Connections: unwanted connections

First connections are to USA. USA is GeoBlocked. Connection is before web browsing. Want to eliminate the internet connection to USA (could be anywhere)
SEE image

How are you currently Geo blocking the connections to the US?

Why the connection to USA?

Look here
https://wiki.ipfire.org/configuration/firewall/geoip-block

The GeoIP block feature only applies to inbound connections. You cannot block outgoing connections with it, please do so by creating firewall rules.

Good point about geo-block.

The question can be better stated by asking:
what process has called for the USA connection?
When the log is examined first thing in the morning
when/where there has not been any use of the firewall
or when the firewall is started the connection is present.

What would a fw rule look like in the case presented?

The point has been made that geo-block isn’t the issue.

The question can be better stated by asking:
what process has called for the USA connection?
When the log is examined first thing in the morning
when/where there has not been any use of the firewall
or when the firewall is started the connection is present.

What would a fw rule look like in the case presented?

The 17 class A belongs to Apple Inc. so your laptop (.100) tried https://apple.com (port 443)

I had looked that up too. The apple computer was
used to communicate with the ipfire to check the
logs. The connection must have been made in an
instant.

But then again, that is just the point of privacy
and I don’t want that connection telling apple
my start/stop and other operational activities.

I’ve tor and vpn, but ipfire doesn’t accept
those for accese to the interface.

any idea where/what in the laptop that causes
that connection? I tried blocking that with
the blacklist feature in the web proxy section.

Hi,

in case you distrust your devices that much, I suggest to set up a dedicated machine (could be a Raspberry Pi or similar) for accessing IPFires web interface and/or SSH port. It does not need to be granted any access to the internet, except for downloading updates periodically.

The connection must have been made in an instant.

This could be a probe if the machine is connected to the internet (Android phones do so as well). Not necessarily harmful, but Apple is probably aware of your public IP now. On the other hand, since they effectively control the operating system you are running, they will most possibly find that out either way.

But then again, that is just the point of privacy and I don’t want that connection telling apple my start/stop and other operational activities.

The solution is simple albeit uncomfortable: Do not use your Apple device then. Needless to say, Microsoft is not better.

I’ve tor and vpn, but ipfire doesn’t accept those for accese to the interface.

I do not understand what you are trying to say. Are you attempting to access the web interface via Tor or through a VPN connection established to an external provider? Both won’t work, and there is no legitimate reason why it should.

(Please refer to this thread for further information why using a VPN provider is a bad idea.)

any idea where/what in the laptop that causes that connection?

Nope, sorry. You might find that out by snooping on the laptop itself, but with a closed-source operating system, I suspect there is little you can do.

Thanks, and best regards,
Peter Müller

1 Like

Thanks Pete, I’ll close the ticket resolved. The firewall was able to block the apple connection and as expected the firewall reported more than 700 hits blocked and the ipfire internal temperature cooled by two degrees.

There is a Mac OS application named Little Snitch that might help. But it will give you a flood of information (and many “Deny or Allow” decisions).

PS - I have no connection to this company. I tried this many years ago but eventually removed it.

[…] and the ipfire internal temperature cooled by two degrees.

I’d be surprised if that was related. :slight_smile: Anyway, marking this as solved.