Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Walter Dnes <waltdnes@××××××××.org>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] IPTABLES syntax change?
Date: Fri, 04 Jan 2013 20:19:41
Message-Id: 20130104201702.GA16813@waltdnes.org
In Reply to: Re: [gentoo-user] IPTABLES syntax change? by Michael Orlitzky
1 On Wed, Jan 02, 2013 at 11:32:58PM -0500, Michael Orlitzky wrote
2 > On 12/30/2012 10:21 PM, Walter Dnes wrote:
3 > > [0:0] -A FECESBOOK -j LOG --log-prefix "FECESBOOK:" --log-level 6
4 > > [0:0] -A FECESBOOK -j DROP
5 > > [0:0] -A INPUT -s 192.168.123.248/29 -i eth0 -j ACCEPT
6 > > [0:0] -A INPUT -s 169.254.0.0/16 -i eth0 -j ACCEPT
7 > > [0:0] -A INPUT -i lo -j ACCEPT
8 > > [0:0] -A INPUT -m conntrack --ctstate INVALID,NEW -j UNSOLICITED
9 >
10 > In fact, since you're blocking all outgoing packets to facebook, the
11 > only state that a packet from facebook can have here is INVALID or NEW.
12 > So traffic from facebook will be sent to the UNSOLICITED chain and DROPped.
13 >
14 >
15 > > [0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK
16 > > [0:0] -A INPUT -s 69.220.144.0/20 -j FECESBOOK
17 > > [0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK
18 > > [0:0] -A INPUT -s 69.171.224.0/19 -j FECESBOOK
19 > > [0:0] -A INPUT -s 200.58.112.0/20 -j FECESBOOK
20 > > [0:0] -A INPUT -s 213.155.64.0/19 -j FECESBOOK
21 >
22 > ...making these pointless =)
23
24
25 I've run into at least one newspaper website (I forget which,
26 it's occasionally used for links on Slashdot) which ends up trying to
27 redirect me to a Facebook site even though the URL does not mention
28 Facebook at all. There is other integration as well. See the first
29 post in
30 http://www.dslreports.com/forum/r26618459-Increasing-integration-of-facebook-into-many-web-sites
31 I believe this may have been straightened out since then, but 13 months
32 ago that post was correct. And then there's the "LIKE" button which
33 shows up all over the web.
34
35 The mere fact that you haven't manually typed in...
36 http://www.facebook.com/blah_blah_blah does not mean you're not
37 connecting to it.
38
39 --
40 Walter Dnes <waltdnes@××××××××.org>
41 I don't run "desktop environments"; I run useful applications

Replies

Subject Author
Re: [gentoo-user] IPTABLES syntax change? Michael Mol <mikemol@×××××.com>
Report Message
Find on MARC Find on Google Groups