{"id":28396321,"url":"https://github.com/ssbc/ssb-conn-firewall","last_synced_at":"2025-07-22T11:02:56.766Z","repository":{"id":57368761,"uuid":"379882647","full_name":"ssbc/ssb-conn-firewall","owner":"ssbc","description":"secret-stack plugin to configure which connections can occur","archived":false,"fork":false,"pushed_at":"2022-07-20T12:28:42.000Z","size":55,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-06-29T10:28:39.121Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ssbc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-06-24T10:10:00.000Z","updated_at":"2022-05-16T09:00:26.000Z","dependencies_parsed_at":"2022-08-23T20:10:49.022Z","dependency_job_id":null,"html_url":"https://github.com/ssbc/ssb-conn-firewall","commit_stats":null,"previous_names":["staltz/ssb-conn-firewall"],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/ssbc/ssb-conn-firewall","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ssbc%2Fssb-conn-firewall","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ssbc%2Fssb-conn-firewall/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ssbc%2Fssb-conn-firewall/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ssbc%2Fssb-conn-firewall/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ssbc","download_url":"https://codeload.github.com/ssbc/ssb-conn-firewall/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ssbc%2Fssb-conn-firewall/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264229600,"owners_count":23576262,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-31T21:37:55.876Z","updated_at":"2025-07-22T11:02:56.761Z","avatar_url":"https://github.com/ssbc.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ssb-conn-firewall\n\nsecret-stack plugin to configure which incoming connections can occur. For use with the [SSB CONN](https://github.com/staltz/ssb-conn) family of modules. Spiritual successor to [ssb-incoming-guard](https://github.com/ssbc/ssb-incoming-guard).\n\n## Installation\n\n**Prerequisites:**\n\n- Requires **Node.js 10** or higher\n- Requires `secret-stack@6.2.0` or higher\n- Requires `ssb-friends@5` or higher\n\n```\nnpm install --save ssb-conn-firewall\n```\n\nAdd this plugin to ssb-server like this:\n\n```diff\n var createSsbServer = require('ssb-server')\n .use(require('ssb-onion'))\n .use(require('ssb-unix-socket'))\n .use(require('ssb-no-auth'))\n .use(require('ssb-master'))\n .use(require('ssb-db2'))\n .use(require('ssb-friends'))\n .use(require('ssb-conn'))\n+ .use(require('ssb-conn-firewall'))\n // ...\n```\n\n## Usage\n\n### Configuration\n\nSome parameters can be configured by the user or by application code through the conventional [ssb-config](https://github.com/ssbc/ssb-config) object. The possible options are listed below:\n\n```typescript\n{\n conn: {\n firewall: {\n /**\n * Whether the firewall should forbid connections from peers that are\n * explicitly blocked by us (according to ssb-friends).\n *\n * Default is `true`.\n */\n rejectBlocked: boolean,\n\n /**\n * Whether the firewall should forbid connections from peers that are\n * unknown to us, i.e. not within our configured hops range (according to\n * ssb-friends).\n *\n * An exception to this rule is when we have recently tried to connect to\n * a stranger, then we allow that stranger to connect to us.\n *\n * Default is `false`.\n */\n rejectUnknown: boolean\n }\n }\n}\n```\n\n### muxrpc APIs\n\n#### `ssb.connFirewall.attempts([opts]) =\u003e Source`\n\nIn case you have the `rejectUnknown` configuration enabled, `ssb-conn-firewall` allows you (as a developer) to see which connection attempts were made by strangers. These attempts are also persisted to disk in the file `~/.ssb/conn-attempts.json` and streamed via this API.\n\nThe `attempts([opts])` API returns a pull-stream of such connection attempts, where each attempt is expressed as an object `{id, ts}`, where `id` is the SSB ID of the peer who attempted to connect to us, and `ts` is a timestamp of when that attempt happened.\n\n- `opts.old` _Boolean_ - whether or not to include previous attempts stored in disk. (Default: `false`)\n- `opts.live` _Boolean_ - whether or not to include subsequent attempts happening during the execution of your program. (Default: `true`)\n\n#### `ssb.connFirewall.reconfigure(config) =\u003e void`\n\nAt any point during the execution of your program, you can reconfigure the firewall rules using this API. The configuration object passed to this API has the same shape as `config.conn.firewall` (see above) has. Any subsequent attempts to connect will abide by the new rules.\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fssbc%2Fssb-conn-firewall","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fssbc%2Fssb-conn-firewall","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fssbc%2Fssb-conn-firewall/lists"}