Skip to content

Instantly share code, notes, and snippets.

@christroutner

christroutner/ipfs-port-control.md

Last active May 26, 2023 21:58
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save christroutner/ff512ad1913da956ddfc5a5eae6a9774 to your computer and use it in GitHub Desktop.
Save christroutner/ff512ad1913da956ddfc5a5eae6a9774 to your computer and use it in GitHub Desktop.
Download ZIP
IPFS Port Control
Raw
ipfs-port-control.md

UFW commands for IPFS resource management

It's handy to use UFW to limit the amount of bandwidth, resources, and ultimately the number of peers that IPFS can connect to. IPFS can be a resource hog, and there are not internal tools to mitigate it. The official stance from IPFS is that bandwidth and firewall controlls should be implemented by the host OS, not by their software.

All ipfs-coord-esm consumers use port 4001 or 4003 and TCP. No peers use UDP or QUIC (which runs on UDP). So any connections to peers using these protocols are wasted resources.

Allow SSH connections:

  • sudo ufw allow ssh

DENY incoming UDP connections on port 4001:

  • sudo ufw deny 4001/udp

DENY all outgoing connection by default:

  • sudo ufw default deny outgoing

Allow outgoing connections to specific ports:

  • sudo ufw allow out 80/tcp
  • sudo ufw allow out 443/tcp
  • sudo ufw allow out 4001/tcp
  • sudo ufw allow out 4003/tcp

Allow DNS lookup:

  • sudo ufw allow out 53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment