After setting up IPFire, to see if it is working, I opened my college page, after this I checked IPFire’s connections sections, in there, there were literally hundreds of connections to unique IP addresses. Before I accessed this web page, there were 60 or so entries in the IPFire’s connections section. After opening the college page, there appeared to be more than 200 connection entries. I’m guessing less than 10% of those are DNS, most of them were to unique IP addresses, they belonged to 7-8 different countries, mostly to USA.
The college page I checked didn’t actually have many active scripts, there appeared to be few ads, checking the HTML source code also didn’t reveal that many links to different sites, most of them were in-domain(referred to resources on college’s sites).
It was really this which prompted me to ask for that feature request in my other thread. I wished to add all those suspicious IP addresses to block list and prevent my computer from making and receiving those connections.
This was one of the main reason for setting up a firewall and choosing IPFire, as I suspected my computer could be infected with a RAT, and I wanted to block it from communicating with their owner.
No this isn’t normal.
A web browser normally does not open more than 16 connections to the same web server. You might have some CSS, JS, etc. that is being downloaded from other servers, but normally you should not see more than two connections to those servers (depending on how many files you are pulling in).
If you have 200 different IP addresses you are connecting to, it is not feasible to manage a black/whitelist. You should rely on the IPS and use URL filter to block any spyware/malware/ad tracking/etc.
Thanks for this information and clarification.
Can you tell me why Firewall distros don’t show the configuration options which they show in web interface on the computer they are running.
Like if I setup IPFire on a computer called A, when I boot up this computer, I get IPFire’s command prompt but not the options I see in it’s web interface, to access the web interface I have to type in this computer A’s IP address in a browser and access it. This seems to be same with all firewall distros.
Wouldn’t it be better and more secure if it showed the options found in web interface on the computer on which the firewall distro is installed, like after booting up, instead of showing command prompt, show the options it shows in web interface. If a user setup a firewall on a different computer, the only way to access it’s web interface to manage it is from other computer, let’s call it B, if there was malware on B, when the user types in username and password, the malware can use this to compromise the firewall by changing it’s rules.
It seems like it would be better if users were also given an option to manage a firewall on the computer on which it is installed.
I don’t think people who run a machine without display output will like that.
It can provide options for both, on the display and in the web interface. Advantages far outweigh the disadvantages. Or give an option at installation if the user would like the configuration to be displayed on installed system and make it available through web interface.
You anyway cannot install firewall distros without a display, even to manage some aspects of the firewall, you need a display connected to the system on which firewall is installed. So not allowing these options seems counter-intuitive and a security risk.
You can install the elinks addon (text browser) to access the webif on cmd line. (With core141 it will always installed)
Back in the 80s, too old for me . I’m curious.
Thanks for this suggestion.