firezone icon indicating copy to clipboard operation
firezone copied to clipboard
verified publisher icon firezone

Firewall rules for internet resource

Open conectado opened this issue 1 year ago • 1 comments

After #2667

A common use case for the internet resource is to prevent traffic leaking outside the VPN so that traffic can't be snooped.

Some applications, might explicitly set the ip source of packets so that they get routed to a non-firezone interface.

Firewall rules in some platforms(I'm sure about Windows since the Wireguard client does this) can be configured to stop such traffic.

Opening this issue to prioritize and investigate how and if it can be even be done in different platforms.

conectado avatar Aug 24 '24 00:08 conectado

I believe on Apple, APIs such as includeAllNetworks are designed to prevent this kind of thing. We won't be able to control the firewall on Apple because we're in the App store. Android will be a similar case.

I believe on these platforms, the vendor has exposed APIs they intend for us to use to handle cases like this.

jamilbk avatar Aug 26 '24 21:08 jamilbk