Eddie Firewall improvement - Suggestion

[iwih2gk 95]

I have thought about making this post a few times now. Today I am getting around to it. This will apply to members using Eddie with its ability to create a desired server list, which I use 100% of the time now. I decided to pull up the NFT firewall rules that Eddie sets when it is mounted and running. I know Eddie has a decent firewall running, BUT I feel there is an unnecessary risk by creating a firewall rule for every single server in Air’s system.

 

e.g. ----- > sudo nft list ruleset shows a rule created for hundreds/every server, and not ONLY firewall rules for the servers in my created list.

 

I don’t know how difficult it would be to have Eddie “SEE” the server IP’s in a user’s configured preference list and then only create a ruleset for those exclusively? With that configuration in place the remainder of Air’s servers would be BLOCKED from passing through tun0 in a linux instance. Similar in Windows I would think, but with different nomenclature. While only a very remote chance of a hacked server there is still at least some chance. I can’t imagine any weakness to removing firewall rules for servers not being used, but in fact would be allowed, if somehow a person got into one of those unused servers in a user's current Eddie configuration. My .02


The topic is a suggestion, but  maybe a Mod wants to move this to the Eddie forum.

[Staff 10116]

  On 12/29/2024 at 10:12 PM, iwih2gk said:

The topic is a suggestion, but  maybe a Mod wants to move this to the Eddie forum.

Hello!

It's a suggestion to take into serious consideration and yes, we will move the topic into Eddie specific forum. In the AirVPN Suite for Linux the network lock design is different and was already optimized during the initial design, exactly in the way you suggest. Another bonus is a lighter firewall that needs to examine less rules.

Kind regards