Whitelist, Blacklist Filtering and a Firewall for Windows
Opublikowane przez Szymon Jeż ponad 2 lat temu
This post is about making an whitelist website filter on MS Windows and WIPEF Firewall. It starts with the description how I tackled a related task that I had and how I solved the problems that appeared. This post was written because i was frustrated how hard it was to find an easy solution for this task on MS Windows. I hope You will find it useful.
Yesterday I had a task to implement blocking all possible websites except for a list of allowed sites (whitelist filtering), on some Windows workstations. I have done this many times on Linux using iptables, but had no experience with it on Windows and did not know any free firewall software for this system.
My first idea was to implement this filtering on a router, but it came out that the router has had limited capacity for filtering rules and not all sites would get covered. So my next step was to search the web and try to find what tools there where on MS Windows for my task. After 3 hours of reading, trying some solutions (hosts file – usable for a low secure blacklist; Windows Steady State – maybe it would work but I haven’t the patience for it) and trying to find free firewall software I finally found something that suited my needs. I found WIPEF a MS Windows operable version of IPFW packet filter and traffic accounting facility for FreeBSD OS.
WIPEF was form my needs very easy to use. To install it You have to simply copy the contents of an archive provided on the project download site (I used the current version wipfw-0.2.8.zip) to Your hard drive (I used C:\Program Files\WIPEF) and then run the install.cmd file. Configuration is easy to. You have to simply edit the wipfw.conf file and then run config.cmd. That’s all.
If you feel the need there is an GUI interface for WIPEF.
The syntax of the configuration file is human readable and kind a domain specific language (DSL). A white list would look like that:
add allow tcp from any to any established
# list of allowed sites
add allow tcp from any to szymon.jez.net.pl
add allow tcp from any to google.com
add allow tcp from any to 212.123.123.1/24
# now block all
add deny tcp from any to anyAn example of an black list:
# list of blocked sites
add deny tcp from any to szymon.jez.net.pl
add deny tcp from any to google.com
add deny tcp from any to 212.123.123.1/24
# now allow all
add allow tcp from any to any establishedNow a few words about making an whitlist. It is a much harder task than making a black list. It is so because when you have to allow the usage of a site which uses data from many sites then you have to figure out the IP’s of those and add them to your white list. An example would be maps.google.com which uses maps.gstatic.com, mt0.google.com, mt1.google.com, mt2.google.com, mt3.google.com that all have a different IP address than maps.google.com. The best way, that I figured out, to find out those, is to use the Net tab from Firebug in Firefox.
# allow google maps
add allow tcp from any to maps.google.com
add allow tcp from any to maps.gstatic.com
add allow tcp from any to mt0.google.com
add allow tcp from any to mt1.google.com
add allow tcp from any to mt2.google.com
add allow tcp from any to mt3.google.comMaybe there is an better way to do it, but this worked for me.
I highly recommend WIPEF. It definitely is now in my toolbox.
