Proposal 101816: Update firewall rules

Hello community!

Please let me provide additional information related to the Proposal 101816: “Update firewall rules” (Proposal: 101816 - IC Dashboard).

The objective is to add new IPv6 prefix 2602:fb2b::/36 that has been allocated to DFINITY under ARIN net handle NET6-2602-FB2B-1. We are about to start using this prefix in SF1 InfraDC and migrate all services from the current SF1 prefix 2607:fb58:9005::/48 to the newly assigned subnet of 2602:fb2b::/36.

The SF1 InfraDC is predominantly supporting development of IC and the old prefix is whitelisted only to ease testing of new features. We want to minimize potential issues caused by the renumbering by adding the new prefix to the list as well.

Once the SF1 InfraDC renumbering is finished we will create a new proposal to remove the old prefix 2607:fb58:9005::/48 from the firewall rules.

I will be glad to provide more details, if you have any question.


Thanks for the update and sharing the information! I saw the proposal in governance and was going to investigate what it meant. Good job!!

I take this opportunity to ask… In the future, will there be firewall rules for the global use of IC? example malignant or similar agents?

How are you going to work with illegal websites, arms or drug trafficking? Will they be blocked from ic through governance?

The question is a bit off topic, but let me make an attempt at answering here. There are two aspects related to your question:

  1. Boundary nodes (BNs) are the entry points into the IC. BN operators have to comply with the law of the jurisdiction in which they operate, or otherwise they risk that their node will be taken down entirely. BNs may therefore filter traffic to and from the IC to ensure they comply with local law. This means the content hosted on the IC is not restricted, but the content that some user may access may well be restricted, depending on the policy of the BN they go through. We are currently refining the architecture of BNs, but the idea is that in the future users will be able to access the IC through many different BNs, which likely implement different policies.
  2. The NNS can freeze canisters; this restricts the content hosted on the IC. As far as I recall, there has only ever been one such proposal, and no such proposal has ever passed. As this proposal uses the topic governance, in which no entity (in particular: DFINITY) has the majority, it’s impossible for us at this point to say how the IC governance will decide on future proposals of this type. So, given the lack of precedence, the IC’s policy on this question is very much unknown.

Perfect! Thank you ! So, on the one hand, we have local legal restrictions that are independent of what the government decides. Also through governance, even if the legal restrictions of each part of the world are complied with, we could restrict any website if the majority voted for this in the future. Thank you very much for the information! I’m sure it also helped those who had the same doubts as me. A hug!!

1 Like

The previous proposal sadly didn’t get enough votes in time, so it got automatically rejected.
I just resubmitted, with hope that this time it will get enough “Yes” votes in time.

1 Like