Hey guys,
im fairly new to ipfire and im wondering how i can configure my firewall to ONLY allow 2 https website to be used and everything else pretty much blocked, would appreciate some help.
Thanks
Hey guys,
im fairly new to ipfire and im wondering how i can configure my firewall to ONLY allow 2 https website to be used and everything else pretty much blocked, would appreciate some help.
Thanks
block incoming (firewall options)
block outgoing
block forward
Make two forward new rules, f.e.
source green to ip of the website, define port (firewall rules)
@insolencee - Welcome to the IPFire Community!
This should help get you started (lots of reading, sorry!):
This will help with the above two:
https://wiki.ipfire.org/configuration/firewall/default-policy#default-firewall-behaviour
This might help with this one. These are sample but I did not see one directly related to your request:
https://wiki.ipfire.org/configuration/firewall#examples
Thanks guys i will try it out
ive tried using the web proxy and url filter with the custom blacklist url .
is there any other way i can use the url filter and the web proxy?
Maybe… To get the web proxy and URL filter to work with HTTPS you’ll need to disable Transparent
See the first Note here:
https://wiki.ipfire.org/configuration/network/proxy/url-filter
I don’t use the web proxy & URL Filter in this way so I don’t know for sure. Hopefully someone more skilled will answer.
If the websites in question can be identified by their IP addresses, you can create a firewall rule that allows traffic only to these addresses and blocks all other traffic.
However, if you prefer to use DNS records, you’ll need to use the proxy Access Control Lists. Keep in mind, as @jon mentioned, HTTPS traffic cannot be transparently redirected to the proxy. This means you’ll need to block with a firewall rule all outbound traffic that’s not directed to the proxy. It’s also important to note that your network’s clients must be configured to use the proxy. As a result, you may need to assist your users in setting up their web browsers to ensure this configuration.