1 |
On Wed, Jan 02, 2013 at 11:32:58PM -0500, Michael Orlitzky wrote |
2 |
> On 12/30/2012 10:21 PM, Walter Dnes wrote: |
3 |
> > [0:0] -A FECESBOOK -j LOG --log-prefix "FECESBOOK:" --log-level 6 |
4 |
> > [0:0] -A FECESBOOK -j DROP |
5 |
> > [0:0] -A INPUT -s 192.168.123.248/29 -i eth0 -j ACCEPT |
6 |
> > [0:0] -A INPUT -s 169.254.0.0/16 -i eth0 -j ACCEPT |
7 |
> > [0:0] -A INPUT -i lo -j ACCEPT |
8 |
> > [0:0] -A INPUT -m conntrack --ctstate INVALID,NEW -j UNSOLICITED |
9 |
> |
10 |
> In fact, since you're blocking all outgoing packets to facebook, the |
11 |
> only state that a packet from facebook can have here is INVALID or NEW. |
12 |
> So traffic from facebook will be sent to the UNSOLICITED chain and DROPped. |
13 |
> |
14 |
> |
15 |
> > [0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK |
16 |
> > [0:0] -A INPUT -s 69.220.144.0/20 -j FECESBOOK |
17 |
> > [0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK |
18 |
> > [0:0] -A INPUT -s 69.171.224.0/19 -j FECESBOOK |
19 |
> > [0:0] -A INPUT -s 200.58.112.0/20 -j FECESBOOK |
20 |
> > [0:0] -A INPUT -s 213.155.64.0/19 -j FECESBOOK |
21 |
> |
22 |
> ...making these pointless =) |
23 |
|
24 |
|
25 |
I've run into at least one newspaper website (I forget which, |
26 |
it's occasionally used for links on Slashdot) which ends up trying to |
27 |
redirect me to a Facebook site even though the URL does not mention |
28 |
Facebook at all. There is other integration as well. See the first |
29 |
post in |
30 |
http://www.dslreports.com/forum/r26618459-Increasing-integration-of-facebook-into-many-web-sites |
31 |
I believe this may have been straightened out since then, but 13 months |
32 |
ago that post was correct. And then there's the "LIKE" button which |
33 |
shows up all over the web. |
34 |
|
35 |
The mere fact that you haven't manually typed in... |
36 |
http://www.facebook.com/blah_blah_blah does not mean you're not |
37 |
connecting to it. |
38 |
|
39 |
-- |
40 |
Walter Dnes <waltdnes@××××××××.org> |
41 |
I don't run "desktop environments"; I run useful applications |