server icon indicating copy to clipboard operation
server copied to clipboard
verified publisher icon nextcloud

restrict outgoing connections (privacy, data protection, outbound traffic)

Open kolAflash opened this issue 2 years ago • 2 comments

For privacy, data protection and security reasons it can be helpful to strictly control outgoing connections.

I suggest a setting to disable outgoing connections.

Some granularity for the setting may be helpful too. So for example updates can still be received but other outgoing connections can be disabled.

 

Alternatively an overview of remote addresses would be helpful. So a firewall can be used to restrict connections to them.
I could not find such a list, except for this forum thread from 2018:

Which URLs+IPs needed for outbound traffic from Nextcloud-server? https://help.nextcloud.com/t/which-urls-ips-needed-for-outbound-traffic-from-nextcloud-server/27637

 

 

How to use GitHub

  • Please use the 👍 reaction to show that you are interested into the same feature.
  • Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
  • Subscribe to receive notifications on status change and new comments.

Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like A clear and concise description of what you want to happen.

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

Additional context Add any other context or screenshots about the feature request here.

kolAflash avatar Jun 09 '23 18:06 kolAflash

https://docs.nextcloud.com/server/latest/admin_manual/installation/harden_server.html#connections-to-remote-servers

joshtrichards avatar Jun 09 '23 20:06 joshtrichards

https://docs.nextcloud.com/server/latest/admin_manual/installation/harden_server.html#connections-to-remote-servers

@kolAflash asked for disabling those outbound connections with a certain granularity.

When you for instance block push-notifications.nextcloud.com in your firewall, you will get an error message when you do something (e.g. sharing a file) that causes a push notification to another user's mobile device.

Disabling the notification app is a way to prevent that, but it also disables Nextcloud functions that depend on notifications in the browser interface (e.g. transferring own objects to another user using the browser interface).

Volker-K avatar Jun 14 '23 08:06 Volker-K