Do you have a list with best firewalls that can be used in linux and send NO data to the owner/company…?
I founded this one: https://github.com/safing/portmaster/
What do you think and what do you use to block unwanted trafic for apps that you need to use [Linux/Unix]
I guess nftables (successor of iptables) can do it all. It’s still on my “to be learned” list.
I don’t know if there are GUIs to make it easier. Maybe you have to do it all manually. So maybe other solutions are easier for users.
Well actually not only firewalls … as we need first a way to listen to apps and see where they are sending data [so … in order to use a firewall you need to know what to block, if required].
e.g. if you want to block some data from rhythmbox [don’t know if you need, maybe I’ll find] you first need a way to listen to it and see if data is send on the internet from it [as normaly, for my needs, I don’t need that so I’d like to block all requests from it to go to the internet]
Firewalls usually blocks trafic on ports, I’d like something that it is blocking on the application level not port level
LE. I’d like a tool to monitor my OS as well to see what data is going out from it and if something is sent to a fishi domain to block that [I can do this with firewall, but I need first to have an eye to the requrests]
Ports are mapped to processes. So it should be possible to figure out which process is using which ports.
[humor mode on]
There’s the old tried and true entries in the old inetd.sec file for two apps (and whatever else the man page says):
ftp deny \
*.*.*.*
telnet deny \
*.*.*.*
[humor mode off]
What about setting up PiHole to monitor the device as you use it? You might have to use one app at a time to see which, if any, are contacting sites outside your LAN, but it shouldn’t be too difficult to identify the guilty apps.
Won’t PiHole only be able to monitor DNS queries that are directed to it? So if an application makes a DNS query via a different DNS server (intentionally bypassing the host configuration) or an application accesses the internet without using DNS, you won’t see it in PiHole?
In my router, for example, if a device ignores my LAN’s DNS server (which is now actually the Raspberry Pi, unless I route a certain device through the router for DNS instead), I can set a static IP for that specific device and mandate it to the Raspberry Pi as its DNS server (via the PiHole installation). I had to do this with my Roku, as it always tried to ignore my router’s designated DNS server (the RPi). Now I’m seeing its many queries in the PiHole dashboard, to sites like scribe.logs.roku(dot)com, google-analytics(dot)com, stream1.xdevel(dot)com, rtl-radio3-stream-thron(dot)com, rtl-radio3-stream-thron.akamaized(dot)net, some of which are “forwarded to one.one.one.one#53” (presumably Cloudflare on port 53…?), etc. Previously I had noticed in my router’s connections log that it was trying to reach 8.8.8.8 all the time.
My Android phone shows many connections to google(dot)com, connectivitycheck.gstatic(dot)com, play.googleapis(dot)com, and - fortunately - dns.decloudus(dot)com. (And on my Android, I’ve always disabled as much Google stuff as I can without replacing the OS!)
For, say, a suspect application on a particular device that’s using PiHole for DNS, you could start using the application and observe if any hidden connections are happening from that device in the PiHole dashboard. It’s not precise, but using one app at a time could help identify where any nefarious connections are originating.