forum.excito.org

I would like to see more powerful firewall controls in the web interface for those that don't want/can't do it manually.

For example i wish that i have a setting for blocking.

# blocking outgoing traffic to a specific webpage/ip for all users of B2/B3 or just for some user (based on IP or MAC)

# blocking incoming traffic from target specified by you

Is this something you have planed to implement in the future?

Others can also fill in to this topic if they wish something more concerning the firewall.

I would very much like to be able to add hostnames rather than IP addresses in the "Private IP" column under "User defined open / forwarded ports".
I think I have pointed this out before on the forum...

Blocking traffic to a specific web page sounds more like a task suitable for a proxy. It would be very nice though to have proxy stuff built in to the gui configuration...

Thinking about firewall stuff that I'm missing from the gui I can't really come up with anything. The only iptables stuff I have done that I couldn't do through the web interface is some stuff related to a openvpn tunnel that I have between my B3 and another place. Openvpn stuff would be nice to have in the interface though

(I realize this post feels a bit fuzzy, both stuff that I requests contains the word "stuff". I could specify what I mean if you want...)

/Daniel

DanielM wrote:Blocking traffic to a specific web page sounds more like a task suitable for a proxy. It would be very nice though to have proxy stuff built in to the gui configuration...

Thinking about firewall stuff that I'm missing from the gui I can't really come up with anything. The only iptables stuff I have done that I couldn't do through the web interface is some stuff related to a openvpn tunnel that I have between my B3 and another place. Openvpn stuff would be nice to have in the interface though

(I realize this post feels a bit fuzzy, both stuff that I requests contains the word "stuff". I could specify what I mean if you want...)

/Daniel

Why is it not a good idea to let iptables take care of and block traffic to specific web pages/domain?

It would be so nice to have the feature in the GUI...

blacklodge wrote:Why is it not a good idea to let iptables take care of and block traffic to specific web pages/domain?

It would be so nice to have the feature in the GUI...

All i meant was that if iptables would take care of this blocking it would be just blocking of specific sites and nothing more which feels like a kinda limited function. A full-blown Proxy could do much more nice stuff.

My kids are 5 and 7 and they don't surf the net by themselves yet, but in a couple of years I guess I'll be needing web filtering. I just hope there is a nice web interface for it by then

/Daniel

The children-filtering has been considered and is (somewhere) on our list, and then also includes internet access only between certain times from certain clients etc. But nothing decided or firmly specified yet. I'll make a +1 for that.

Are there other use cases you also like apart from the children filtering?

johannes wrote:Are there other use cases you also like apart from the children filtering?

Built in home automation?

/Daniel

If possible it would be nice to be able to block out torrent traffic from certain clients and not just block access to certain torrent trackers web-pages.

Also i would like to be able to block out access to \\bubba\storage for certain users so they just can use the internet connection.

DanielM wrote:

blacklodge wrote:Why is it not a good idea to let iptables take care of and block traffic to specific web pages/domain?

It would be so nice to have the feature in the GUI...

All i meant was that if iptables would take care of this blocking it would be just blocking of specific sites and nothing more which feels like a kinda limited function. A full-blown Proxy could do much more nice stuff.

My kids are 5 and 7 and they don't surf the net by themselves yet, but in a couple of years I guess I'll be needing web filtering. I just hope there is a nice web interface for it by then

/Daniel

O/T: I've started to consider this as my kids are getting older and I find OpenDNS does a fine job. They're not savvy enough (or even do they want to ATM) to circumvent it by using IP addresses at the moment but maybe in 10 years time I might need to rethink this approach.

RandomUsername wrote:O/T: I've started to consider this as my kids are getting older and I find OpenDNS does a fine job. They're not savvy enough (or even do they want to ATM) to circumvent it by using IP addresses at the moment but maybe in 10 years time I might need to rethink this approach.

And you don't think your kids will be able to surf using 4G or hsdpa or whatever to just bypass your dear Bubba in ten years?

/Daniel

DanielM wrote:

RandomUsername wrote:O/T: I've started to consider this as my kids are getting older and I find OpenDNS does a fine job. They're not savvy enough (or even do they want to ATM) to circumvent it by using IP addresses at the moment but maybe in 10 years time I might need to rethink this approach.

And you don't think your kids will be able to surf using 4G or hsdpa or whatever to just bypass your dear Bubba in ten years?

/Daniel

Yes, hence "maybe in 10 years time I might need to rethink this approach." ;P

RandomUsername wrote:

DanielM wrote:

RandomUsername wrote:O/T: I've started to consider this as my kids are getting older and I find OpenDNS does a fine job. They're not savvy enough (or even do they want to ATM) to circumvent it by using IP addresses at the moment but maybe in 10 years time I might need to rethink this approach.

And you don't think your kids will be able to surf using 4G or hsdpa or whatever to just bypass your dear Bubba in ten years?

/Daniel

Yes, hence "maybe in 10 years time I might need to rethink this approach." ;P

In 10 years we will see the new "Bubba 2020" on the market and that badboy will block everything ))

blacklodge wrote:In 10 years we will see the new "Bubba 2020" on the market and that badboy will block everything ))

Yep. And it will include a jammer

/Daniel

Hello,

I use squid and squidguard which is very good for my kids.

Everyone logs in to windows by using name and password (they connect to the proxy).

I use a blacklist for surfing and a whitelist for the kids.

So the kids can only surf on the white listed sites (just a text file in squid).

When the grow older (now 3, 5, I will need a better solution but for now this is perfect.

Puma