Another nifty thing you can do with a Linux/UNIX firewall...

Discussion in 'other firewalls' started by Gullible Jones, Dec 13, 2015.

  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    By way of example:

    screen.png

    On unencrypted HTTP connection (and FTP as well in nontransparent mode), you can block file downloads by extension. Like, say, blocking Windows executables from websites you've never heard of, while allowing executable downloads from (supposedly) trustworthy sites.

    (Note: I tested the above configuration in IPFire, and it works as intended. But yeah, it's not completely intuitive, and the interface is a tad quirky. So YMMV.)

    ...

    One could also do this on HTTPS (in nontransparent mode), with a distro like PfSense that actually supports SSL MITM proxying. Not sure I'd want to do that, though; since it provides a single point at which an attacker could monitor all of your traffic, even encrypted stuff. Still not sure if the benefits outweigh the risks there.

    ...

    Also, it's probably good to force FTP through the proxy as well when possible. On IPFire that requires nontransparent mode. A little more annoying, but probably worth it - I've seen ITW attacks that downloaded stuff over FTP.
     
Loading...