TL;DR
Firewalls can detect and block outgoing traffic by protocol (like HTTP, HTTPS, FTP, SSH). You need to configure rules that specifically allow or deny traffic based on the port numbers associated with those protocols. This guide shows you how.
How Firewalls Detect Outgoing Traffic
Firewalls work by inspecting network packets – small chunks of data sent over the internet. They examine things like:
- Source IP Address: Where the traffic is coming from (your computer/network).
- Destination IP Address: Where the traffic is going to.
- Port Numbers: Which application or service is sending/receiving the data. This is key for protocol identification.
- Protocol: TCP, UDP, ICMP etc.
Outgoing traffic is detected when packets leave your network towards a destination.
Blocking Outgoing Traffic by Protocol – Step-by-Step
- Identify the Port Numbers: Each protocol uses specific port numbers. Here are some common ones:
- HTTP: 80
- HTTPS: 443
- FTP: 21 (control), 20 (data)
- SSH: 22
- SMTP: 25
- DNS: 53
You can find a full list online by searching for ‘well-known port numbers’.
- Access Your Firewall Configuration: This depends on your firewall. Common methods include:
- Windows Firewall with Advanced Security: Search for this in the Start Menu.
- Router/Firewall Admin Interface: Usually accessed through a web browser (e.g., 192.168.1.1 or 192.168.0.1). Check your router’s documentation.
- Linux Firewalls (iptables, ufw): Use the command line.
- Create a New Rule: Look for options like ‘Add Rule’, ‘New Outbound Rule’, or similar.
- Specify Protocol and Port(s): Configure the rule to match the protocol you want to block. For example, to block HTTPS:
- Protocol: TCP
- Port(s): 443
- Define Action: Set the action to ‘Block’ or ‘Deny’.
- Apply and Test: Save the rule. Then, test if traffic on that protocol is blocked. You can use online tools like YouGetSignal Port Scanner to check if a port is open or closed.
Examples
Windows Firewall
In Windows Firewall with Advanced Security:
- Go to ‘Outbound Rules’.
- Click ‘New Rule…’.
- Select ‘Port’ and click ‘Next’.
- Choose ‘TCP’ or ‘UDP’, then specify the port number (e.g., 443 for HTTPS). Click ‘Next’.
- Select ‘Block the connection’. Click ‘Next’.
- Choose when the rule applies (Domain, Private, Public). Click ‘Next’.
- Give the rule a name and description. Click ‘Finish’.
Linux Firewall (ufw)
To block outgoing SSH traffic:
sudo ufw deny 22To allow outgoing HTTP traffic:
sudo ufw allow 80Enable the firewall if it’s not already running:
sudo ufw enableCheck the status of your rules:
sudo ufw statusImportant Considerations
- Be Careful: Blocking essential protocols can break internet connectivity. Start with specific blocks and test thoroughly.
- Logging: Enable firewall logging to see which traffic is being blocked or allowed. This helps troubleshoot issues.
- Stateful Firewalls: Most modern firewalls are stateful, meaning they track connections. Blocking outgoing traffic on a port will also block incoming responses for that connection.
- cyber security Best Practice: Regularly review your firewall rules to ensure they’re still appropriate and effective.