1 |
Alan McKinnon <alan.mckinnon@×××××.com> [14-12-16 03:43]: |
2 |
> On 15/12/2014 18:47, meino.cramer@×××.de wrote: |
3 |
> > Hi, |
4 |
> > |
5 |
> > this question is not related to a fully fledged, |
6 |
> > big local area network with DMZs and such. |
7 |
> > |
8 |
> > Even the word "firewall" seems to be a little too |
9 |
> > "huge and mighty" in this context to me. |
10 |
> > |
11 |
> > "The network" consists of a PC, which is connected |
12 |
> > to a FritzBox (cable, no Wifi/WLAN), which connects |
13 |
> > to the ISP (internet) and (same adress range) to a |
14 |
> > embedded system (eth1) |
15 |
> > |
16 |
> > There are two additional embedded systems, both on |
17 |
> > a separate interface (eth over usb: usb0 & usb1). |
18 |
> > |
19 |
> > I want to block (DROP or REJECT) the access to certain |
20 |
> > sites (the "noise" which is produced mostly by sites, |
21 |
> > which all exclusively "only want my best": ads, trackers, analysts |
22 |
> > and so on...) |
23 |
> > |
24 |
> > I tried different tools: fwbuilder, which locks up either itsself |
25 |
> > or my rulesset...I had to reboot and Shorewall, which definitely |
26 |
> > is a great tool....a little too great tool and much more capable |
27 |
> > as I am... ;) |
28 |
> > |
29 |
> > I am sure that the problems are mostly not the problems of the |
30 |
> > tools but mine. |
31 |
> > |
32 |
> > Is there any simple straight forward tool to just block accesses |
33 |
> > to certain sites? |
34 |
> |
35 |
> |
36 |
> |
37 |
> to do it network-wide: squid |
38 |
> |
39 |
> to do it on a per-pc per-browser basis: there's a large variety of |
40 |
> firefox plugins to chose from that will block this and allow that. It |
41 |
> seems to me this is the better approach as you want to stop your browser |
42 |
> chatting with sites who only have your best interest at heart :-) |
43 |
> |
44 |
> |
45 |
> Either way, the list of black and white lists gets very big very quick, |
46 |
> so chose your tool carefully. Try a bunch and pick one that makes sense |
47 |
> to you, bonus points if it comes with a community-supported blacklist |
48 |
> you can drop in, maintained by people whose POV matches your own. |
49 |
> |
50 |
> You don't want a classic firewall for this; firewalls are mostly built |
51 |
> to block based on address and port, this is not how you solve your problem |
52 |
> |
53 |
> -- |
54 |
> Alan McKinnon |
55 |
> alan.mckinnon@×××××.com |
56 |
> |
57 |
|
58 |
Hi Alan, |
59 |
|
60 |
thanks for reply! :) |
61 |
|
62 |
actually the thing is: There is a plugin called "NoScript" which |
63 |
constantly accesses secure.informaction.com, which is the author |
64 |
of this plugin. |
65 |
I tried a lot to block that access from inside firefox but did |
66 |
not find a way to do so (read: _I_ did not find... ;) |
67 |
|
68 |
If you know a plugin for firefox which is able to block accesses |
69 |
from all other plugins to certain sites of the internet I would |
70 |
be happy to check that out. |
71 |
|
72 |
I tried to block the accesses via iptable rules which DROP/REJECT |
73 |
the name and the IP-address of that site...no chance. |
74 |
|
75 |
The IP has not changed of that site... |
76 |
|
77 |
Wireshark still reports traffic to and from that site and following |
78 |
the TCP stream with wireshark shows, that the traffic has encrypted |
79 |
contents. |
80 |
|
81 |
The other access, which origin I haven't located exactly yet (its |
82 |
origin is in firefox (a plugin I think), is to |
83 |
s3-1.amazonaws.com. |
84 |
I also want to block this. |
85 |
|
86 |
Please what is the plugin of the large variety of plugins, which is |
87 |
able to block access of all other plugins to customer defined sites? |
88 |
|
89 |
Thank you very much in advance for any help. |
90 |
|
91 |
Best regards, |
92 |
Meino |