How to block HTTP connections?

boredsquirrel · July 28, 2024, 11:58am

HTTP is an attack vector for a lot of malware. Pegasus is delivered through malicious redirects which dont work with HTTPS.

There is a bunch of software randomly using HTTP in the background, and I would like to block that without using OpenSnitch.

On Android/GrapheneOS I discovered RethinkDNS which allows multiple Wireguard clients, Orbot (Tor), DNSCrypt/DOT/DOH, Firewall, Filterlist all at once. But it is in early stages and pretty slow and unreliable.

I use the MullvadVPN app from their Fedora repo (which they made the official recommendation after a lot of nagging :))

So this might not be possible? Maybe it is.

vgaetera · July 28, 2024, 12:20pm

HTTP is a L7 protocol, it can work on non-standard ports.
Filtering L7 traffic generally requires to utilize DPI.

boredsquirrel · July 28, 2024, 1:11pm

Very interesting! But I guess it can work there, but that depends on the threat.

For example I had Syncthing use HTTP which sounds pretty dangerous, but blocking port 80 would be enough.

Reminds me of this video:

Topic		Replies	Views
ISP keeps blocking open source and developer platforms/websites Ask Fedora	17	859	May 4, 2024
Wireguard VPN via Network Manager - Kill Switch? Ask Fedora wireguard , vpn , systemd-resolved , security , firewalld , networkmanager	25	3162	September 27, 2024
Suggestion about vpn protocol and client [selfhosted] Ask Fedora	4	332	May 5, 2022
Firewalld: cannot block traffic on a given port Ask Fedora f32	0	852	May 22, 2020
DNS client for Fedora? Ask Fedora	17	2445	February 4, 2022

How to block HTTP connections?

Related topics