From: "Walter Dnes" <waltdnes@waltdnes.org>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] IPTABLES syntax change?
Date: Fri, 4 Jan 2013 15:17:02 -0500 [thread overview]
Message-ID: <20130104201702.GA16813@waltdnes.org> (raw)
In-Reply-To: <50E509FA.3060204@orlitzky.com>
On Wed, Jan 02, 2013 at 11:32:58PM -0500, Michael Orlitzky wrote
> On 12/30/2012 10:21 PM, Walter Dnes wrote:
> > [0:0] -A FECESBOOK -j LOG --log-prefix "FECESBOOK:" --log-level 6
> > [0:0] -A FECESBOOK -j DROP
> > [0:0] -A INPUT -s 192.168.123.248/29 -i eth0 -j ACCEPT
> > [0:0] -A INPUT -s 169.254.0.0/16 -i eth0 -j ACCEPT
> > [0:0] -A INPUT -i lo -j ACCEPT
> > [0:0] -A INPUT -m conntrack --ctstate INVALID,NEW -j UNSOLICITED
>
> In fact, since you're blocking all outgoing packets to facebook, the
> only state that a packet from facebook can have here is INVALID or NEW.
> So traffic from facebook will be sent to the UNSOLICITED chain and DROPped.
>
>
> > [0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK
> > [0:0] -A INPUT -s 69.220.144.0/20 -j FECESBOOK
> > [0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK
> > [0:0] -A INPUT -s 69.171.224.0/19 -j FECESBOOK
> > [0:0] -A INPUT -s 200.58.112.0/20 -j FECESBOOK
> > [0:0] -A INPUT -s 213.155.64.0/19 -j FECESBOOK
>
> ...making these pointless =)
I've run into at least one newspaper website (I forget which,
it's occasionally used for links on Slashdot) which ends up trying to
redirect me to a Facebook site even though the URL does not mention
Facebook at all. There is other integration as well. See the first
post in
http://www.dslreports.com/forum/r26618459-Increasing-integration-of-facebook-into-many-web-sites
I believe this may have been straightened out since then, but 13 months
ago that post was correct. And then there's the "LIKE" button which
shows up all over the web.
The mere fact that you haven't manually typed in...
http://www.facebook.com/blah_blah_blah does not mean you're not
connecting to it.
--
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications
next prev parent reply other threads:[~2013-01-04 20:19 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-27 0:47 [gentoo-user] IPTABLES syntax change? Walter Dnes
2012-12-27 1:43 ` Michael Orlitzky
2012-12-27 11:28 ` Graham Murray
2012-12-27 16:36 ` Michael Orlitzky
2012-12-27 17:52 ` Matthias Hanft
2012-12-27 19:04 ` Michael Orlitzky
2012-12-27 23:11 ` Walter Dnes
2012-12-27 23:50 ` Michael Orlitzky
2012-12-28 3:59 ` Walter Dnes
2012-12-28 6:07 ` Michael Orlitzky
2012-12-28 6:15 ` Michael Orlitzky
2012-12-29 2:46 ` Walter Dnes
2012-12-29 3:59 ` Kerin Millar
2012-12-29 18:32 ` Walter Dnes
2012-12-29 18:49 ` Jarry
2012-12-30 22:42 ` Michael Orlitzky
2012-12-31 2:55 ` Adam Carter
2012-12-31 3:21 ` Walter Dnes
2013-01-02 21:36 ` Michael Orlitzky
2013-01-03 3:57 ` Pandu Poluan
2013-01-03 4:32 ` Michael Orlitzky
2013-01-04 20:17 ` Walter Dnes [this message]
2013-01-04 20:27 ` Michael Mol
2013-01-05 1:29 ` Walter Dnes
2013-01-05 3:26 ` Michael Mol
2013-01-05 11:57 ` Mick
2013-01-06 21:54 ` Walter Dnes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130104201702.GA16813@waltdnes.org \
--to=waltdnes@waltdnes.org \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox