InformAction Forums

Maybe allow port 22 and 5346 and deny all other ports globally?

Er... why are you connecting to port 22 (ssh) in your browser? And why don't you want to be able to connect to port 80 (http) or 443 (https)?

Yes, ABE can block ports. See https://hackademix.net/2010/01/08/nat-pinning-and-abe/ for an example.

If you're thinking that ABE is a regular firewall, sitting at your network interfaces and allowing only whitelisted traffic - it isn't.

It is designed to restrict the behavior of your browser, and in particular, restrict the ways in which different websites may interact with each other. Thus, web application firewall.

Thrawn wrote:If you're thinking that ABE is a regular firewall, sitting at your network interfaces and allowing only whitelisted traffic - it isn't.

It is designed to restrict the behavior of your browser, and in particular, restrict the ways in which different websites may interact with each other. Thus, web application firewall.

I use Privoxy to control ports, but from what i' ve tested, ABE can do the same. By now, i don`t trust NS.

I am just porting my Privoxy rules to ABE. Well, i am trying. I started 10 or more years ago with ~1.3 Mio domain names (from various hosts files) to block domains. I hunted those ~1.3 Mio lines down to ~53.000 lines of Privoxy rules. With ABE i now try to hunt those lines again down to maybe 50-100 lines. If i fail i will try a mixture of Privoxy (for http) and uBlock origin and uMatrix (for https) plus Self-Destructing-Cookies. The mess with NS is that it generates a lot of unwanted traffic from 3rd party domains. Allow www.example.com might also allow platform.twitter.com through www.example.com/test.js even if i Deny .twitter.com. Actually i haven' t figured out how to stop this behaviour with a simple rule. All my tries have cons. Anyway as for http traffic Privoxy is superior, but it can' t see https paths, headers and so on. Bad that the developer can't find a solution to fix this.

Guest wrote: The mess with NS is that it generates a lot of unwanted traffic from 3rd party domains. Allow www.example.com might also allow platform.twitter.com through www.example.com/test.js even if i Deny .twitter.com.

wat?

Guest wrote:Bad that the developer can't find a solution to fix this.

Not NoScript problems. Bad that user can't find the right questions to ask to get answers for the crappy behavior.
(No, really, it sounds like crappy behavior, and I've no idea what to say about it with the information you've given. NoScript should not be randomly allowing sites that are blocked elsewhere, never did for me and if it did the security would be about as good as using one sheet of tissue paper to stop a missile. When you've figured out the right question, please also test with only NoScript and sniff the HTTP traffic to see if you actually have packets being send to these "extra" domains. Screenshots of NoScript menu would help too.)