While you computer should be protected by a fire wall (I use shorewall for
that) maybe you should look at privoxy. privoxy is a Privacy Enhancing Proxy
that the browser can be set to go through to access web sites.
The privoxy setup for your sand-boxed install would be set to allow access only
to the banking sites by url and block all others. That way you don't have to
worry about the ip addresses a bank might have at the time you access it (they
may have multiple addresses for load shearing for example). Again the
sand-boxed install should have a firewall that only lets outgoing requests get
through and blocks all incoming probes. Shorewall can easily do this for you so
you won't have to mess with the workings of iptables.
Your open install should also use privoxy with a more open setup that will help
you stay away from malware and add sites. Shorewall firewall can be set to
allow incoming access to any servers you might have like ssh and let outgoing
requests get through.
If your computer has a processor that will support virtual machines and at least
4GB ram and a spare 20G or so of file space you could easily install Debian in a
VM and add all the firewall and privoxy rules to get to your banking sites.
KVM/QEMU and virtual machine manager make this process easy. To get to your
banking sites you would just spin up the sand-boxed VM. It would show up in a
separate window and allow you to have all the other stuff you were doing on you
host un-sand-boxed machine still visible. It might even make more sense to make
the VM be your "dirty" so that if it did get infected you would just install
Debian again. Or keep a spare copy of the just installed image file that the VM
runs off of and simply copy the spare over the messed up image file and be back
in business in a few minutes.
These are just a few examples of what you can do. I use VMs all the time mostly
for testing updates before I commit them to my host desktop machine. One VM
even runs my weather station software 24/7.
*...Bob*
On 01/04/2017 11:54 AM, Richard Owlett wrote:
> I'm searching for an introduction to iptables that leads me to answers to the
> questions *I* have. I've got a flock of links I'm working thru.
>
>
> In the meantime I have a few questions.
>
> One of the links led to _Securing Debian Manual_ and in particular
> "Appendix F - Security update protected by a firewall"
> {https://www.debian.org/doc/manuals/securing-debian-howto/ap-fw-security-update.en.html}
>
>
> I follow the description as far as it goes - i.e. access is limited to a
> specific URL.
> QUESTION 1
> What happens if the URL is not "security.debian.org" but my bank.
> I assume that there is no problem with links within the same domain.
> I DO know however that the site gets information from other sites to handle my
> requests. From what I can follow they are JavaScripts applets(right word) to
> display information. What would happen?
>
> Because of my my uncertainties intend to have a "sandboxed" install. The
> associated partition will have only Debian and the browser.
>
> Question 2
> There will be a separate install of Debian that I will use for "everything
> else". Can the iptables of that install be set to allow access to any domain
> *EXCEPT* my bank's? The goal being minimization of "operator error".
>
> Question 3
> Is there a simple minded tool that I could enter the show in the example in
> "Appendix F".
>
> TIA
>
>
>
