CollabNet Guide: Difference between revisions

Jump to navigation Jump to search

CollabNet Guide (view source)

Revision as of 22:30, 18 January 2025

586 bytes added ,  Saturday at 22:30
New sub-section: IP blocking
VisualWikitext
(New sub-section: IP blocking)
 
sudo nft -f /etc/nftables.conf
}}
=== Test it out ===
First, put /etc/e2guardian/private/ca.pem onto one of your VMs. This is usually done through installing nginx onto the router and copying ca.pem into the webroot. Next, install ca.pem as a Trusted Root Certification Authority (on Windows, you need to change the file extension to .crt for it to be recognized.)
 
=== Set up application IP blocking ===
If all went well, you should be able to browse to websites and see that the SSL certificate was signed by your generated CA. Additionally, sites blocked in the filter list should show a block page (try something like anydesk.com)
Some applications (e.g VPNs, Remote Control software) communicate on different ports than usual web traffic, causing E2guardian to not block them.
=== Change the block page ===
You can create a custom block page by editing /usr/share/e2guardian/languages/ukenglish/template.html. For assets like images you'll need to install a webserver (usually nginx) on the router and host them that way.
 
For this reason, it is necessary to also set up some IP blocking lists for blocking well known VPNs (e.g Browsec) and Remote Control software (e.g AnyDesk, TeamViewer)
== Application Blocking (DNS) ==
Some applications could still continue to work despite being blocked by E2Guardian, to solve this, DNS blocking can be used.
 
After having uncommented the lines mentioned above in the [[#Routing_the_VM_traffic|Routing the VM traffic]] section, use <code>git</code> to download the IP block lists:
In this example, the application we will be blocking is AnyDesk, but this can be done to any application that relies on DNS to find what servers to communicate with.
{{code|
sudo git clone https://git.computernewb.com/collabvm/nftables /etc/nftables.d
}}
 
Then, apply the necessary patches to enable usage of the lists:
Open {{code|inline=y|/etc/dnsmasq.conf}} and insert the following line at the end of the file:
{{Warn|If this command results in an error similar to <code>Hunk #5 FAILED at 70.</code>, '''STOP IMMEDIATELY''' and join the Discord for support, make sure to attach the <code>/etc/nftables.conf.rej</code> file in your support ticket.}}
{{code|lang=text|<nowiki>
{{code|
address=/anydesk.com/0.0.0.0</nowiki>
sudo patch -p1 /etc/nftables.conf < /etc/nftables.d/nftables.patch
}}
 
Next, similar to the web filter lists, you also need to configure automatic updates for the IP filter lists, you may do so by running <code>sudo crontab -e</code> and adding the following to the bottom of the file, below the previous entry:
After saving the file, reload dnsmasq using {{code|inline=y|sudo systemctl restart dnsmasq}}
{{code|
0 * * * * /etc/nftables.d/update.sh >/dev/null 2>&1
}}
 
=== Test it out ===
If everything went well, the AnyDesk client should no longer be able to connect successfully ({{code|inline=y|anynet_no_dns_entry}}).
First, put /etc/e2guardian/private/ca.pem onto one of your VMs. This is usually done through installing nginx onto the router and copying ca.pem into the webroot. Next, install ca.pem as a Trusted Root Certification Authority (on Windows, you need to change the file extension to .crt for it to be recognized.)
 
If all went well, you should be able to browse to websites and see that the SSL certificate was signed by your generated CA. Additionally, sites blocked in the filter list should show a block page (try something like anydesk.com)
=== Change the block page ===
You can create a custom block page by editing /usr/share/e2guardian/languages/ukenglish/template.html. For assets like images you'll need to install a webserver (usually nginx) on the router and host them that way.
Retrieved from "https://computernewb.com/wiki/Special:MobileDiff/4633"

Navigation menu