OPNsense Forum
English Forums => General Discussion => Topic started by: joe99 on November 08, 2016, 06:07:03 pm
-
Hello Forum
I would like o make sure that no unwanted network communication takes place (mainly from Windows based machines in the network).
Therefore i would like to be asked everytime an application or the Windows-OS itself would like to establish a connection to a remote host/service.
Question:
Does OPNsense already offer such a feature?
Thank you very much!
Joe
PS1:
I understand that such a feature would require an agent on each client(workstation)
PS2:
I do know that some personal firewalls do offer such a feature and as well some very advanced.
-
1. We don't have this information on the firewall - we can see only what is sent by the client. We do not see which application sent the data (maybe the protocol has some hints like ssh version or HTTP user agent but that's it). You cannot even rely on the port numbers when you are not using deep packet inspection to check if the protocol is correct.
2. Your host may run into a timeout if the packet is cached in memory until the user clicks something (and afaik it is not implemented in pf). If many connections get opened in a short period of time, your users screen will be full of dialog boxes and because this may lead to panic, the user may click ok on all of them or rejects all of them which breaks a lot of your connections.
3. You should use a personal firewall for that because the firewall will not see the lan traffic between the hosts. So you could not filter any traffic between them if that's your goal.
-
Thank you very much Fabian for the excellent answer!
Joe