1 |
On Saturday 13 September 2008 23:36:13 pk wrote: |
2 |
> Hello, |
3 |
> |
4 |
> I am using shorewall on my local computer (the same I'm surfing the web |
5 |
> with). My skills with iptables are not really good and my understanding |
6 |
> of networking also has some holes in it... However, I'm trying to |
7 |
> prevent firefox from accessing a third party site; I'm logging onto a |
8 |
> site with firefox. With netstat I can see that besides the usual ip |
9 |
> address belonging to the site another ip-address (not belonging to the |
10 |
> original site) shows up. While trying to block the additional ip address |
11 |
> with both "iptables -A INPUT -s xxxx -j DROP" and "iptables -A OUTPUT -d |
12 |
> xxxx -j DROP" it still sends a SYN request to this site. This makes |
13 |
> firefox just sit there waiting for a time-out. How can I prevent firefox |
14 |
> from accessing the other site, while still accessing the original one? |
15 |
|
16 |
That's always going to be problematic. Firefox does not know that you have |
17 |
firewalled that address, so will continue doing exactly what it always did - |
18 |
send a SYN and wait for the response. |
19 |
|
20 |
So you'll need to tell Firefox that that IP is banned, in which case you don't |
21 |
need iptables, you need a Firefox plug-in. Go to mozilla's site and find |
22 |
something appropriate. I'll bet there's one already and it's probably called |
23 |
SiteBlock |
24 |
|
25 |
|
26 |
|
27 |
-- |
28 |
alan dot mckinnon at gmail dot com |