1 |
On Saturday 05 Jan 2013 03:26:10 Michael Mol wrote: |
2 |
> On Jan 4, 2013 8:33 PM, "Walter Dnes" <waltdnes@××××××××.org> wrote: |
3 |
> > On Fri, Jan 04, 2013 at 03:27:59PM -0500, Michael Mol wrote |
4 |
> > |
5 |
> > > On Fri, Jan 4, 2013 at 3:17 PM, Walter Dnes <waltdnes@××××××××.org> |
6 |
> |
7 |
> wrote: |
8 |
> > > > The mere fact that you haven't manually typed in... |
9 |
> > > > |
10 |
> > > > http://www.facebook.com/blah_blah_blah does not mean you're not |
11 |
> > > > connecting to it. |
12 |
> > > |
13 |
> > > But all that's above layer 3, since it's an HTTP redirect, or a page |
14 |
> > > transclusion which necessitates a new GET request. Michael's point |
15 |
> > > stands. |
16 |
> > > |
17 |
> > And I want to make sure that new GET request is blocked coming and |
18 |
> > |
19 |
> > going. |
20 |
> > |
21 |
> > -- |
22 |
> > Walter Dnes <waltdnes@××××××××.org> |
23 |
> > I don't run "desktop environments"; I run useful applications |
24 |
> |
25 |
> And it will, for the simple reason that outbound psckets are dropped, so |
26 |
> inbound packets are nevrr valid. That was Michael's point. |
27 |
|
28 |
It will, but only partially. It seems that the list is long and it is getting |
29 |
longer and longer! Check this out: |
30 |
|
31 |
whois -h whois.radb.net -- '-i origin AS32934' | grep ^route |
32 |
|
33 |
(as advised by https://developers.facebook.com/docs/ApplicationSecurity/) |
34 |
|
35 |
BTW, websites may break if you block all these ip ranges. |
36 |
-- |
37 |
Regards, |
38 |
Mick |