ssb-conn-firewall
v1.1.4
Published
secret-stack plugin to configure which connections can occur
Downloads
30
Readme
ssb-conn-firewall
secret-stack plugin to configure which incoming connections can occur. For use with the SSB CONN family of modules. Spiritual successor to ssb-incoming-guard.
Installation
Prerequisites:
- Requires Node.js 10 or higher
- Requires
[email protected]
or higher - Requires
ssb-friends@5
or higher
npm install --save ssb-conn-firewall
Add this plugin to ssb-server like this:
var createSsbServer = require('ssb-server')
.use(require('ssb-onion'))
.use(require('ssb-unix-socket'))
.use(require('ssb-no-auth'))
.use(require('ssb-master'))
.use(require('ssb-db2'))
.use(require('ssb-friends'))
.use(require('ssb-conn'))
+ .use(require('ssb-conn-firewall'))
// ...
Usage
Configuration
Some parameters can be configured by the user or by application code through the conventional ssb-config object. The possible options are listed below:
{
conn: {
firewall: {
/**
* Whether the firewall should forbid connections from peers that are
* explicitly blocked by us (according to ssb-friends).
*
* Default is `true`.
*/
rejectBlocked: boolean,
/**
* Whether the firewall should forbid connections from peers that are
* unknown to us, i.e. not within our configured hops range (according to
* ssb-friends).
*
* An exception to this rule is when we have recently tried to connect to
* a stranger, then we allow that stranger to connect to us.
*
* Default is `false`.
*/
rejectUnknown: boolean
}
}
}
muxrpc APIs
ssb.connFirewall.attempts([opts]) => Source
In case you have the rejectUnknown
configuration enabled, ssb-conn-firewall
allows you (as a developer) to see which connection attempts were made by strangers. These attempts are also persisted to disk in the file ~/.ssb/conn-attempts.json
and streamed via this API.
The attempts([opts])
API returns a pull-stream of such connection attempts, where each attempt is expressed as an object {id, ts}
, where id
is the SSB ID of the peer who attempted to connect to us, and ts
is a timestamp of when that attempt happened.
opts.old
Boolean - whether or not to include previous attempts stored in disk. (Default:false
)opts.live
Boolean - whether or not to include subsequent attempts happening during the execution of your program. (Default:true
)
ssb.connFirewall.reconfigure(config) => void
At any point during the execution of your program, you can reconfigure the firewall rules using this API. The configuration object passed to this API has the same shape as config.conn.firewall
(see above) has. Any subsequent attempts to connect will abide by the new rules.
License
MIT