I want to test a few services of Proton (Mail, Drive, Pass, Lumo, SimpleLogin, Meet…) and I am wondering if someone here as made a “sys-proton”: A gateway to limit one (all-in-one) or several proton (minimal) qubes to access Proton services servers only. I am not interested in setup a Proton’s VPN, nor Proton’s email bridge.
Has someone already made a IP list? Is it reliable or does Proton dynamically move things around? Are you using a DNS to limit traffic to Proton services only?
In my experience, for Mail and Drive the DNS name list is pretty static (I’ve had to add things to it like once in a year).
Here’s my list, although only for Mail and Drive, not the other services.
NO ACTION HOST PROTOCOL PORT(S) SPECIAL TARGET ICMP TYPE EXPIRE COMMENT
0 accept account-api.proton.me - - - - - -
1 accept account.proton.me - - - - - -
4 accept drive.proton.me - - - - - -
6 accept fra-storage.proton.me - - - - - -
8 accept mail-api.proton.me - - - - - -
9 accept mail.proton.me - - - - - -
10 accept pass.proton.me - - - - - -
11 accept pmecdn.protonweb.com - - - - - -
12 accept proton.me - - - - - -
13 accept simplelogin.io - - - - - -
14 accept zrh-storage.proton.me - - - - - -
It would be better to call it sys-firewall-proton