"Sniffing" SSL traffic / proxying

I’m trying to better control my IoT internet traffic and devices which phone home. A proxy wont cut it because they are using SSL and I have no control over their certificate.

Ideally I want to do is grab the IP, do a reverse lookup, then log this.
Then from the logged data create a hostname based allow/block list.

Also some traffic is fussy about VPNs. One device might use many services and one of these might be fussy about the VPN.

Again, from the data I have logged, I want to be able to have list where all traffic goes over the VPN, except those in a list - so basically selecting the exit gateway based on host name.

Is this possible with squid or similar?

Many IOT devices are using SSL so Squid won’t work for those that do. If you want to log the connections devices are using sending all your pfsense logs to Graylog is good for that.

1 Like

I wasn’t thinking of a proxy at all. More a gateway.

It seems to me the firewall knows that the device made a DNS request (seems to be over port 53) and what IP it gave back and so at that point it should be able to check and decide if any data using that IP is allowed.

the simplest solution I could think of “out of the box” was forcing my DNS traffic to pi-hole and then black hole the requests that I don’t want. It would be good if something like this could be linked to firewall rules.

I was also looking at your nTop video. That might be very useful for understanding what is going on.