I'm looking to set upHow do I separate hardware as a decent isolatedLinux firewall/gateway box, primarily to act as a (wired, not wireless) intermediary between aisolate now-chatty-with-Microsoft Windows box and an ADSL routermachines from the internet? Permitting only approved user-initiated connections from Windows boxes. This given Windows 10 et al don't obey most same-machine approaches when phoning home. I'd like an interactive setup on its own little display where I canto allow or deny connections interactively with a simple keystroke / button press / screen mashas they occur from other machines.
I'm only concerned with outgoing TCP/IP connections and UDP, since the router firewall blocks all incoming traffic, with occasional manual exceptions as required well enough.
I'd like the "firewall" (for want ofI conjecture I could fudge something half baked with log tails and iptables, but that won't give me a better word) to display the destination IPsimple user experience, reverse DNS lookup and portswould be after the fact (so I could watch deny logs, then go back in and givealter the option of allowing or denying, defaulting to deny after n secondsrules case by case). I'd also like to be ablethe connection to clear timeout auto-denieshang (reverting to "ask"timeout notwithstanding) without affecting manual denies. And dig in by hand as necessary. Command line or desktop UI is fine, any platform is fine though Windows now seems untrustworthy for the taskuntil I allow/deny.
Is there a good solution out there? Software / hardware / both is fine. Linux andwhat I'm looking for even possible without hacking something like iptables seem very capable from past experience, but I want an interactive setup. Perhaps there's some log tail eating script one could conjureitself? But that's a little beyond me. Not sureWhat are the best way to go.pitfalls I should look out for?
I imagine I'd also needAs a corollary, is it effective and possible to set up the intermediary box to actthese boxes as a gateway, and possibly give it DHCP control and deny otherservers for Windows boxes access to? Seems like I should be blocking the router via router-side rules,Windows boxes themselves from talking to avoid software working around the setup I'm trying to achieve?
Rationale: As an increasingly reluctant Windows user (for Visual Studio, and Steam) I'm considering a Windows 10 upgrade. Given it,router and other software, increasingly enjoy the ability to "phone home" disclosing potentially private data (however anonymized or filtered), it seems like a good timehence forcing them to go for a radical solution outsidethrough the vendor's handsgateway/firewall box.
Context(Edit: I'm a long time developer with a non-zero stackoverflow rep, I've set up Gentoo by hand from source in the past for fun and am generally not intimidated by doing things the hard way. I don't mind a tricky solution to set up if uber-usable in practice, and wouldn't want to claim expertise in an area in which I'm frankly an idiot child compared to real networking typesrephrased.)