I think this topic has overlap with
On linux there is OpenSnitch though I haven’t personally used it. I just tend to have nftables configured to block all incoming traffic, and allow all outgoing.
2 Likes
What about Windows?
2 Likes
Do they work? Has it been tested?
Yes, but it is a closed OS anyway.
No, Not Compatible with HVCI (Core Isolation) · tnodir/fort · Discussion #108 · GitHub , Start separate service to setup trackable services and config · Issue #590 · tnodir/fort · GitHub
For privacy, an on-device firewall is much more effective. Because of HTTPS and DNS over HTTPS, a network firewall can only really filter based on client device and destination address - not particularly helpful if some mis-behaving software installed on your personal laptop is exfiltrating data to a firebase endpoint (or any other number of application-destination combinations).
On-device firewalls are much more useful from a privacy and security perspective because they give you granular control over what apps are allowed network access and what endpoints they’re allowed to talk to. The basic setup is deny all by default and as trusted apps make network requests, approve them (eg. a local-only password manager could be disallowed from any network access so that even if you get a binary that has been compromised by a supply chain attack, it won’t be allowed to exfil data).
Most of the info needed for the page is in this thread - I’d be happy to work on making a PR for a page if that effort would be appreciated. just point me towards the contribution guide/let me know what the process looks like.
3 Likes