From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-164543-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id AFE5A138CD3
	for <garchives@archives.gentoo.org>; Thu, 28 May 2015 05:37:02 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id BC890E090F;
	Thu, 28 May 2015 05:36:54 +0000 (UTC)
Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 96CF9E08F0
	for <gentoo-user@lists.gentoo.org>; Thu, 28 May 2015 05:36:53 +0000 (UTC)
Received: by wifw1 with SMTP id w1so47422995wif.0
        for <gentoo-user@lists.gentoo.org>; Wed, 27 May 2015 22:36:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=from:reply-to:to:subject:date:user-agent:references:in-reply-to
         :mime-version:content-type:content-transfer-encoding:message-id;
        bh=NPKyijAEhENcurFOR7c06Sefrj4H6EpF4jKph/FjtVc=;
        b=WTSPZaWbLZRPJFeQysZa/17k8mVvbnYe31Hj7d6CUSha6X8wbp1aU76xp/OKwW88TP
         Tbgilg9c17d2fHLAyZ9WiODUtkkTyjpUy1Oxt44xtqRzOU7Jc1F3AnPaDzT7W5scrcJo
         xNE63819X/Jff1qvK7M08WCM4o1vcoug0RcELVOhi5rG6p1dNwbG+C0Lh3H9y2dhTrOJ
         bV3ErlU43FQWhWpUkCsiY12jZE6GsOAkXnQ6z+zVxZYER2jlFRpmG192N1FDs9evnTR8
         GgmInab2R7A2BOXbYKFSiDIBKXuJGxDZp3YPoXHtq6oGzKEKpiNtPqB0hyxWNEIOwNcJ
         eSGQ==
X-Received: by 10.194.120.230 with SMTP id lf6mr1895095wjb.41.1432791412302;
        Wed, 27 May 2015 22:36:52 -0700 (PDT)
Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230])
        by mx.google.com with ESMTPSA id bo5sm1557852wjc.43.2015.05.27.22.36.51
        for <gentoo-user@lists.gentoo.org>
        (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Wed, 27 May 2015 22:36:51 -0700 (PDT)
From: Mick <michaelkintzios@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Blocking certain sites the easy way ?
Date: Thu, 28 May 2015 06:36:35 +0100
User-Agent: KMail/1.13.7 (Linux/3.18.12-gentoo; KDE/4.14.3; x86_64; ; )
References: <20150528051108.GB4276@solfire>
In-Reply-To: <20150528051108.GB4276@solfire>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart8008141.5lJ5bKoNKk";
  protocol="application/pgp-signature";
  micalg=pgp-sha256
Content-Transfer-Encoding: 7bit
Message-Id: <201505280636.46432.michaelkintzios@gmail.com>
X-Archives-Salt: 3a0ea343-e5cd-4a78-9ea3-beef6dedd551
X-Archives-Hash: e28939a1a6759c94e493d6b07466d477

--nextPart8008141.5lJ5bKoNKk
Content-Type: Text/Plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable

On Thursday 28 May 2015 06:11:08 Meino.Cramer@gmx.de wrote:
> Hi,
>=20
> With wireshark I found, that firefox accesses sites on startup, from
> which I dont know, for what reason this access is needed or whether
> the NSA, CIA, FBI, BDN, MOSSAD (fill in what organisation you ever
> suspect to do such things) has invaded my PC.

It may none of the above, but FF and any addons checking what the latest=20
version is of themselves, as well as the Google search on the default hope=
=20
page doing a DNS query or some such.


> I want to block such accesses for two reasons: First is ...hmmm...
> to block that accesses...second is to find out what will not work
> than.
>=20
> I dont want to install and configure a complete full blown firewalled
> SEL-Linux thingy here and I dont want to reboot my Linux box for every
> new site I added. I am looking for a simple solution, which I can use
> without studying the history of TCP/IP and others... ;)))
>=20
> What can I use for this purpose?

You could try an application layer filter[1], but I think it won't work=20
insofar the connections you observed are probably using ports and protocols=
=20
same as your day to day browsing activity.  Therefore you will likely need =
to=20
use iptables to block individual domains or IP addresses and then regularly=
=20
add to the list when the servers your browser wants to contact change in th=
at=20
amorphous and reconfiguring cloud out there.

You don't have to reboot your box when you change rules, but you'll need to=
=20
reload iptables.


[1] http://l7-filter.sourceforge.net/HOWTO-kernel

=2D-=20
Regards,
Mick

--nextPart8008141.5lJ5bKoNKk
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAABCAAGBQJVZqluAAoJELAdA+zwE4YebKAIAMRhGrJDuPcMHmecROceFxWI
P0QiPAbleFQWOnz1eDJVQla7r+iXRnjAqK4QzZg8Pd+t0FUsVzcAd4Ke6ljgYkKb
6vLtw8aXVnLHoIms9ZmfyGcCwy6hpUCc7AeVCnxoZ9Z1zS0PxyTYRImIL7TXF/Lx
NY7x4OYKSYZyGBOmrT+nk2vCqRcwbO4h4BUwE5wUEVXEq/2z7OyIByybmGS8ygLt
KI/n+gE7gERgsvH3C3iCFkBKZoPZtFZN8Z4FQV+pZ2texQGvZ/VyFJwldWy9RNjq
HWtZOFhEG0Bdf/0Pj7jMl2z6G8QyBjvJHwFpleH1WzpaMS30LpofDJRlRDW3V8I=
=1OZ6
-----END PGP SIGNATURE-----

--nextPart8008141.5lJ5bKoNKk--