Time ago I opened this issue on Bugzilla. I thought it was a common issue for most people using URLFilter, but since it has not been assigned yet I now wonder how other users usually update and maintain their blacklists. Is there a way to tidy and keep them in sync with the remote source, or how do you behave? Should I not care about sinking them with the University of Toulouse’s ut1-blacklists as they are automatically kept updated together with the IPFIre Core?
WebProxy and URLfilters might be IPFire features that don’t get a lot of attention from the community.
I haven’t used the URLfillter for a long time because it doesn’t catch most of HTTPS traffic.
University of Toulose list might be one of the last lists that are at least partially maintained. But if it works for you, you should keep syncing it.
I am also wondering what most users do to keep the URLblocklist updated. Majority of IPfire users might be using DNS filtering,
The problem with DNS filtering is that it is trivial to bypass, either by configuring another DNS locally or by connecting to web sites directly typing their IP address. The only solution that I know which is not easy to bypass is to use the firewall to black any connections from the internal networks to the external network (set “Firewall / Firewall Options / Default firewall behaviour / Forward” to “Blocked”, see here) and then to enable the Web Proxy with URLFilter. This way all the users within the internal networks are forced to use the proxy to access the Internet. See also other explanations here and here.
1 Like
You can fix that though by blocking any outbound access to the internet unless you are going through the web proxy. Then you cannot go around it any more.
We are currently working on some additional features that will help you block any attempts to work around the web proxy.
It certainly is not a majority as IPFire does not offer this feature out of the box right now. There is a group here on the forum that have worked on an externally maintained implementation which has a few users.
2 Likes
That is a very good point.IP Address blocklist might help with that as well as redirecting DNS requests
My question is, would IP address blocklist using a list of “domains” be able to block requests for both the IP address and the domain name.
I see a note in the “sources” file that says “ net-list “ does that refer to a “domain name” ?
42 'parser' => 'ip-or-net-list',
or does it require and actual IPv4 address?
19 # parser The parser function used to extract IP addresses from the #
20 # downloaded list
1 Like
It is on my list of things to do but as I have quite a large list it will take some time before I can make the time to get around to it. Of course any issues flagged up from Core Updates, especially those not picked up during Testing will end up diverting me to get involved, with the other devs, to solve them and of course this regularly prevents us from spending as much time as we would like on IPFire-3.x
There are 145 open bugs in IPFire-2.x
Total bugs for all systems, including infrastructure, web site etc are 374
All users (private and business) feel free to support your favourite firewall with donations to help us actually fund more resources/time to work on more things.
1 Like