Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://fsebugoutzone.org/objects/f4666485-e923-4b0f-85e8-1806b7bc0dc2">pistolero (p@fsebugoutzone.org)'s status on Monday, 07-Oct-2024 15:53:28 JST</a><a href="https://fsebugoutzone.org/users/p" title="p@fsebugoutzone.org"><img src="https://gnusocial.jp/theme/gnusocialjp/default-avatar-stream.png" width="48" height="48" alt="pistolero" style="position: absolute; left: 0; top: 0;">pistolero</a><div><a href="https://queer.hacktivis.me/objects/b06338d0-ecbd-4474-bbe2-f68342cbef2e" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/2347" title="threalist@social.fbxl.net">🌲-alist</a></li><li><a href="https://gnusocial.jp/user/5287" title="sj_zero@social.fbxl.net">sj_zero</a></li><li><a href="https://gnusocial.jp/user/5316" title="cjd@pkteerium.xyz">cjd</a></li><li><a href="https://gnusocial.jp/user/8612" title="h4890@liberdon.com">h4890</a></li><li><a href="https://gnusocial.jp/user/252806" title="amerika@annihilation.social">≠</a></li></ul></div></section><article><a href="https://queer.hacktivis.me/users/lanodan">@lanodan</a> <a href="https://annihilation.social/users/amerika">@amerika</a> <a href="https://pkteerium.xyz/users/cjd">@cjd</a> <a href="https://liberdon.com/@h4890">@h4890</a> <a href="https://social.fbxl.net/users/sj_zero">@sj_zero</a> <a href="https://social.fbxl.net/users/threalist">@threalist</a> <br><br>&gt; ICMP probably shouldn't be entirely banned though, otherwise you'll get things like MTU issues and miss connection diagnosis (like the various distinctions of destination unreachable).<br><br>The idea is that no data comes in; what do you really care if you lose some of the distinctions?  Presumably it'd be one point-to-point bridge between the secure broadcast-only network and the external internet.<br><br>&gt; And one thing that should also be filtered out is any connection that isn't for your address/subnet,<br><br>Like, in general, right?  This is about a special case where you want some machines that are not quite air-gapped but you don't want machines outside the network to be able to influence their behavior.</article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3783283#notice-7408751">In conversation</a><time datetime="2024-10-07T15:53:28+09:00" title="Monday, 07-Oct-2024 15:53:28 JST">about 5 months ago</time> <span>from <span><a href="https://fsebugoutzone.org/objects/f4666485-e923-4b0f-85e8-1806b7bc0dc2" rel="external" title="Sent from fsebugoutzone.org via ActivityPub">fsebugoutzone.org</a></span></span><a href="https://fsebugoutzone.org/objects/f4666485-e923-4b0f-85e8-1806b7bc0dc2">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
pistolero (p@fsebugoutzone.org)'s status on Monday, 07-Oct-2024 15:53:28 JSTpistolero
in reply to
@lanodan @amerika @cjd @h4890 @sj_zero @threalist

> ICMP probably shouldn't be entirely banned though, otherwise you'll get things like MTU issues and miss connection diagnosis (like the various distinctions of destination unreachable).

The idea is that no data comes in; what do you really care if you lose some of the distinctions? Presumably it'd be one point-to-point bridge between the secure broadcast-only network and the external internet.

> And one thing that should also be filtered out is any connection that isn't for your address/subnet,

Like, in general, right? This is about a special case where you want some machines that are not quite air-gapped but you don't want machines outside the network to be able to influence their behavior.
In conversationabout 5 months ago from fsebugoutzone.orgpermalink

Public

Embed Notice

HTML Code

Corresponding Notice