| 1 |
Michal 'vorner' Vaner wrote: |
| 2 |
> DROP causes the packet to get blackholed without a trace. It sometimes |
| 3 |
> happens to packets on internet so it is usual to try again and again |
| 4 |
> until it succeeds or timeout (usually in tens of seconds) is reached. |
| 5 |
|
| 6 |
That was the intention. The site in question is my banks site. And they |
| 7 |
have a marketing survey company linked to their site which I want to |
| 8 |
hide from. If I want to use the banks internet services, which I pay |
| 9 |
for, I don't want third parties to snoop on my activities... |
| 10 |
|
| 11 |
I read somewhere that the default timeout for a SYN request is 2 minutes. |
| 12 |
|
| 13 |
> Does this help? |
| 14 |
|
| 15 |
I tried doing what you suggested: |
| 16 |
|
| 17 |
iptables -A OUTPUT/INPUT -m iprange --src-range |
| 18 |
66.235.128.0-66.235.159.255 -j REJECT |
| 19 |
|
| 20 |
iptables -A OUTPUT/INPUT -m iprange --dst-range |
| 21 |
66.235.128.0-66.235.159.255 -j REJECT |
| 22 |
|
| 23 |
This should REJECT from both ends, no? But netstat says the connection |
| 24 |
is established anyway... |
| 25 |
|
| 26 |
With DROP it worked for the first page (it never showed up as SYN_SENT). |
| 27 |
But when I logged (with DROP) in there would still be a SYN_SENT on port |
| 28 |
443 (SSL) and firefox would wait for timeout. |
| 29 |
|
| 30 |
> Have a nice help |
| 31 |
|
| 32 |
Thanks! |
| 33 |
|
| 34 |
FYI, I tried using a firefox extension called Siteblock but it doesn't |
| 35 |
work for "third party" access, only direct, it seems... |
| 36 |
|
| 37 |
Best regards |
| 38 |
|
| 39 |
Peter K |
Archives