On Wed, Jan 02, 2013 at 11:32:58PM -0500, Michael Orlitzky wrote > On 12/30/2012 10:21 PM, Walter Dnes wrote: > > [0:0] -A FECESBOOK -j LOG --log-prefix "FECESBOOK:" --log-level 6 > > [0:0] -A FECESBOOK -j DROP > > [0:0] -A INPUT -s 192.168.123.248/29 -i eth0 -j ACCEPT > > [0:0] -A INPUT -s 169.254.0.0/16 -i eth0 -j ACCEPT > > [0:0] -A INPUT -i lo -j ACCEPT > > [0:0] -A INPUT -m conntrack --ctstate INVALID,NEW -j UNSOLICITED > > In fact, since you're blocking all outgoing packets to facebook, the > only state that a packet from facebook can have here is INVALID or NEW. > So traffic from facebook will be sent to the UNSOLICITED chain and DROPped. > > > > [0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK > > [0:0] -A INPUT -s 69.220.144.0/20 -j FECESBOOK > > [0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK > > [0:0] -A INPUT -s 69.171.224.0/19 -j FECESBOOK > > [0:0] -A INPUT -s 200.58.112.0/20 -j FECESBOOK > > [0:0] -A INPUT -s 213.155.64.0/19 -j FECESBOOK > > ...making these pointless =)
I've run into at least one newspaper website (I forget which, it's occasionally used for links on Slashdot) which ends up trying to redirect me to a Facebook site even though the URL does not mention Facebook at all. There is other integration as well. See the first post in http://www.dslreports.com/forum/r26618459-Increasing-integration-of-facebook-into-many-web-sites I believe this may have been straightened out since then, but 13 months ago that post was correct. And then there's the "LIKE" button which shows up all over the web. The mere fact that you haven't manually typed in... http://www.facebook.com/blah_blah_blah does not mean you're not connecting to it. -- Walter Dnes <waltd...@waltdnes.org> I don't run "desktop environments"; I run useful applications
