What's new

Is there a way to block a client from the Internet but allow certain URLs?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

jorgsmash

Senior Member
My goal is to test the effectiveness of Carbon Black Cloud against ransomware. I have a VM set up and will have that on the guest wifi network that blocks it from accessing any other clients on my main LAN. My goal is to have Carbon Black Cloud sensor installed and a Splunk forwarder installed. I'd like to download some malware samples, and then enable full blocking mode outbound with the exception of allowing Carbon Black Cloud sensor to communicate out and the Splunk forwarder to communicate out. The documentation for Carbon Black and Splunk Cloud only provide DNS names/URLS, because the applications are load-balanced and IPs change frequently. Is there a way I can block a specific client from all Internet access while still allowing access to a small set of URLs/DNS names/port numbers?

I have the YazFi script installed and I looked into the x3mrouting script but neither seem to offer this functionality. I tried using the search function, but haven't found anyone asking this specific question.

Thanks!
 
The best way is for you to run a proxy server on another computer and let the virtual machine's traffic go through the proxy server, so you can monitor the traffic and filter or block the traffic you don't want.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top