top | item 37281533

(no title)

haraldooo | 2 years ago

Sure they can.. but they can’t get around your outgoing firewall rule that reroutes alle traffic for certain ports to the proxy.

discuss

pdimitar|2 years ago

Hm, I have to see if Mikrotik has rule syntax for this. I can already force every app who thinks they will use their own DNS server to use mine but not sure how I could do the same with a proxy. Maybe just force ports 80 and 443? But what's stopping these apps to communicate on non-standard ports?

emidln|2 years ago

There's no reason to allow arbitrary traffic in either direction other than convenience. If you want a more secure network, you block everything by default and narrowly open as needed.

LoganDark|2 years ago

If it's only for certain ports, they can just use non-standard ports.

magicalhippo|2 years ago

Not uncommon to have a drop all rule as default on outgoing packets as well.

Regular http gets redirected to proxy, non-standard traffic needs to be explicitly allowed out.