Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Can i create a rule to block a specific application?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Can i create a rule to block a specific application? (Read 3250 times)
sairfan1
Newbie
Posts: 6
Karma: 0
Can i create a rule to block a specific application?
«
on:
June 27, 2022, 07:32:44 pm »
I got back to firewall world after a very long time, last time i used ISA Server where i had the option to stop an application to communicate to internet/WAN network for example
I can create a rule that block any traffic coming from any internal network/IP sent through application skyp.exe
if that is something not possible through OPNSense, can you please advise what could be the closest solution, how can i filter traffic to understand blocking parameters for example
Can I create a rule to show only out going traffic from internal IP xxx.xxx.x.x containing URL/Querystring 'xyz'
Logged
meyergru
Hero Member
Posts: 1710
Karma: 167
IT Aficionado
Re: Can i create a rule to block a specific application?
«
Reply #1 on:
June 27, 2022, 08:30:27 pm »
As far as any specific application goes, you can block on an IP / port basis, because that is what a socket is, namely a quadruple of src/dst IPs and Ports. If you know the specific application ports and can be sure that nobody just alters them to fit their needs (i.e. circumvent your filters), you can disable that.
Other than that, some applications can be seen by introspection of the traffic itself, but that is getting much more difficult these days because most applications communicate with encryption.
TLS/HTTPS is not an exception to this rule, but there is a possibility to have your firewall be set up as a mandatory proxy in which case you could do MITM via two bidirectional encrypted channels (client <-> firewall <-> target). Other than that, you can only see / filter the target host and not the URL with TLS.
Identifying the process is virtually impossible because you do not see that on the line, either.
If your target is to lock down specific machines to do only what you allow them to, you would have to use a software firewall on the client machine (like Microsoft parental controls). If someone can install software on the client, they can easily circumvent your filters by VPN solutions.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
Mbl
Jr. Member
Posts: 78
Karma: 6
Re: Can i create a rule to block a specific application?
«
Reply #2 on:
July 04, 2022, 12:21:55 pm »
Depending on the application you would like to block, you cloud use Sensei / Zenarmour plugin to do so.
Checkout this section in the forum:
https://forum.opnsense.org/index.php?board=38.0
Logged
Vilhonator
Full Member
Posts: 245
Karma: 13
Re: Can i create a rule to block a specific application?
«
Reply #3 on:
July 04, 2022, 01:11:19 pm »
It is possible to use Snort or Surricata to block specific applications, you can either go for free sollution which is createing custom rule or paid sollution and try to find Surricata or Snort license seller, which has applications included on their rulesets.
You can also TECHNICALLY block apps based on local ports they use (for example in windows firewall you can assign them to use specific local port instead of any on outbound connections)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Can i create a rule to block a specific application?