Tuesday, May 5, 2015

windows xp - Block all network traffic from/to laptop except explicit apps/protocols/targets?


Usually I connect my WinXP laptop via WiFi to my home LAN, but sometimes I have to use tethering with cellular phone where traffic prices are very high ($1 = 2 MB traffic counted in both directions).


The first problem - most software firewalls have some whitelist to allow common targets, like microsoft updates.


The second problem - manual whitelisting desired application (like firefox) causes all hidden activity of this application (plugin upgrades, new version checking) goes through too.


How do you deal with this issue? I'd like to use as low bandwidth as possible, even if there are some inconvenience, but even basic internet activity like browsing adds unexcpected overhead for all common browsers...


Answer



Most of the major firewall software packages are two products in one. They are application gateways and packet filters.


The rules you are talking about for allowing/disallowing specific applications is part of an application gateway. What you need to do is find the settings for the packet filter part of the firewall. If you post what firewall you are using someone might be able to guide you on how to setup the packet filter rules for that package.


Alternatively you can look specifically at a packet filter only firewall. GhostWall is one I've used in the past and can say is fairly easy to set up and doesn't have any negative effects on performance. It works by configuring a list of "rules" that state exactly what types of packets (and their destination/source addresses) are allowed through, these rules are processed in order, so you just specify your allow list of known IPs that you want to use, and then make your final rule "and block everything else". (Or you specify your block list, and make the last rule "allow everything else")


You will always struggle to prevent all unwanted traffic, because you either have to allow stuff, and block what you don't want, and there will always be something you haven't blocked. Or you block everything by default and only allow specifically what you do what, but you'll spend ages configuring it for all the websites you want to use (unless you use a very small subset of the web like your work VPN or something and that's all you need).


I would suggest looking at two plugins for your browser:


1) An ad blocker of some kind. This will reduce the ad traffic on any site you browse.
2) NoScripts. This will block scripts on all sites you visit until you allow them. This often has the effect of the site falling back to their simpler HTML only version which will more often than not require less downloading.


Finally, you could consider looking at a hosts file blacklist. The hosts file is a list of IP address and domains and how they should be resolved and can be used to blacklist certain sites that you don't want visited. If you Google around you should be able to find a community maintained hosts file that blacklists all the major ad servers.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...