Context: Self-hosted setup
The reverse-proxy now allows restricting access to the exposed services by network CIDR (and I have explicitly defined a CIDR for the Netbird network). If I restrict the access by this method to the Netbird CIDR, is this a safe and secure setup in the form, that nobody outside the Netbird network is allowed to access the service.
(See other topic, where I wanted to use the SSH/Certificate features of the reverse-proxy without actually exposing services to the internet, only to members of the Netbird VPN).
I asked the KI and the answer was “yes”, with the restriction that networks I connect to (mainly cable provider network) must not use the same IP range. Also, possibly Header-Spoofing could be a theoretical problem (X-Forwarded-For, X-Real-IP).
IMHO, both should not be a problem in the principle and my concrete setup.
However, I do not trust KI regarding the security of my network, so a human judgment would be helpful, too.
I’m not a security specialist to do actual pentest or similar, after setup.
Also, are the general Netbird policies I have defined regarding access from/to internal infrastructure element still active in this setup?