From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id D9521138CD3 for ; Fri, 29 May 2015 12:53:17 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0DEF3E087A; Fri, 29 May 2015 12:53:09 +0000 (UTC) Received: from mail-wi0-f173.google.com (mail-wi0-f173.google.com [209.85.212.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id F3384E0855 for ; Fri, 29 May 2015 12:53:07 +0000 (UTC) Received: by wivl4 with SMTP id l4so16455188wiv.1 for ; Fri, 29 May 2015 05:53:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=MUVF8ZSp1kK3LwSBRlsUE2hcsqytH0XHMcYQZgECo6k=; b=uEAv8B9bFKrGtcTvf09hoSq5OBPmWDygCIYjSQluxY16ZseqASno/EQrl+fjuUyd0q Bkw4+GxgZ+Bfub8bjOj2/RRLeNTssAZ8w89Pg/GRbSMMVdClReHxXI0vkoXINJqf8HLN SX6L68Q9uF8ikBqEJR8EABSdcWaZ56XJJIvDVvB6fWCAC2se2nEHaVmWI4qagU3Jw2i3 dNMikBSHSmir6BvvhTjmYqMznSkcfepx8eKy3I0ebdNaqKc6B1Glccr3N/1m86JpfarI WekLbhvmKJsDkura4sO10hobq/WMn8aEDN2LeRKS1ItXjAOH5rVBCHjuqoEQErnMHHiF Wl9w== X-Received: by 10.180.105.38 with SMTP id gj6mr6114281wib.90.1432903986717; Fri, 29 May 2015 05:53:06 -0700 (PDT) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by mx.google.com with ESMTPSA id k2sm3022023wif.3.2015.05.29.05.53.05 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 29 May 2015 05:53:05 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Blocking certain sites the easy way ? Date: Fri, 29 May 2015 13:52:57 +0100 User-Agent: KMail/1.13.7 (Linux/3.18.12-gentoo; KDE/4.14.3; x86_64; ; ) References: <20150528051108.GB4276@solfire> <201505280636.46432.michaelkintzios@gmail.com> <20150528064423.GF4276@solfire> In-Reply-To: <20150528064423.GF4276@solfire> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3687179.eGZ9bGrXs2"; protocol="application/pgp-signature"; micalg=pgp-sha256 Content-Transfer-Encoding: 7bit Message-Id: <201505291353.00433.michaelkintzios@gmail.com> X-Archives-Salt: c767516b-d49c-4673-b7c9-e1fa913d455d X-Archives-Hash: 47e5882dc79650aa457921f7efd1ceeb --nextPart3687179.eGZ9bGrXs2 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Thursday 28 May 2015 07:44:23 Meino.Cramer@gmx.de wrote: > Mick [15-05-28 07:44]: > > On Thursday 28 May 2015 06:11:08 Meino.Cramer@gmx.de wrote: > > > Hi, > > >=20 > > > With wireshark I found, that firefox accesses sites on startup, from > > > which I dont know, for what reason this access is needed or whether > > > the NSA, CIA, FBI, BDN, MOSSAD (fill in what organisation you ever > > > suspect to do such things) has invaded my PC. > >=20 > > It may none of the above, but FF and any addons checking what the latest > > version is of themselves, as well as the Google search on the default > > hope page doing a DNS query or some such. > >=20 > > > I want to block such accesses for two reasons: First is ...hmmm... > > > to block that accesses...second is to find out what will not work > > > than. > > >=20 > > > I dont want to install and configure a complete full blown firewalled > > > SEL-Linux thingy here and I dont want to reboot my Linux box for every > > > new site I added. I am looking for a simple solution, which I can use > > > without studying the history of TCP/IP and others... ;))) > > >=20 > > > What can I use for this purpose? > >=20 > > You could try an application layer filter[1], but I think it won't work > > insofar the connections you observed are probably using ports and > > protocols same as your day to day browsing activity. Therefore you will > > likely need to use iptables to block individual domains or IP addresses > > and then regularly add to the list when the servers your browser wants > > to contact change in that amorphous and reconfiguring cloud out there. > >=20 > > You don't have to reboot your box when you change rules, but you'll need > > to reload iptables. > >=20 > >=20 > > [1] http://l7-filter.sourceforge.net/HOWTO-kernel >=20 > Hi Mick, >=20 > thanks for your help ! :) >=20 > What mechanism is recommended to be used to reinstall/initiate the > iptable rules while booting? Any Gentoo-ish? ;) iptables save any rules in: /var/lib/iptables/rules-save You can edit this and then run '/sbin/iptables-apply -t 90'=20 in case you have something wrong in there and there is a risk of locking=20 yourself out. Or run '/etc/init.d/iptables stop' then change /var/lib/iptables/rules-save= to=20 your liking and then '/etc/init.d/iptables start' This is for vanilla iptables (IPv4). There are other scripts available (li= ke=20 arnos-firewall) which have their own configuration files as a front end to= =20 iptables. =2D-=20 Regards, Mick --nextPart3687179.eGZ9bGrXs2 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAABCAAGBQJVaGEsAAoJELAdA+zwE4YeTFYH/3Hs3TLLVHd64/m7hwloF/iw fx6y7YHnCGEt4pYIeR7+r0+Fj+kkCcRfSN/JZHDGKVPnNXelda5rKQp3AeS/H1ww p2Pbqephg6Psfcg8LEWalA44dO1zsiR6wM+HGnZPhZ2Hzmb8cOoQ1JN9vK9Xk0K2 pUFkAPhdki4JTx8nSNZwnVY/qqpSM45HMgbX2NMctjLIEelmAeUJFSOSu3BKd/U5 NHKCXl5auwJd9ulT/DcLBMwN13Txco5s05svXlmb9zcltaPJtBAwGcbJ0iyE7AWR 5rQu6Xk0QOI9bxpg/fNFG4/LhZHa/1eBT1de/VLU19sAFHiR0Ta34RXiDUUS3v0= =TrHp -----END PGP SIGNATURE----- --nextPart3687179.eGZ9bGrXs2--