Discussions

Discussions

Ask a Question
Back to All

Ability to integrate with Windows Firewall / Linux NFTables / Android VPN firewall for enriched functionality and capability

3 months ago by null

For a solid reference kindly check out the Rethink DNS app for Android then go to:
Configure -> Firewall -> Universal Firewall Rules

That section contains a couple of awesome capabilities that would be great to have with control D:

  1. Block all apps / traffic when device is locked
  2. Block any app not in use (this makes use of the device's accessibility features/capabilities to determine the app that is in use)
  3. Block when source app is unknown (in Android, unknown is determined when Rethink DNS could not identify which app the DNS request/traffic came from. A feasible alternative for Desktop would be public reputation data for an executable file/dll.)
  4. Block UDP except DNS and NTP
  5. Block when DNS is bypassed (Do not allow any DNS request to bypass control D as the defined DNS server of the system - I reckon this is awesome to have when you have control D deployed for both the workstation and the PFSense firewall it is connected to, where the PFSense firewall acts as a double-blocker that prevents DNS requests from trying to bypass being handled by control D)
  6. Block newly installed apps by default (The app detects newly installed apps and blocks it using its application firewall feature where it has a list of applications that you can selectively block/allow.)
  7. Application Firewall List (In connection to #6 it would be a list of applications where you can selectively allow/block applications from performing DNS queries with control D. Likewise, I understand that difficulty of implementation varies from OS to OS. For Linux, the reference implementation would be Portmaster by Safing.io)
  8. Block port 80 (insecure HTTP) traffic
  9. Block all except bypassed/allow listed apps and IPs (pretty extreme option but I reckon it's a nice to have)
  10. Lockdown mode / Kill switch (internet is not accessible / would not function if DNS queries are not answered by control D and/or control D is not running)

I do not expect control D to implement all these in one go but I would seriously appreciate it if you guys consider this list of amazing features to further enrich the capabilities of the solid control D!

Log in to add a comment.