1 |
Michal 'vorner' Vaner wrote: |
2 |
> DROP causes the packet to get blackholed without a trace. It sometimes |
3 |
> happens to packets on internet so it is usual to try again and again |
4 |
> until it succeeds or timeout (usually in tens of seconds) is reached. |
5 |
|
6 |
That was the intention. The site in question is my banks site. And they |
7 |
have a marketing survey company linked to their site which I want to |
8 |
hide from. If I want to use the banks internet services, which I pay |
9 |
for, I don't want third parties to snoop on my activities... |
10 |
|
11 |
I read somewhere that the default timeout for a SYN request is 2 minutes. |
12 |
|
13 |
> Does this help? |
14 |
|
15 |
I tried doing what you suggested: |
16 |
|
17 |
iptables -A OUTPUT/INPUT -m iprange --src-range |
18 |
66.235.128.0-66.235.159.255 -j REJECT |
19 |
|
20 |
iptables -A OUTPUT/INPUT -m iprange --dst-range |
21 |
66.235.128.0-66.235.159.255 -j REJECT |
22 |
|
23 |
This should REJECT from both ends, no? But netstat says the connection |
24 |
is established anyway... |
25 |
|
26 |
With DROP it worked for the first page (it never showed up as SYN_SENT). |
27 |
But when I logged (with DROP) in there would still be a SYN_SENT on port |
28 |
443 (SSL) and firefox would wait for timeout. |
29 |
|
30 |
> Have a nice help |
31 |
|
32 |
Thanks! |
33 |
|
34 |
FYI, I tried using a firefox extension called Siteblock but it doesn't |
35 |
work for "third party" access, only direct, it seems... |
36 |
|
37 |
Best regards |
38 |
|
39 |
Peter K |