Alan McKinnon wrote:
On Saturday 13 September 2008 23:36:13 pk wrote:
Hello,
I am using shorewall on my local computer (the same I'm surfing the web
with). My skills with iptables are not really good and my understanding
of networking also has some holes in it... However, I'm trying to
prevent firefox from accessing a third party site; I'm logging onto a
site with firefox. With netstat I can see that besides the usual ip
address belonging to the site another ip-address (not belonging to the
original site) shows up. While trying to block the additional ip address
with both "iptables -A INPUT -s xxxx -j DROP" and "iptables -A OUTPUT -d
xxxx -j DROP" it still sends a SYN request to this site. This makes
firefox just sit there waiting for a time-out. How can I prevent firefox
from accessing the other site, while still accessing the original one?
That's always going to be problematic. Firefox does not know that you have
firewalled that address, so will continue doing exactly what it always did -
send a SYN and wait for the response.
So you'll need to tell Firefox that that IP is banned, in which case you don't
need iptables, you need a Firefox plug-in. Go to mozilla's site and find
something appropriate. I'll bet there's one already and it's probably called
SiteBlock
Wouldn't adblock do the same thing? To block say all of google, he
could block this: *.google.com/* Nothing google should come through.
At least that is how I do it here with Seamonkey.
Just curious.
Dale
:-) :-)
