Block Inbound Connections
The Block Inbound Connections setting prevents all inbound connections to the local machine and any networks it routes. When enabled, the QuFabric client will drop all incoming peer traffic — including peer-to-peer connections, routed network traffic, and SSH — regardless of access control policies configured in the management service.
This is a client-side override that takes precedence over any policies received from the management service.
Available since QuFabric v0.46.0.
When to use it
- Outbound-only peers: A machine that only needs to access remote resources but should never be reachable by other peers.
- Temporary lockdown: Quickly block all inbound access to a machine without modifying server-side policies.
- Defense-in-depth: Add a client-side layer of protection alongside your access control policies.
What it blocks
When Block Inbound Connections is enabled, the client will not add any inbound firewall rules. This means:
- Peer connections: Other peers cannot initiate connections to this machine.
- Routed network traffic: If this peer acts as a routing peer, inbound traffic to its routed networks is also blocked.
- SSH access: QuFabric SSH connections to this peer are blocked.
This setting overrides all policies from the management service. Even if an access control policy explicitly allows traffic to this peer, inbound connections will still be blocked.
Enabling via the system tray
- Click the QuFabric icon in the system tray.
- Go to Settings.
- Click Block Inbound Connections to toggle the setting.
When enabled, a checkmark will appear next to the menu item.
Enabling via the CLI
You can enable Block Inbound Connections when starting the QuFabric client:
qufabric up --block-inbound
To disable it, run:
qufabric up --block-inbound=false
When toggling this setting via the CLI, the system tray UI may not reflect the change until the QuFabric GUI is restarted.