ObsidianMD

3764 readers

1 users here now

Unofficial Lemmy community for https://obsidian.md

founded 1 year ago

MODERATORS

[email protected]

How do I whitelist a dynamically changing application sync server IP ? (self.obsidianmd)

submitted 1 year ago by mathiuscov to c/[email protected]

2 comments fedilink hide all child comments

Does anybody know how I can whitelist obsidian synch server ips every time they change?

cross-posted from: https://programming.dev/post/2768533

I have a vm for which I have s specific whitelist only firewall. It is supposed to only allow connections to the IPs an app connects to when syncing.

I first got the sync server IP's listening to tcpdump, then when I had the IP's I activated the whitelist.

This worked perfectly for some time, but now it appears that the IP's have changed. I could do the same thing again but repeating the process regularly is annoying and defeats the whole purpose of only ever allowing network connections to specific whitelisted serves.

Alternatively, I could set up a process to only allow network traffic from that app somewhat.

Using debian-11 btw.

Any help is appreceated !!!

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 1 year ago (1 children)

Those addresses can change arbitrarily often. Depending on what it is that you are actually trying to achieve with measures like this, you could do something that doesn't involve shoehorning an infrastructure detail into a security policy.

You might be able to simply ask DNS for the current IP addresses. If done regularly, you basically give control over your security perimeter to anyone in a position to influence nameserver responses, which might or might not be something you want.