Block URLs for Specific Machine

General questions.
Post Reply
GMJ23
Posts: 10
Joined: March 10th, 2018, 11:16 pm

Block URLs for Specific Machine

Post by GMJ23 » March 10th, 2018, 11:22 pm

Hello forum,

I have a network i would like to setup that has one machine in it that is only used to run a specific SAAS website for the company. I'm wondering, how can i filter the one machine on the network to only use that one specific website and block all others? I would like to allow the rest of the machines to access the internet freely but use the general website filters built into ipfire.

Thanks,

GMJ23

User avatar
Deepcuts
Posts: 372
Joined: March 1st, 2016, 3:18 pm
Location: Romania

Re: Block URLs for Specific Machine

Post by Deepcuts » March 11th, 2018, 10:55 am

I don't think you can achieve this setup only with IPFire.
I did not test it, but this might work:

Assign a static IP to that machine.
Assign a bogus DNS server to that machine. (one that will never reply to a query)
Edit the hosts file on that machine and input the real IP and fqdn of the SAAS machine so the isolated machine can resolve it.
Make sure the user cannot change network settings.
On IPFire, create a firewall rule to drop everything from the private IP of the machine in question to any.
On IPFire, create a firewall rule to allow everything from the private IP of the machine in question to SAAS IP

In theory, the above setup should block access to everything but the one IP of SAAS.

Then again, I just woke up so I might be wrong.
Image
Image

GMJ23
Posts: 10
Joined: March 10th, 2018, 11:16 pm

Re: Block URLs for Specific Machine

Post by GMJ23 » March 11th, 2018, 11:42 pm

Deepcuts wrote:
March 11th, 2018, 10:55 am
I don't think you can achieve this setup only with IPFire.
I did not test it, but this might work:

Assign a static IP to that machine.
Assign a bogus DNS server to that machine. (one that will never reply to a query)
Edit the hosts file on that machine and input the real IP and fqdn of the SAAS machine so the isolated machine can resolve it.
Make sure the user cannot change network settings.
On IPFire, create a firewall rule to drop everything from the private IP of the machine in question to any.
On IPFire, create a firewall rule to allow everything from the private IP of the machine in question to SAAS IP

In theory, the above setup should block access to everything but the one IP of SAAS.

Then again, I just woke up so I might be wrong.
Interesting solution Deepcuts. The only thing with that setup is i'd need to be able to connect to that machine still from another machine on the network for diagnostics and repairs. It's at a remote location. Do you think this would still allow me to do that with a bogus DNS?

I don't understand why i can't do website filtering on an IP level with ipfire. It does have a function to filter urls and websites, it's just global from what i'm seeing and not more granular than that. I'm thinking the only way to do this is to put a box between that one machine and the rest of the network. Unless there is a way to apply filters on a per ethernet connection segment?

GrueMaster
Posts: 17
Joined: December 28th, 2017, 2:46 pm

Re: Block URLs for Specific Machine

Post by GrueMaster » March 12th, 2018, 2:19 pm

Why not just create a couple of firewall rules? If you have the mac of the system (connected to your network, you should), you can just put it as the source for one rule, and the dest for another rule, and block either all protocols or specific ones.

GMJ23
Posts: 10
Joined: March 10th, 2018, 11:16 pm

Re: Block URLs for Specific Machine

Post by GMJ23 » March 12th, 2018, 9:18 pm

GrueMaster wrote:
March 12th, 2018, 2:19 pm
Why not just create a couple of firewall rules? If you have the mac of the system (connected to your network, you should), you can just put it as the source for one rule, and the dest for another rule, and block either all protocols or specific ones.
That wouldn't work because i essentially want the one system to function in like a kiosk mode where it only allows that one website to function and no others.

User avatar
Deepcuts
Posts: 372
Joined: March 1st, 2016, 3:18 pm
Location: Romania

Re: Block URLs for Specific Machine

Post by Deepcuts » March 13th, 2018, 12:43 pm

GMJ23 wrote:
March 11th, 2018, 11:42 pm
The only thing with that setup is i'd need to be able to connect to that machine still from another machine on the network for diagnostics and repairs. It's at a remote location. Do you think this would still allow me to do that with a bogus DNS?
You will be able to connect from any machine on the network.
Image
Image

Post Reply

Who is online

Users browsing this forum: jinnicky and 4 guests