Blockout all traffic

Hi, am a beginner with IPFire.
I would like to use Win 11, but for me it transmits to many data into the Internet. So I would like to block all outgoing traffic, but not Browser and Emailprogram, maybe other additional programs.

So I would like to ask for some concrete help:

• How can I concret block any outgoing traffic?
• How can I find out, which port for example is the browser using?
  (Or can I even force the browser to use a specific port?)
• How can I configure IPFire to unblock this specific port?

the browser I would say that 99% of the traffic is on port 80 and 443
for mail it depends on your server but if it is on pop3 and smtp
so I would say in most cases smtp 25 or 465
pop3 110 or 995
except for errors

start here.
change the default firewall behavior.

This is a good read to get you started.
https://www.ipfire.org/blog/firewall-configuration-recommendations-for-ipfire-users
link to firewall rule creation.

Thanks so far

There is a point, where I am not sure about the policie to block all traffic and than allow only the wished.

For example I am going to do so and then free Port 443 and or 80 for the Browser. If it works than I know that it was correct.

But where do I know that no other program is using this port?

And if I would like to allow a specific program the access to the internet, where do I know which port it is using?

Or it is possible to force a specific program to use a specific port?

you can not.

The proxy would give you some filtering in that capacity

check the fire wall logs

if the program is configurable or port redirect through firewall

Service groups will be your friend.

Commercial VPNs often have the option of using port 443 for exactly the reason it is hard to block as you have to do some deep packet inspection of some sort to determine if it is standard HTTPS or if it is something like an SSL VPN.

Remember also that the “programs” are running on devices behind IPF so it is more or less impossible to work out which program is going through the firewall. There are some tools such as Netify that attempt this sort of thing.

Netify used to have a couple of tools, the Application Filter and Protocol Filter, built into ClearOS, but ClearOS is now dead. They may still provide them for specific firewalls.

Remove or disable what is transmitting telemetry and other activity.

Because you need to do this in the OS. Otherwise its going to use any available port to transmit.

Windows OS should be purged out of existence, so the ultimate solution is replacing it with Linux and ban hardware manufacturers that exclusively support Windows which isn’t a big deal since all the lower end and over priced lower end computer hardware can only use windows.

Bit sweeping. What about Chromebooks?

Hi all,

i think it is mainly nDPI which works that out in Netify. Which program might be also not that far to guess away in some cases e.g.

# root @ ipfire-prime in /tmp [19:02:42] 
$ ./nDPIsrvd_connection_tracker.py --format compact --stats | grep -E 'vpn|VPN'          
Completed connection: 2025-02-10 19:04:16.590 [57] ip4/tcp 192.168.123.123:63815 -> 172.224.137.134:443 | (Confidence: DPI Confidence) TLS.iCloudPrivateRelay [ENCRYPTED] [VPN] [Acceptable] [No risks detected]  | Total: 20 pkts / 3189 bytes (9/11 pkts, 1587/1602 bytes) | 30.310s | No hostname available
Completed connection: 2025-02-10 19:12:49.931 [151] ip4/tcp 192.168.123.123:63827 -> 172.224.55.9:443 | (Confidence: DPI Confidence) TLS.iCloudPrivateRelay [ENCRYPTED] [VPN] [Acceptable] [No risks detected]  | Total: 29 pkts / 5010 bytes (12/17 pkts, 2343/2667 bytes) | 31.134s | No hostname available
Completed connection: 2025-02-10 19:12:50.387 [152] ip4/tcp 192.168.123.123:63828 -> 17.248.248.117:443 | (Confidence: DPI Confidence) TLS.iCloudPrivateRelay [ENCRYPTED] [VPN] [Acceptable] [No risks detected]  | Total: 22 pkts / 3629 bytes (11/11 pkts, 1673/1956 bytes) | 30.678s | No hostname available

but this is may OT sorry for that .

Best,

Erik