> Hello, > > I am using shorewall on my local computer (the same I'm surfing the web > with). My skills with iptables are not really good and my understanding > of networking also has some holes in it... However, I'm trying to > prevent firefox from accessing a third party site; I'm logging onto a > site with firefox. With netstat I can see that besides the usual ip > address belonging to the site another ip-address (not belonging to the > original site) shows up. While trying to block the additional ip address > with both "iptables -A INPUT -s xxxx -j DROP" and "iptables -A OUTPUT -d > xxxx -j DROP" it still sends a SYN request to this site. This makes > firefox just sit there waiting for a time-out. How can I prevent firefox > from accessing the other site, while still accessing the original one? > > Best regards > > Peter K > > Couldn't you use squid as a proxy and squidguard for filtering the site you want to access or block? As an example if you access a web site which have link to advertisement third party site, you could use squiguard to block the ad and let you browse the content of the original website.
I know this approach doesn't use iptables but perhaps it could help you... -- http://www.drakonix.fr
