homebox
homebox copied to clipboard
Restrict internet access from the box to the minimum
Ideally, the box should only have access to a few internet sites, all the rest being blocked and logged. For instance, access to Debian repositories, ClamAV updates, rspamd repositories, etc.
- A whitelist / blacklist proxy, like tinyproxy might be enough.
- Adding appropriate firewall rules to automatically redirect the traffic to the proxy might be interesting.
I may need to switch from ufw to iptables
I have a shorewall based ansible role that I forked a few years ago that I've been using continuously on multiple servers, and even my home router with great success:
https://github.com/senorsmile/shorewall_simple
Perhaps we can use nftables, on bullseye, for this. Since some components are optionals, using ansible to deploy nftables scripts, and include them in one parent script seems to be the right approach to me.
Implemented