Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is it possible to prevent installed packages (e.g. ntopng) from accessing the Internet?

    Scheduled Pinned Locked Moved General pfSense Questions
    ntopng
    3 Posts 2 Posters 105 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wolffire
      last edited by

      I really like ntopng, but I'd rather it not be able to access the internet whenever it wants.

      Is it possible to block package processes from doing so?

      dennypageD 1 Reply Last reply Reply Quote 0
      • dennypageD
        dennypage @wolffire
        last edited by

        @wolffire said in Is it possible to prevent installed packages (e.g. ntopng) from accessing the Internet?:

        I really like ntopng, but I'd rather it not be able to access the internet whenever it wants.

        Is it possible to block package processes from doing so?

        You can't block individual packages. The closest you could get is to find the domain or addresses the package is accessing and block those.

        With specific regard to ntopng, I haven't examined all the callouts but I don't recall it doing much unless you were using the licensed version (activation check), or had one of ntopng's "active" modes enabled.

        Make sure you have Active Network Discovery disabled in ntopng. It's in Settings / Preferences / Network Discovery / Active Network Discovery. This option should never be enabled on pfSense. Ditto for Active Monitoring.

        W 1 Reply Last reply Reply Quote 1
        • W
          wolffire @dennypage
          last edited by

          @dennypage said in Is it possible to prevent installed packages (e.g. ntopng) from accessing the Internet?:

          @wolffire said in Is it possible to prevent installed packages (e.g. ntopng) from accessing the Internet?:

          I really like ntopng, but I'd rather it not be able to access the internet whenever it wants.

          Is it possible to block package processes from doing so?

          You can't block individual packages. The closest you could get is to find the domain or addresses the package is accessing and block those.

          With specific regard to ntopng, I haven't examined all the callouts but I don't recall it doing much unless you were using the licensed version (activation check), or had one of ntopng's "active" modes enabled.

          Make sure you have Active Network Discovery disabled in ntopng. It's in Settings / Preferences / Network Discovery / Active Network Discovery. This option should never be enabled on pfSense. Ditto for Active Monitoring.

          Thanks for the quick answer.

          I'm a little surprised about not being able to lockdown individual processes for those 'who watches the watcher?' types of situations. Finding a dynamic workaround will be painful.

          As far as ntopng, I just don't want it to be able do anything online unless I've configured it to do so; I loath the idea of telemetry being sent off to various companies.
          Not that I've found anything (I haven't taken a serious look yet); I'm just a bit weary.

          Speaking of the settings, after reading that post about inadvertently scanning the Internet, I definitely ensured active monitoring and network discovery was turned off. 😆

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.