New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !

Add more powerful firewall controls

Good ideas? Share with us!
Post Reply
blacklodge
Posts: 10
Joined: 29 Dec 2010, 11:44
Location: Sweden

Add more powerful firewall controls

Post by blacklodge »

I would like to see more powerful firewall controls in the web interface for those that don't want/can't do it manually.

For example i wish that i have a setting for blocking.

# blocking outgoing traffic to a specific webpage/ip for all users of B2/B3 or just for some user (based on IP or MAC)

# blocking incoming traffic from target specified by you

Is this something you have planed to implement in the future?

Others can also fill in to this topic if they wish something more concerning the firewall.
Cheeseboy
Posts: 789
Joined: 08 Apr 2007, 12:16

Re: Add more powerful firewall controls

Post by Cheeseboy »

I would very much like to be able to add hostnames rather than IP addresses in the "Private IP" column under "User defined open / forwarded ports".
I think I have pointed this out before on the forum...
DanielM
Posts: 637
Joined: 28 Mar 2008, 06:37
Location: Sweden

Re: Add more powerful firewall controls

Post by DanielM »

Blocking traffic to a specific web page sounds more like a task suitable for a proxy. It would be very nice though to have proxy stuff built in to the gui configuration...

Thinking about firewall stuff that I'm missing from the gui I can't really come up with anything. The only iptables stuff I have done that I couldn't do through the web interface is some stuff related to a openvpn tunnel that I have between my B3 and another place. Openvpn stuff would be nice to have in the interface though 8)

(I realize this post feels a bit fuzzy, both stuff that I requests contains the word "stuff". I could specify what I mean if you want...)

/Daniel
blacklodge
Posts: 10
Joined: 29 Dec 2010, 11:44
Location: Sweden

Re: Add more powerful firewall controls

Post by blacklodge »

DanielM wrote:Blocking traffic to a specific web page sounds more like a task suitable for a proxy. It would be very nice though to have proxy stuff built in to the gui configuration...

Thinking about firewall stuff that I'm missing from the gui I can't really come up with anything. The only iptables stuff I have done that I couldn't do through the web interface is some stuff related to a openvpn tunnel that I have between my B3 and another place. Openvpn stuff would be nice to have in the interface though 8)

(I realize this post feels a bit fuzzy, both stuff that I requests contains the word "stuff". I could specify what I mean if you want...)

/Daniel
Why is it not a good idea to let iptables take care of and block traffic to specific web pages/domain?

It would be so nice to have the feature in the GUI...
DanielM
Posts: 637
Joined: 28 Mar 2008, 06:37
Location: Sweden

Re: Add more powerful firewall controls

Post by DanielM »

blacklodge wrote:Why is it not a good idea to let iptables take care of and block traffic to specific web pages/domain?

It would be so nice to have the feature in the GUI...
All i meant was that if iptables would take care of this blocking it would be just blocking of specific sites and nothing more which feels like a kinda limited function. A full-blown Proxy could do much more nice stuff.

My kids are 5 and 7 and they don't surf the net by themselves yet, but in a couple of years I guess I'll be needing web filtering. I just hope there is a nice web interface for it by then :D

/Daniel
johannes
Posts: 1470
Joined: 31 Dec 2006, 07:12
Location: Sweden
Contact:

Re: Add more powerful firewall controls

Post by johannes »

The children-filtering has been considered and is (somewhere) on our list, and then also includes internet access only between certain times from certain clients etc. But nothing decided or firmly specified yet. I'll make a +1 for that.

Are there other use cases you also like apart from the children filtering?
/Johannes (Excito co-founder a long time ago, but now I'm just Johannes)
DanielM
Posts: 637
Joined: 28 Mar 2008, 06:37
Location: Sweden

Re: Add more powerful firewall controls

Post by DanielM »

johannes wrote:Are there other use cases you also like apart from the children filtering?
Built in home automation? :lol:

/Daniel
blacklodge
Posts: 10
Joined: 29 Dec 2010, 11:44
Location: Sweden

Re: Add more powerful firewall controls

Post by blacklodge »

If possible it would be nice to be able to block out torrent traffic from certain clients and not just block access to certain torrent trackers web-pages.

Also i would like to be able to block out access to \\bubba\storage for certain users so they just can use the internet connection.
RandomUsername
Posts: 904
Joined: 09 Oct 2009, 18:49

Re: Add more powerful firewall controls

Post by RandomUsername »

DanielM wrote:
blacklodge wrote:Why is it not a good idea to let iptables take care of and block traffic to specific web pages/domain?

It would be so nice to have the feature in the GUI...
All i meant was that if iptables would take care of this blocking it would be just blocking of specific sites and nothing more which feels like a kinda limited function. A full-blown Proxy could do much more nice stuff.

My kids are 5 and 7 and they don't surf the net by themselves yet, but in a couple of years I guess I'll be needing web filtering. I just hope there is a nice web interface for it by then :D

/Daniel
O/T: I've started to consider this as my kids are getting older and I find OpenDNS does a fine job. They're not savvy enough (or even do they want to ATM) to circumvent it by using IP addresses at the moment but maybe in 10 years time I might need to rethink this approach.
DanielM
Posts: 637
Joined: 28 Mar 2008, 06:37
Location: Sweden

Re: Add more powerful firewall controls

Post by DanielM »

RandomUsername wrote:O/T: I've started to consider this as my kids are getting older and I find OpenDNS does a fine job. They're not savvy enough (or even do they want to ATM) to circumvent it by using IP addresses at the moment but maybe in 10 years time I might need to rethink this approach.
And you don't think your kids will be able to surf using 4G or hsdpa or whatever to just bypass your dear Bubba in ten years? :wink:

/Daniel
RandomUsername
Posts: 904
Joined: 09 Oct 2009, 18:49

Re: Add more powerful firewall controls

Post by RandomUsername »

DanielM wrote:
RandomUsername wrote:O/T: I've started to consider this as my kids are getting older and I find OpenDNS does a fine job. They're not savvy enough (or even do they want to ATM) to circumvent it by using IP addresses at the moment but maybe in 10 years time I might need to rethink this approach.
And you don't think your kids will be able to surf using 4G or hsdpa or whatever to just bypass your dear Bubba in ten years? :wink:

/Daniel
Yes, hence "maybe in 10 years time I might need to rethink this approach." ;P
blacklodge
Posts: 10
Joined: 29 Dec 2010, 11:44
Location: Sweden

Re: Add more powerful firewall controls

Post by blacklodge »

RandomUsername wrote:
DanielM wrote:
RandomUsername wrote:O/T: I've started to consider this as my kids are getting older and I find OpenDNS does a fine job. They're not savvy enough (or even do they want to ATM) to circumvent it by using IP addresses at the moment but maybe in 10 years time I might need to rethink this approach.
And you don't think your kids will be able to surf using 4G or hsdpa or whatever to just bypass your dear Bubba in ten years? :wink:

/Daniel
Yes, hence "maybe in 10 years time I might need to rethink this approach." ;P
In 10 years we will see the new "Bubba 2020" on the market and that badboy will block everything ))
DanielM
Posts: 637
Joined: 28 Mar 2008, 06:37
Location: Sweden

Re: Add more powerful firewall controls

Post by DanielM »

blacklodge wrote:In 10 years we will see the new "Bubba 2020" on the market and that badboy will block everything ))
Yep. And it will include a jammer :D

/Daniel
Puma
Posts: 230
Joined: 29 Sep 2008, 06:30

Re: Add more powerful firewall controls

Post by Puma »

Hello,

I use squid and squidguard which is very good for my kids.

Everyone logs in to windows by using name and password (they connect to the proxy).

I use a blacklist for surfing and a whitelist for the kids.

So the kids can only surf on the white listed sites (just a text file in squid).

When the grow older (now 3, 5, 8) I will need a better solution but for now this is perfect.

Puma
Linux is like a wigwam - no windows, no gates, apache inside!
Post Reply