OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • Block outgoing connection for app?
« previous next »
  • Print
Pages: [1]

Author Topic: Block outgoing connection for app?  (Read 3720 times)

gh0st

  • Jr. Member
  • **
  • Posts: 52
  • Karma: 2
    • View Profile
Block outgoing connection for app?
« on: November 14, 2016, 09:54:46 am »
Is there somehow we can achieve this? I don´t want to use Little Snitch on my Mac.
Logged

bartjsmit

  • Hero Member
  • *****
  • Posts: 1537
  • Karma: 166
    • View Profile
Re: Block outgoing connection for app?
« Reply #1 on: November 14, 2016, 11:01:55 am »
The firewall only sees traffic identified by the source IP, destination IP, protocol, source port and destination port (for those protocols that use ports).

Unless the application is uniquely identifiable by those, you cannot block it. OPNsense has no agents on the clients that can tie their traffic to a specific process on the client.

Bart...
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13624
  • Karma: 1173
    • View Profile
Re: Block outgoing connection for app?
« Reply #2 on: November 15, 2016, 05:27:43 pm »
Blocking by IP destination is often the best approach, granted a good list for the app can be found.


Cheers,
Franco
Logged

Zeitkind

  • Full Member
  • ***
  • Posts: 178
  • Karma: 25
    • View Profile
Re: Block outgoing connection for app?
« Reply #3 on: November 15, 2016, 08:41:38 pm »
Many bigger companies like Adobe use Akamai, aws & Co. for their servers, so it's almost impossible to block by IP-address. Also any other round-robin-loadbalancer will make this approuch fail as well.
I often have the same problem - but vice versa, i.e. allowing connections to eg. Adobe's licence servers fails, because they change their IP-address a lot and any client will get a different random IP-address it then tries to connect to renew its licence. So 10-80% of all clients start losing their licence because they can't connect to "their" licence server, it's just odd. Nailing down some IPs by adding them to the interal DNS is one approuch, but the IPs just float around, it's annoying.
Logged

chemlud

  • Hero Member
  • *****
  • Posts: 2036
  • Karma: 93
    • View Profile
Re: Block outgoing connection for app?
« Reply #4 on: November 15, 2016, 09:13:34 pm »
The only solution I have is for Win machines with (GData) personal firewall, there (above the OS-level) you can choose for each application the way to internet (or not).

For some applications (e.g. firewall sig updates) you can allow (!) some IPs to make it work at the perimeter firewall.

In general, in a secure environment I would BLOCK anything by default and start fishing from the firewall log the IPs to allow (or not) for individual apps. There is no perfect way to make this work from the perimeter firewall today. AFAIK Snort has a relatively new feature for application-based rules...
« Last Edit: November 15, 2016, 09:15:08 pm by chemlud »
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • Block outgoing connection for app?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2