While you computer should be protected by a fire wall (I use
shorewall for that) maybe you should look at privoxy. privoxy is
a Privacy Enhancing Proxy that the browser can be set to go
through to access web sites. The privoxy setup for your sand-boxed install would be set to
allow access only to the banking sites by url and block all
others. That way you don't have to worry about the ip addresses
a bank might have at the time you access it (they may have
multiple addresses for load shearing for example). Again the
sand-boxed install should have a firewall that only lets outgoing
requests get through and blocks all incoming probes. Shorewall
can easily do this for you so you won't have to mess with the
workings of iptables. Your open install should also use privoxy
with a more open setup that will help you stay away from malware
and add sites. Shorewall firewall can be set to allow incoming
access to any servers you might have like ssh and let outgoing
requests get through.
If your computer has a processor that will support virtual machines and at least 4GB ram and a spare 20G or so of file space you could easily install Debian in a VM and add all the firewall and privoxy rules to get to your banking sites. KVM/QEMU and virtual machine manager make this process easy. To get to your banking sites you would just spin up the sand-boxed VM. It would show up in a separate window and allow you to have all the other stuff you were doing on you host un-sand-boxed machine still visible. It might even make more sense to make the VM be your "dirty" so that if it did get infected you would just install Debian again. Or keep a spare copy of the just installed image file that the VM runs off of and simply copy the spare over the messed up image file and be back in business in a few minutes. These are just a few examples of what you can do. I use VMs all the time mostly for testing updates before I commit them to my host desktop machine. One VM even runs my weather station software 24/7. ...Bob On 01/04/2017 11:54 AM, Richard Owlett
wrote:
I'm searching for an introduction to iptables that leads me to answers to the questions *I* have. I've got a flock of links I'm working thru. |