GyulyVGC
Firewall capabilities: block unwanted traffic 🛡️
"Comfortably monitor your Internet traffic".
This has always been our motto.
Sniffnet surely enables everyone to monitor their network activity. However, a huge step ahead will be made once the app will also permit to manage such network activity.
Sniffnet, thanks to its polished dashboards, already allows to identify traffic that may look suspicious or unnecessary. Imagine the intuitiveness of Sniffnet paired with the ability to control the network flows at your discretion: a simple click would be enough to block unwanted network hosts / services / programs.
This is where introducing firewall capabilities comes into play.
All the major operating systems have built-in firewalls that Sniffnet can use to implement such a behaviour. I'm talking for instance about:
- nftables (on Linux)
- Windows Firewall (on Windows)
- Packet Filter (on macOS)
Sniffnet must be able to seamlessly integrate with the aforementioned native firewalls to perform the following:
- block all the IPs associated with a selected network host
- block all the IPs associated with a selected upper layer service
- block all the IPs associated with a selected program / process
- enable / disable / clear previously configured firewall rules
- provide a new user-friendly in-app page to interact with all the configured firewall policies
Blocking all the IP addresses associated with a given entity (network host / service / program) isn't trivial, and will require the support for periodically updating firewall rules to include new IPs attempting to generate traffic from an entity previously blocked by the user. This behaviour must also be reversible: in case a user decides to unblock a previously blocked entity, all of its IPs must be unblocked without causing conflicts or race conditions.
The implementation will require a considerable effort, especially considering that this a platform-dependant, low-level feature. But finally, we'll be able to upgrade our motto. Because sometimes, a single word makes a huge difference.
"Comfortably manage your Internet traffic".
Why IPs? blocking or permitting domain names would be better if possible?
Why IPs? blocking or permitting domain names would be better if possible?
Using domains isn't reliable, since most of the times the domain name you see from DNS is the one of the service provider (Akamai, GoDaddy, etc) rather than the website itself.
@GyulyVGC Not exactly. I'm not talking about DNS-based blocking. During HTTPS/TLS, there is a domain field that's verifiable. Suricata uses it to block domains. That's what I am suggesting, instead of IP and instead of DNS.
I see. Sniffnet doesn't keep track of such domains at the moment. So probably we should first parse those; feel free to open an issue if you like.
I have dropped using Windows Firewall a long time ago and instead got invested in Fort Firewall which is a much more robust, fast and feature complete firewall solution.
Features like rate limiting, temporary permissions, active notifications about EVERY application that tries to use the network, etc. are now things I can't live without
I believe that this (sniffnet) project, could benefit alot from not even attempting to integrate with Windows Firewall and instead, either adapt Fort Firewall code (written in C & Cpp) to Rust, or integrate with Fort Firewall through a library and just match the UI.
P.S. I've just stumbled up on this tool (sniffnet) in a Wireshark discussion and got curious about the Firewalling feature and decided to leave my 2 cents. ✌
I see. Sniffnet doesn't keep track of such domains at the moment. So probably we should first parse those; feel free to open an issue if you like.
@nnWhisperer just FYI, I've opened it: #944