| 1 |
On Saturday 05 Jan 2013 03:26:10 Michael Mol wrote: |
| 2 |
> On Jan 4, 2013 8:33 PM, "Walter Dnes" <waltdnes@××××××××.org> wrote: |
| 3 |
> > On Fri, Jan 04, 2013 at 03:27:59PM -0500, Michael Mol wrote |
| 4 |
> > |
| 5 |
> > > On Fri, Jan 4, 2013 at 3:17 PM, Walter Dnes <waltdnes@××××××××.org> |
| 6 |
> |
| 7 |
> wrote: |
| 8 |
> > > > The mere fact that you haven't manually typed in... |
| 9 |
> > > > |
| 10 |
> > > > http://www.facebook.com/blah_blah_blah does not mean you're not |
| 11 |
> > > > connecting to it. |
| 12 |
> > > |
| 13 |
> > > But all that's above layer 3, since it's an HTTP redirect, or a page |
| 14 |
> > > transclusion which necessitates a new GET request. Michael's point |
| 15 |
> > > stands. |
| 16 |
> > > |
| 17 |
> > And I want to make sure that new GET request is blocked coming and |
| 18 |
> > |
| 19 |
> > going. |
| 20 |
> > |
| 21 |
> > -- |
| 22 |
> > Walter Dnes <waltdnes@××××××××.org> |
| 23 |
> > I don't run "desktop environments"; I run useful applications |
| 24 |
> |
| 25 |
> And it will, for the simple reason that outbound psckets are dropped, so |
| 26 |
> inbound packets are nevrr valid. That was Michael's point. |
| 27 |
|
| 28 |
It will, but only partially. It seems that the list is long and it is getting |
| 29 |
longer and longer! Check this out: |
| 30 |
|
| 31 |
whois -h whois.radb.net -- '-i origin AS32934' | grep ^route |
| 32 |
|
| 33 |
(as advised by https://developers.facebook.com/docs/ApplicationSecurity/) |
| 34 |
|
| 35 |
BTW, websites may break if you block all these ip ranges. |
| 36 |
-- |
| 37 |
Regards, |
| 38 |
Mick |
Archives