| 1 |
> Hello, |
| 2 |
> |
| 3 |
> I am using shorewall on my local computer (the same I'm surfing the web |
| 4 |
> with). My skills with iptables are not really good and my understanding |
| 5 |
> of networking also has some holes in it... However, I'm trying to |
| 6 |
> prevent firefox from accessing a third party site; I'm logging onto a |
| 7 |
> site with firefox. With netstat I can see that besides the usual ip |
| 8 |
> address belonging to the site another ip-address (not belonging to the |
| 9 |
> original site) shows up. While trying to block the additional ip address |
| 10 |
> with both "iptables -A INPUT -s xxxx -j DROP" and "iptables -A OUTPUT -d |
| 11 |
> xxxx -j DROP" it still sends a SYN request to this site. This makes |
| 12 |
> firefox just sit there waiting for a time-out. How can I prevent firefox |
| 13 |
> from accessing the other site, while still accessing the original one? |
| 14 |
> |
| 15 |
> Best regards |
| 16 |
> |
| 17 |
> Peter K |
| 18 |
> |
| 19 |
> |
| 20 |
Couldn't you use squid as a proxy and squidguard for filtering the site |
| 21 |
you want to access or block? |
| 22 |
As an example if you access a web site which have link to advertisement |
| 23 |
third party site, you could use squiguard to block the ad and let you |
| 24 |
browse the content of the original website. |
| 25 |
|
| 26 |
I know this approach doesn't use iptables but perhaps it could help you... |
| 27 |
|
| 28 |
|
| 29 |
-- |
| 30 |
http://www.drakonix.fr |
Archives