When running as root, I did not need to add the firewall rule.

I haven’t tried rootful since I haven’t had issues with rootless. I’ll have to check on that and get back to you.

Philosophically I agree with you. I was just discussing a technological way to accomplish age verification without giving up users’ identities to a service provider, or the government knowing what service you’re using. Unfortunately, too many governments want to know what you’re doing inside your pants.

Oh, I was thinking the certificate would only be needed for signups - once the account is created, it absolutely should be on the account holder, not the service provider.

The service provider could even generate a certificate request that the age verification entity signs (again, with no identifying information, other than “I need an age verification signature, please”). That certificate would only be valid for that specific service provider and can’t be re-used.

I still need to allow the ports in my firewall when using podman, even when I bind to 0.0.0.0.