Hi there,
I am using the Firewall to filter unwanted content on my device.
Unfortunately I discovered tha I can bypass the firewall by going through a proxy server. Any suggestion how I can prevent this circumvention?
Also, I am wondering if there is a way to enforce “Safe search” option of the major search engines throguh the firewall?
Thanks for your input!
proxy and secure DNS in browsers bypass any /etc/hosts and private DNS system settings
You should think of the adblocker as the fallback for everything else so that nothing leaks, particularly for apps which won’t respect your browser settings. IodeOS also has Quad9 as a fallback DNS (Network layer, OSI level 3) instead of Google in case the one provided by your ISP fails or your configured private DNS fails. Fun fact, you can also configure DNS at your router (if the firmware supports it).
DoH (DNS over HTTPS) works at a high level Application layer (OSI level 7) and doesn’t rely on the local DNS resolver to resolve its queries. If you use this and want adblocking, you should configure the DNS server itself to block the ads (like AdGuard DNS).
Example: https://dns10.quad9.net/dns-query
/etc/hosts based blocking: Ineffective
Configured with web browser or client application
DoT (DNS over TLS) works at the Transport layer (OSI level 4) and generally it will use the local DNS resolver.
Example: tls://dns10.quad9.net
/etc/hosts based blocked: Effective
Configured with the operating system (Private DNS in Android)
Your proxy server is likely using an implementation that doesn’t rely on the local DNS resolver, such as a proxy configured in the web browser.
Hi,
I think you should configure the firewall to block traffic to unknown proxy servers by restricting access to certain ports commonly used by proxy services (e.g., port 8080).
Thanks