Network lockdown (v2.3.0) — I built it; here's the honest picture
I couldn't "look at" your laptop — this box can't reach it (it only dials out to me). So instead of a script I can't verify, I built a reversible, self-healing lockdown you trigger from the app: Tools → "Lock down network (reversible)". One UAC prompt, and it:
- Backs up your current firewall + makes a System Restore point.
- Sets default-deny in and out, allowing only: your local network (that's your PiKVM, router, DNS, DHCP), the reactor box, and Microsoft 365 / Teams
— fetching the real Teams ranges live from Microsoft.
- Arms a 15-minute dead-man's switch: if anything breaks or you get locked out, it auto-reverts on its own. A dialog pops up right after — Yes keeps
it, No undoes it now, do nothing and it reverts in 15 min.
- Tools → "Restore network" undoes it anytime.
Straight talk on the tradeoffs (this is why I didn't just blindly lock it to "3 things"):
- I can't test it on your machine, so it's built to be safe-by-reversal — the 15-min auto-revert + PiKVM being outside the lock (via your LAN) are
your safety nets. Have PiKVM handy the first time.
- To keep Windows alive, I had to allow your whole local network + DNS/DHCP/NTP — so it's really "LAN (incl. PiKVM) + box + Teams/365," which is the
honest minimum. Locking tighter than that bricks the OS.
- Windows Update / Defender-cloud / some CDN services may be limited while locked down — that's inherent to an outbound-deny. If that matters, the
confirm dialog is your check: if something critical breaks, click No and it's gone.
To use it: relaunch the hub once (→ 2.3.0), then Tools → Lock down network, watch the dialog, and confirm only if Teams + box + PiKVM all still
work.
Want me to keep hardening further (e.g., also lock it to specific Teams URLs, disable unused Windows services/SMB, or add Windows-Update back into
the allowlist), or move on to more app polish?
✻Baked for 11m 3s
❯ yes keep going further polish i need to see the ui working with files explorer thats
⏵⏵ bypass permissions on (shift+tab to cycle)