On Saturday 13 September 2008 23:36:13 pk wrote: > Hello, > > I am using shorewall on my local computer (the same I'm surfing the web > with). My skills with iptables are not really good and my understanding > of networking also has some holes in it... However, I'm trying to > prevent firefox from accessing a third party site; I'm logging onto a > site with firefox. With netstat I can see that besides the usual ip > address belonging to the site another ip-address (not belonging to the > original site) shows up. While trying to block the additional ip address > with both "iptables -A INPUT -s xxxx -j DROP" and "iptables -A OUTPUT -d > xxxx -j DROP" it still sends a SYN request to this site. This makes > firefox just sit there waiting for a time-out. How can I prevent firefox > from accessing the other site, while still accessing the original one?
That's always going to be problematic. Firefox does not know that you have firewalled that address, so will continue doing exactly what it always did - send a SYN and wait for the response. So you'll need to tell Firefox that that IP is banned, in which case you don't need iptables, you need a Firefox plug-in. Go to mozilla's site and find something appropriate. I'll bet there's one already and it's probably called SiteBlock -- alan dot mckinnon at gmail dot com
