Administration of all incoming / outgoing traffic ideas

Biosko · 08-20-2015, 09:16 AM

Hello,

I would like to set up a firewall solution into my network.

The idea is to block all internet traffic (incoming/outgoing) and only use white-list for approved connections.

The question is how to handle it?

I thought about iptables rules. Block everything, log blocked traffic and allow which is needed.
This should work OK for programs/daemons.

Problem is how to handle http/https traffic. There is endless list of http pages also many are using CDN for content so it will be very hard to just allow and maintain white-list of ips.

How do you usually handle this? Maybe squid? Can you give me some ideas please?

The idea is not about restrict some content to users but be in control of incoming and outgoing traffic.

Thank you!

unSpawn · 08-20-2015, 03:57 PM

Quote:

Originally Posted by Biosko

The idea is to block all internet traffic (incoming/outgoing) and only use white-list for approved connections. (..) Problem is how to handle http/https traffic. There is endless list of http pages also many are using CDN for content so it will be very hard to just allow and maintain white-list of ips. (..) The idea is not about restrict some content to users but be in control of incoming and outgoing traffic.

If you want total control then having to approve connections is just the thing you'll have to live with. Can't have it both ways. More importantly, what you forgot to explain are the reasons why you would want total control...

Habitual · 08-20-2015, 05:24 PM

Quote:

Originally Posted by Biosko

There is endless list of http pages also many are using CDN for content so it will be very hard to just allow and maintain white-list of ips.

All the IPs should be YOUR CDN Provider's.
Not so hard to maintain.
Why do you say it will be "very hard" to maintain a whitelist of known and approved IPs?