From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 00747138CD3 for ; Thu, 28 May 2015 06:44:34 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 87790E08E1; Thu, 28 May 2015 06:44:27 +0000 (UTC) Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4F2FEE0881 for ; Thu, 28 May 2015 06:44:26 +0000 (UTC) Received: from localhost ([84.133.154.15]) by mail.gmx.com (mrgmx103) with ESMTPSA (Nemesis) id 0Lp3Qu-1ZaD760YOy-00er2d for ; Thu, 28 May 2015 08:44:24 +0200 Date: Thu, 28 May 2015 08:44:23 +0200 From: Meino.Cramer@gmx.de To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Blocking certain sites the easy way ? Message-ID: <20150528064423.GF4276@solfire> References: <20150528051108.GB4276@solfire> <201505280636.46432.michaelkintzios@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201505280636.46432.michaelkintzios@gmail.com> User-Agent: mutt-ng/devel-r804 (Linux) X-Provags-ID: V03:K0:uMj20NO+PwXCTf/ViUXCRnAv3vuXONJb/gehoq7Us5Eooz4pevh 5UIOpzORV2tR7U10NYjnVS4skl2InlkXkYmsY9ZSKfO5mLkluyXycr7dRop+BMFbAJtsXGV TWUZ6t+ei1A+78tGZBx1yDHvdszJv3FTUbbmqE9f17Wvua4Cd+nsNuBvH4EVAI4JlIatjpk J3Wl32UcBIcPvsAb77Taw== X-UI-Out-Filterresults: notjunk:1; X-Archives-Salt: a4bc8c16-393d-4d4d-ab77-c814164c36c1 X-Archives-Hash: 14cbe26fd5bfc2f1f0e5a40b64f8c1b6 Mick [15-05-28 07:44]: > On Thursday 28 May 2015 06:11:08 Meino.Cramer@gmx.de wrote: > > Hi, > > > > With wireshark I found, that firefox accesses sites on startup, from > > which I dont know, for what reason this access is needed or whether > > the NSA, CIA, FBI, BDN, MOSSAD (fill in what organisation you ever > > suspect to do such things) has invaded my PC. > > It may none of the above, but FF and any addons checking what the latest > version is of themselves, as well as the Google search on the default hope > page doing a DNS query or some such. > > > > I want to block such accesses for two reasons: First is ...hmmm... > > to block that accesses...second is to find out what will not work > > than. > > > > I dont want to install and configure a complete full blown firewalled > > SEL-Linux thingy here and I dont want to reboot my Linux box for every > > new site I added. I am looking for a simple solution, which I can use > > without studying the history of TCP/IP and others... ;))) > > > > What can I use for this purpose? > > You could try an application layer filter[1], but I think it won't work > insofar the connections you observed are probably using ports and protocols > same as your day to day browsing activity. Therefore you will likely need to > use iptables to block individual domains or IP addresses and then regularly > add to the list when the servers your browser wants to contact change in that > amorphous and reconfiguring cloud out there. > > You don't have to reboot your box when you change rules, but you'll need to > reload iptables. > > > [1] http://l7-filter.sourceforge.net/HOWTO-kernel > > -- > Regards, > Mick Hi Mick, thanks for your help ! :) What mechanism is recommended to be used to reinstall/initiate the iptable rules while booting? Any Gentoo-ish? ;) Best regard, Meino