I want to send updated URL's, IP's to my firewall rules & layer 7 addresses.
I want to get an instant notice when something new is blocked from inside the network heading outbound.
I imagine on a 'blocked event' it hits a API Https://api.com/RequesterMac:RequesterIP:URL/IPREquest
Which will hit my site where we can do all the logic & notifications. Then send down a command to allow it or ignore.
In other words, i want to BLOCK ALL incoming & Outgoing traffic for all hosts, DNS and IP. Then Manually allow them 1 at a time. (Yes i know how much work that would seem like to get started).
Hardware is going to be your limitation, not that of any viable OS, be it OpenWrt, a reputable Linux-based distro, FreeBSD, or the like. (Well, that and TLS makes "Layer 7" filtering virtually impossible.)
I dont understand the issue with hardware? TLS issue makes sense i'm going to have to re-think that one
My meraki devices have no issue blocking on layer 7 though.
If you've got more than a trickle of traffic, your firewall logging alone will bring any all-in-one router to a standstill, well, more likely crash, between CPU and memory exhaustion. That's before you even try to send them to a remote machine.
Add in trying to watch the entire Layer 7 exchanges, where you can, and you're asking a $5 SoC to be able to do the work of a full-blown IDS.
I think my description of what i want has been misunderstood. Since the only addition of what i want would be taking an action on a blocked event.
Everything else is pretty standard. I have all this working on Meraki & Mikrotik. But getting an action outside of scanning syslog isn't possible.
obviously i wont be using $5 hardware here either
Script it and see. Take a look at ulogd and the Linux firewall logging.
(Well, $5 is about what an SoC in one of these devices cost -- that's why I said "Hardware is going to be your limitation")
Script it. So what in OpenWRT can be scripted for an action on 'block event'. I'm not sure what to look into.
Pretty much anything that you can script on a Linux-based system.
What does openwrt use for it's firewall or blocking ect? I'm familiar with 'scripts'.
I need to know what to look into changing/modifying to kick off the script.
iptables, by default, nftables available as a set of packages
oooh iptables! Same as pfsense. thanks i'll dig into that side of things
Umm, pfSense is based on FreeBSD, not iptables
lol yes it's os is freebsd
Not the way it works. In iptables if something is blocked, it's blocked. It doesn't wait for a userland process to decide whether it's ok or not.
I think the only thing that might sort of work like you want it is using nftables and the "queuing to userspace" method: https://wiki.nftables.org/wiki-nftables/index.php/Queueing_to_userspace
The other option would be openvswitch and work at sort of hybrid layer 2+ with openflow
Iptables also have the NFQUEUE which delegates the decision to a user space process.