Questions tagged [firewalls]
Concerned with software or hardware firewalls
1,176 questions
2
votes
2
answers
222
views
How to prevent javascript in a single webapp from communicating with outside servers
I want to use certain javascript webapp running in browser and be certain it doesnt send data outside.
I self host this webapp on my own server and connect to it via my PC browser. So I can edit ...
- 23
0
votes
0
answers
79
views
Stateful firewalls and the 'RELATED' state
For years, I've used the following to accept 'RELATED' packets:
...
/usr/sbin/iptables -P INPUT DROP
...
/usr/sbin/iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
...
Use the ...
- 1
1
vote
1
answer
179
views
De-anonymization of VPN use through broken killswitch?
This answer to a question about how to make a killswitch for use with a VPN states "don't simply whitelist port 1194 or you will allow trivial deanonymization" and this answer to a similar ...
- 111
1
vote
0
answers
115
views
Is it possible to firewall a named pipe connection?
I've recently set up a lab where I've been trying to emulate lateral movement from a Windows 10 client machine to a domain controller assuming the Windows 10 actor has domain admin rights. And came ...
- 11
0
votes
0
answers
112
views
Is a Layered Security Setup (Pi-hole in VM + SimpleWall + Portmaster) Worth the Complexity?
I’m looking to maximize the security of my Windows system by using a layered approach and would love to gather opinions and insights from the community.
My Setup:
I run Pi-hole in a VirtualBox VM ...
6
votes
1
answer
2k
views
Is there a security benefit from adding a dedicated router to a network of 1 PC?
If I have a single computer with a direct connection to the Internet (and a real external IP address from the ISP), does it make sense security-wise to put a dedicated router between the computer and ...
- 1,122
0
votes
1
answer
457
views
Secure home network running Linux
I'm using Kubuntu 24.04. In my understanding, antivirus in Linux is not really a thing or needed, so my question is targetted specifically about firewall.
For a home laptop that will run server ...
- 221
2
votes
2
answers
314
views
How do I start servers in my home laptop but make sure all incoming connections are blocked?
I have a Kubuntu 24.04 and for development purposes I want to run servers such as Kubernetes, Docker, MySQL, Zookeper etc that open connections and listen.
I do not want any sort of incoming ...
- 221
2
votes
1
answer
233
views
Why does Windows Defender Firewall show some seemingly conflicting rules for a process? Do I misunderstand something? If not, which rule prevails?
From my understanding, Windows Defender Firewall claims that PyCharm 2024.2.3 (which I just take as an example) is allowed to communicate on public networks:
However, from my understanding, the ...
1
vote
0
answers
102
views
Sony tv is sending udp packets to my firewall [closed]
I've noticed that the sony bravia tv is sending udp packets to my ip and they are blocked by ufw (firewall)
Jan 09 16:56:09 my_host kernel: [UFW BLOCK] IN=wlp58s0 OUT= MAC=4c:1d:96:8b:8a:44:e8:6f:38:...
- 11
1
vote
0
answers
114
views
Is disabling TCP state check a significant security loss in a firewall?
We have a higly dynamic and asymetrical network topology for a specific projet using FortiGate firewalls.
Because of asymetry, some communications are sometimes dropped because firewalls only see one ...
- 11
2
votes
1
answer
640
views
Does geo blocking whole countries objectively increase security? [duplicate]
I often see whole countries being blocked using GEO-IP blocks in network firewalls and even in web application firewalls. Often with great anecdotal success in reducing the amount of registered ...
- 7,715
1
vote
1
answer
224
views
Redirect all outgoing http and https requests to Burp using nftables
I'm working on a very limited client (based on Poky from the Yocto Project), on which I want to redirect all http/https requests to my other machine on the same network. I have nftables available on ...
- 105
0
votes
1
answer
114
views
Is WAF fingerprinting a security threat, and can it be obfuscated?
Various tools, such as WAFW00F, can be used to detect the presence, and often even the type, of WAF deployed on a website.
And according to this article:
[WAF fingerprinting] works by analysing the ...
- 4,795
4
votes
2
answers
236
views
Logging Strategy (high costs for storing all logs)
In our organization, we use a GCP setup with Kubernetes. We generate tons of firewall logs as we provide a digital service that generates a high volume of requests from our users. Storing all these ...
- 41