Advice & A Few Questions

Murus
Post Reply
Chilly
Posts: 1
Joined: Mon Aug 31, 2015 11:18 pm

Advice & A Few Questions

Post by Chilly » Tue Sep 01, 2015 12:24 am

Emerging Threats Ban List:
I. How many entries can the ban list handle?
II. Will the ban list apply to outbound traffic?
III. How is the ban list parsed and what formats will it accept e.g *.p2p formats, such as those provided by iblocklist?
IV. Can you load a ban list locally from a file instead of an URL?

Scenario:
I. Is it possible to block all outbound traffic to facebook.com for example, if not the specific IP addresses, the outbound DNS requests.

I realise Murus isn't a filtering proxy, however if anybody can advise on how to block specific domains I would very much appreciate your help! Thank you in advance.

hany
Posts: 481
Joined: Wed Dec 10, 2014 5:20 pm

Re: Advice & A Few Questions

Post by hany » Tue Sep 01, 2015 12:53 pm

Emerging Threats Ban List:
I. How many entries can the ban list handle?
10000
II. Will the ban list apply to outbound traffic?
yes
III. How is the ban list parsed and what formats will it accept e.g *.p2p formats, such as those provided by iblocklist?
web server output is parsed using this shell command:

Code: Select all

sed -n '/^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/p'
this happens inside a bash script installed by Murus in /etc/murus.updatethreats.sh.
I've never tried other sources than the one provided by default, but I will look at it.
IV. Can you load a ban list locally from a file instead of an URL?
I've never tried it but it should work. Just put file:/// instead of http:// in the URL field, and use the full path.
For example:

Code: Select all

file:///Users/chilly/Desktop/blockedIPs.txt
Scenario:
I. Is it possible to block all outbound traffic to facebook.com for example, if not the specific IP addresses, the outbound DNS requests.
I realise Murus isn't a filtering proxy, however if anybody can advise on how to block specific domains I would very much appreciate your help! Thank you in advance.
you can create a group and put host names and/or IP addresses, then put this group in black list. Anyway this is not the best approach to block access to a web site, because it may change IP address. Using hostnames in PF configuration is also not safe, because if a DNS is not available (or too laggy) when you boot your Mac, the whole PF configuration will not load. Anyway you can use Murus Menulet to always be sure that a valid Murus setup is currently running.
We are developing Murus Services, a free companion app for Murus which includes a Web Proxy server. Using this app you can easily block domains. It's in beta stage now, you can get it and test it (see here http://murusfirewall.com/forum/viewtopic.php?f=2&t=281)

Post Reply