Ensure targets cant fetch from each other

[thattommyhall]

needs #6 to be sure

[thattommyhall]

this is quite subtle, security groups can only have allow rules, but we can use Network ACLS to prevent inbound access from the IPs of the deployed backends. A script could be triggered on a schedule to keep them up to date.

[iand]

To do this properly we need ipfs/kubo#8867 which could be done soon if ipfs/kubo#9010 gets merged. The alternative route is via the proposed ipfs rules command which is not fully specified yet ipfs/kubo#8492

[thattommyhall]

Considering this done (via 700b79c ) from the perspective of protocol/prodeng#16

[JesseXie]

@thattommyhall it is done or not?

[thattommyhall]

I'll make a new card with @iand's comments re: blocking in Kubo config, we've got support that it's useful (tests have same need to control where stuff is fetched from)

Confirmed with

# ipfs swarm connect /p2p/12D3KooWJj76d91UfktyF9CfR1HxmjuV8DVAXMGUPTBPn4iAATDg
Error: connect 12D3KooWJj76d91UfktyF9CfR1HxmjuV8DVAXMGUPTBPn4iAATDg failure: routing: not found

uses all the routing methods available, so we are good for now, it's not impossible some new relaying or whatever will work around our network block (its kinda the point of libp2p isnt it?)

[thattommyhall]

tracking in #41