From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-164592-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id D9521138CD3
	for <garchives@archives.gentoo.org>; Fri, 29 May 2015 12:53:17 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 0DEF3E087A;
	Fri, 29 May 2015 12:53:09 +0000 (UTC)
Received: from mail-wi0-f173.google.com (mail-wi0-f173.google.com [209.85.212.173])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id F3384E0855
	for <gentoo-user@lists.gentoo.org>; Fri, 29 May 2015 12:53:07 +0000 (UTC)
Received: by wivl4 with SMTP id l4so16455188wiv.1
        for <gentoo-user@lists.gentoo.org>; Fri, 29 May 2015 05:53:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=from:reply-to:to:subject:date:user-agent:references:in-reply-to
         :mime-version:content-type:content-transfer-encoding:message-id;
        bh=MUVF8ZSp1kK3LwSBRlsUE2hcsqytH0XHMcYQZgECo6k=;
        b=uEAv8B9bFKrGtcTvf09hoSq5OBPmWDygCIYjSQluxY16ZseqASno/EQrl+fjuUyd0q
         Bkw4+GxgZ+Bfub8bjOj2/RRLeNTssAZ8w89Pg/GRbSMMVdClReHxXI0vkoXINJqf8HLN
         SX6L68Q9uF8ikBqEJR8EABSdcWaZ56XJJIvDVvB6fWCAC2se2nEHaVmWI4qagU3Jw2i3
         dNMikBSHSmir6BvvhTjmYqMznSkcfepx8eKy3I0ebdNaqKc6B1Glccr3N/1m86JpfarI
         WekLbhvmKJsDkura4sO10hobq/WMn8aEDN2LeRKS1ItXjAOH5rVBCHjuqoEQErnMHHiF
         Wl9w==
X-Received: by 10.180.105.38 with SMTP id gj6mr6114281wib.90.1432903986717;
        Fri, 29 May 2015 05:53:06 -0700 (PDT)
Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230])
        by mx.google.com with ESMTPSA id k2sm3022023wif.3.2015.05.29.05.53.05
        for <gentoo-user@lists.gentoo.org>
        (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Fri, 29 May 2015 05:53:05 -0700 (PDT)
From: Mick <michaelkintzios@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Blocking certain sites the easy way ?
Date: Fri, 29 May 2015 13:52:57 +0100
User-Agent: KMail/1.13.7 (Linux/3.18.12-gentoo; KDE/4.14.3; x86_64; ; )
References: <20150528051108.GB4276@solfire> <201505280636.46432.michaelkintzios@gmail.com> <20150528064423.GF4276@solfire>
In-Reply-To: <20150528064423.GF4276@solfire>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart3687179.eGZ9bGrXs2";
  protocol="application/pgp-signature";
  micalg=pgp-sha256
Content-Transfer-Encoding: 7bit
Message-Id: <201505291353.00433.michaelkintzios@gmail.com>
X-Archives-Salt: c767516b-d49c-4673-b7c9-e1fa913d455d
X-Archives-Hash: 47e5882dc79650aa457921f7efd1ceeb

--nextPart3687179.eGZ9bGrXs2
Content-Type: Text/Plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable

On Thursday 28 May 2015 07:44:23 Meino.Cramer@gmx.de wrote:
> Mick <michaelkintzios@gmail.com> [15-05-28 07:44]:
> > On Thursday 28 May 2015 06:11:08 Meino.Cramer@gmx.de wrote:
> > > Hi,
> > >=20
> > > With wireshark I found, that firefox accesses sites on startup, from
> > > which I dont know, for what reason this access is needed or whether
> > > the NSA, CIA, FBI, BDN, MOSSAD (fill in what organisation you ever
> > > suspect to do such things) has invaded my PC.
> >=20
> > It may none of the above, but FF and any addons checking what the latest
> > version is of themselves, as well as the Google search on the default
> > hope page doing a DNS query or some such.
> >=20
> > > I want to block such accesses for two reasons: First is ...hmmm...
> > > to block that accesses...second is to find out what will not work
> > > than.
> > >=20
> > > I dont want to install and configure a complete full blown firewalled
> > > SEL-Linux thingy here and I dont want to reboot my Linux box for every
> > > new site I added. I am looking for a simple solution, which I can use
> > > without studying the history of TCP/IP and others... ;)))
> > >=20
> > > What can I use for this purpose?
> >=20
> > You could try an application layer filter[1], but I think it won't work
> > insofar the connections you observed are probably using ports and
> > protocols same as your day to day browsing activity.  Therefore you will
> > likely need to use iptables to block individual domains or IP addresses
> > and then regularly add to the list when the servers your browser wants
> > to contact change in that amorphous and reconfiguring cloud out there.
> >=20
> > You don't have to reboot your box when you change rules, but you'll need
> > to reload iptables.
> >=20
> >=20
> > [1] http://l7-filter.sourceforge.net/HOWTO-kernel
>=20
> Hi Mick,
>=20
> thanks for your help ! :)
>=20
> What mechanism is recommended to be used to reinstall/initiate the
> iptable rules while booting? Any Gentoo-ish? ;)

iptables save any rules in:  /var/lib/iptables/rules-save

You can edit this and then run '/sbin/iptables-apply -t 90'=20

in case you have something wrong in there and there is a risk of locking=20
yourself out.

Or run '/etc/init.d/iptables stop' then change /var/lib/iptables/rules-save=
 to=20
your liking and then '/etc/init.d/iptables start'


This is for vanilla iptables (IPv4).  There are other scripts available (li=
ke=20
arnos-firewall) which have their own configuration files as a front end to=
=20
iptables.

=2D-=20
Regards,
Mick

--nextPart3687179.eGZ9bGrXs2
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAABCAAGBQJVaGEsAAoJELAdA+zwE4YeTFYH/3Hs3TLLVHd64/m7hwloF/iw
fx6y7YHnCGEt4pYIeR7+r0+Fj+kkCcRfSN/JZHDGKVPnNXelda5rKQp3AeS/H1ww
p2Pbqephg6Psfcg8LEWalA44dO1zsiR6wM+HGnZPhZ2Hzmb8cOoQ1JN9vK9Xk0K2
pUFkAPhdki4JTx8nSNZwnVY/qqpSM45HMgbX2NMctjLIEelmAeUJFSOSu3BKd/U5
NHKCXl5auwJd9ulT/DcLBMwN13Txco5s05svXlmb9zcltaPJtBAwGcbJ0iyE7AWR
5rQu6Xk0QOI9bxpg/fNFG4/LhZHa/1eBT1de/VLU19sAFHiR0Ta34RXiDUUS3v0=
=TrHp
-----END PGP SIGNATURE-----

--nextPart3687179.eGZ9bGrXs2--