1 |
On Mon, Dec 15, 2014 at 07:14:26PM +0100, meino.cramer@×××.de wrote |
2 |
|
3 |
> But it does not work as exspected: With wireshark I still see |
4 |
> the crypted traffic for example to secure.informaction com and |
5 |
> s3-1.amazonaws.com by starting firefox and doing nothing more |
6 |
> (homepage is a blank page...). |
7 |
> |
8 |
> So I need bigger weapons... |
9 |
|
10 |
First, get the IP addresses... |
11 |
|
12 |
[d531][waltdnes][~] nslookup s3-1.amazonaws.com |
13 |
Server: 208.67.222.222 |
14 |
Address: 208.67.222.222#53 |
15 |
|
16 |
Non-authoritative answer: |
17 |
Name: s3-1.amazonaws.com |
18 |
Address: 54.231.1.0 |
19 |
|
20 |
[d531][waltdnes][~] nslookup secure.informaction.com |
21 |
Server: 208.67.222.222 |
22 |
Address: 208.67.222.222#53 |
23 |
|
24 |
Non-authoritative answer: |
25 |
Name: secure.informaction.com |
26 |
Address: 82.103.140.40 |
27 |
Name: secure.informaction.com |
28 |
Address: 82.103.140.42 |
29 |
Name: secure.informaction.com |
30 |
Address: 69.195.141.179 |
31 |
Name: secure.informaction.com |
32 |
Address: 69.195.141.178 |
33 |
|
34 |
With that info in hand, add the following at the top of your iptables |
35 |
"OUTPUT" chain... |
36 |
|
37 |
-A OUTPUT -d 69.195.141.178/31 -j DROP |
38 |
-A OUTPUT -d 82.103.140.40/30 -j DROP |
39 |
-A OUTPUT -d 54.231.1.0/32 - j DROP |
40 |
|
41 |
The first one drops 69.195.141.178 and 69.195.141.179. The second one |
42 |
drops 82.103.140.40, 82.103.140.41, 82.103.140.42, and 82.103.140.43. |
43 |
The third one drops 54.231.1.0. |
44 |
|
45 |
The Amazon cloud service covers 54.230.0.0/15. If s3-1.amazonaws.com |
46 |
is "dynamic", you may have to block that entire range. |
47 |
|
48 |
For those of you who are interested, I'm attaching a copy of my |
49 |
/var/lib/iptables/rules-save which is tweaked for my LAN. Note the |
50 |
following... |
51 |
* this is a paranoid ruleset for general client end-users only. It will |
52 |
*NOT* work for a server |
53 |
* the 192.168.x.y addresses are for my internal LAN |
54 |
* the 169.254.0.0/16 range is for my HDHomerun OTA TV tuner |
55 |
* "the "FECESBOOK" rules block Facebook, coming and going. Firefox |
56 |
spins its wheels for several seconds "Connecting to facebook.com", |
57 |
before giving up. |
58 |
|
59 |
-- |
60 |
Walter Dnes <waltdnes@××××××××.org> |
61 |
I don't run "desktop environments"; I run useful applications |