I'm looking for a way to add some (Linux) participants into my tinc network, but I want to protect them from accidentally binding a port so that it's accessible via tinc.
For example, `nc -l` by default listens to all interfaces. Similarly, some software (I think mongodb < 2.6 was among those) bind to all interfaces AND allow unauthenticated access that can do remote code execution, which is a security nightmare. While these are arguably cases of "the user should be careful what interface they let their programs listen to", I want to avoid the possibility of this all together, and want to configure tinc such that on selected participants, there's no interface that programs could bind to, so that only outgoing connections work. How can I achieve that? I imagine the easiest way would be to make it so that tinc creates no tun device. Is the `DeviceType = raw_socket` option what I'm looking for? Thanks! Niklas _______________________________________________ tinc mailing list [email protected] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
