sudo iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
sudo iptables -A OUTPUT -p udp --dport 51820 -j ACCEPT
sudo iptables -A OUTPUT -p udp -j DROP

now lets test bittorrenting. i tried to add some normal http/https trackers from this list https://raw.githubusercontent.com/ngosang/trackerslist/master/trackers_best.txt to a popular torrent.

at first it seemed like #bittorrent didnt connect, but now it seems to download

lets try #ipfs:
ipfs swarm peers

it shows only tpc connections
excellent

however
sudo netstat -tulpn

still shows some udp connections. im not sure if these are real connected connections of not(?)

so here was some testing made. make your own decisions whether this works well enough or not

after blocking all udp traffic, using command like torify should be much less likely to leak your #ip

Author Public Key

npub1kf8sau5dejmcmfmzzj256rv728p5w7s0wytdyz8ypa0ne0y6k0vswhgu9w

Show more details

Published at

2023-08-26 11:32:34

Kind type

1 Short Text Note

Event JSON

{ "id": "c4bd6c95e47c9e2049c4bf145ea7e9b074071c0f0ece652f16bc6a420e086360", "pubkey": "b24f0ef28dccb78da76214954d0d9e51c3477a0f7116d208e40f5f3cbc9ab3d9", "created_at": 1693049554, "kind": 1, "tags": [ [ "t", "udp" ], [ "t", "anonymity" ], [ "t", "anonymous" ], [ "t", "iptables" ], [ "t", "curl" ], [ "t", "bittorrent" ], [ "t", "ipfs" ], [ "t", "ip" ] ], "content": "because #udp is shit and doesnt support #anonymity protocols like tor, lets make system #anonymous again. create #iptables rules to block basically all udp traffic. here i added two exceptions. first is to allow dns lookops in port 53, this way your #curl duckduckgo.com still works\n\nsecond exception is 51820 port which is wireguard vpn uses by default, so if you need to connect to vpn, you need that one.\n\nthe last rule drops all other udp connections. here are the rules to add:\n\nsudo iptables -A OUTPUT -p udp --dport 53 -j ACCEPT\nsudo iptables -A OUTPUT -p udp --dport 51820 -j ACCEPT\nsudo iptables -A OUTPUT -p udp -j DROP\n\nnow lets test bittorrenting. i tried to add some normal http/https trackers from this list https://raw.githubusercontent.com/ngosang/trackerslist/master/trackers_best.txt to a popular torrent.\n\nat first it seemed like #bittorrent didnt connect, but now it seems to download\n\nlets try #ipfs:\nipfs swarm peers\n\nit shows only tpc connections\nexcellent\n\nhowever\nsudo netstat -tulpn\n\nstill shows some udp connections. im not sure if these are real connected connections of not(?)\n\nso here was some testing made. make your own decisions whether this works well enough or not\n\nafter blocking all udp traffic, using command like torify should be much less likely to leak your #ip", "sig": "e8ee9f11dbc97b5cdf63caa6acf6354d842ca9ffa503c81754f8391818b0d7c7ca5f95616837123139941898294b429ac646fda30e02d4d4b44de30d83ceeb84" }