It has come to our attention that some grid users use VMs for sending SPAM, which creates issues for the farmer in relation to their ISP.
Since we have some other security features that we want to implement, we’ll add all 3 features in one go.
- disallow nodes in purely NATed networks to send mails using an MTA (tcp/port 25). That blocking will only happen for nodes in a home or when the nodes don’t have access to a direct public link.
- nodes that live in homes will have VMs (workloads) that only have access to the Internet and will be unable to snoop around in the home network. (there are already some filters in place, but the restrictions will be complete. Packets from workloads can only be forwarded to the router.
- also, proactively we’re going to rate-limit DNS queries for VMs to 15/sec to alleviate popular DNS amplification and reflector attacks
The thing is: this needs to be fast, if we can’t handle it for 3.10, we’ll send out a patch release on 3.10 or a 3.10.1
For this to pass, we would need at least 25 votes and a positive vote of at least 50% before 06 July 2023. Anyone with a farm may vote. Please register your vote on the dashboard under ‘DAO’