Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
Block outgoing connection for app?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Block outgoing connection for app? (Read 6364 times)
gh0st
Jr. Member
Posts: 52
Karma: 2
Block outgoing connection for app?
«
on:
November 14, 2016, 09:54:46 am »
Is there somehow we can achieve this? I don´t want to use Little Snitch on my Mac.
Logged
bartjsmit
Hero Member
Posts: 2016
Karma: 194
Re: Block outgoing connection for app?
«
Reply #1 on:
November 14, 2016, 11:01:55 am »
The firewall only sees traffic identified by the source IP, destination IP, protocol, source port and destination port (for those protocols that use ports).
Unless the application is uniquely identifiable by those, you cannot block it. OPNsense has no agents on the clients that can tie their traffic to a specific process on the client.
Bart...
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Block outgoing connection for app?
«
Reply #2 on:
November 15, 2016, 05:27:43 pm »
Blocking by IP destination is often the best approach, granted a good list for the app can be found.
Cheers,
Franco
Logged
Zeitkind
Full Member
Posts: 180
Karma: 27
Re: Block outgoing connection for app?
«
Reply #3 on:
November 15, 2016, 08:41:38 pm »
Many bigger companies like Adobe use Akamai, aws & Co. for their servers, so it's almost impossible to block by IP-address. Also any other round-robin-loadbalancer will make this approuch fail as well.
I often have the same problem - but vice versa, i.e. allowing connections to eg. Adobe's licence servers fails, because they change their IP-address a lot and any client will get a different random IP-address it then tries to connect to renew its licence. So 10-80% of all clients start losing their licence because they can't connect to "their" licence server, it's just odd. Nailing down some IPs by adding them to the interal DNS is one approuch, but the IPs just float around, it's annoying.
Logged
chemlud
Hero Member
Posts: 2485
Karma: 112
Re: Block outgoing connection for app?
«
Reply #4 on:
November 15, 2016, 09:13:34 pm »
The only solution I have is for Win machines with (GData) personal firewall, there (above the OS-level) you can choose for each application the way to internet (or not).
For some applications (e.g. firewall sig updates) you can allow (!) some IPs to make it work at the perimeter firewall.
In general, in a secure environment I would BLOCK anything by default and start fishing from the firewall log the IPs to allow (or not) for individual apps. There is no perfect way to make this work from the perimeter firewall today. AFAIK Snort has a relatively new feature for application-based rules...
«
Last Edit: November 15, 2016, 09:15:08 pm by chemlud
»
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
Block outgoing connection for app?