Laptop and Wireless Tomato Router
-
Or just use a proxy, and only let the proxy out.. Then they can go scratch ;)
-
I have tried inputing these in my firewall
iptables -A INPUT -p tcp -m tcp –dport 443 -j DROP
iptables -A INPUT -p udp -m udp --dport 443 -j DROPRebooted the router.. and I still pull blocked pages on the PC with Avast DNS enabled :(
also tried
iptables -A OUTPUT -p tcp -m tcp --dport 443 -j DROP
iptables -A OUTPUT -p udp -m udp --dport 443 -j DROPstill no dice
EDIT...
OK I got it.. I was able to block port 443 through ACCESS RESTRICTIONS.. iptables do not work or have any effect on Avast DNS. -
Your iptables trouble is totally OT on this forum. Congrats on breaking HTTPS. Now they'll tunnel DNS via SSH, or via Avast Secureline (basically OpenVPN). ::)
OK I got it.. I was able to block port 443 through ACCESS RESTRICTIONS…
Hmmm. The MAC address takes about one second to change.
-
"iptables do not work or have any effect on Avast DNS."
What?? clearly you were no blocking the port they were using or there was a state already.. firewall has effect on ALL traffic!!
-
Your iptables trouble is totally OT on this forum. Congrats on breaking HTTPS. Now they'll tunnel DNS via SSH, or via Avast Secureline (basically OpenVPN). ::)
OK I got it.. I was able to block port 443 through ACCESS RESTRICTIONS…
Hmmm. The MAC address takes about one second to change.
HTTPS works fine.. I can pull ALL HTTPS sites with no issues and changing the MAC address does nothing, it is still blocked :)
-
"iptables do not work or have any effect on Avast DNS."
What?? clearly you were no blocking the port they were using or there was a state already.. firewall has effect on ALL traffic!!
I must have been using the wrong iptables or something, but as you can see on previous post, I tried all those iptables in my firewall and did not have any effect..but once I blocked port 443 in Access Restrictions it worked.
I understand that persistent user will always go through if they dedicate some time on it, but I just did not want to make it so easy for them by just having a piece of software like Avast Secure DNS allowing them to bypass my router with little effort like that.
If a user later uses VPN, well, I will deal wtih it then… there is ALWAYS a way and this will always be the game of cat and mouse :)
-
…
I must have been using the wrong iptables or something,
...I guess pfSense does not use IPtables… :P
-
well guys..thanks for your time and patience. I know that dealing with people that know nothing about networking and such can be a pain in the rear, but I really appreciate you guys taking the time, whether it was to help or to muck :)
have a good one.
-
"HTTPS works fine"
if you were blocking 443 how would https work?? So clearly your not blocking 443..
-
"HTTPS works fine"
if you were blocking 443 how would https work?? So clearly your not blocking 443..
All I know is that once I added UDP port 443 in Access Restrictions and saved the settings, Avast Secure DNS stopped working.. so I did some tests.. removed UDP port 443 from the settings, Avast DNS started working…added it back, it stopped working again...so adding that to Access Restrictiosn is doing something...at least is doing what I needed it to do.
-
so your blocking only udp 443, that would explain why https works.
-
so your blocking only udp 443, that would explain why https works.
perhaps.. as you can tell I know very little about this… but all I know is that at this point the issue I was having with Avast DNS is corrected 8)