[Firewall] Hi

Gustin Johnson gustin at meganerd.ca
Mon Jul 7 23:09:39 CEST 2014


Don't forget fbcdn.com

This solution also does not scale well unless you are using something like
saltstack/chef/puppet to manage your host files across your network.

I appreciate the scripts that Lonnie slapped together since I can see a
potential need to do this network wide at some point.


On Mon, Jul 7, 2014 at 3:05 PM, Eli Wapniarski <eli at orbsky.homelinux.org>
wrote:

> Hi Lonnie.
>
> It turns out that there us is a much simpler solution. All I had to do was
> add
>
> 127.0.0.1 www.facebook.com facebook.com
>
> to my host file.
>
> That did the trick.
>
> I very much appreciate the time that you spent on this.
>
> Sincerely
>
> Eli
>
> On Monday 07 July 2014 04:33:39 Lonnie Abelbeck wrote:
> > Eli,
> >
> > Ahhh, yes BLOCK_HOSTS_FILE will apply to everyone, a second look I see
> you
> > only want it to apply to one internal IP address.
> >
> > Since AIF is on your router for a LAN, then adding to the
> > LAN_INET_FORWARD_CHAIN is the most efficient, and using REJECT instead of
> > DROP is probably better in this case.
> >
> > Another untested script, this time for your AIF custom-rules...
> >
> > ---- /etc/arno-iptables-firewall/custom-rules snippet ----
> >
> > # Reject Facebook for LAN host(s)
> > for shost in internal.host.ip.address; do
> >   echo "[CUSTOM RULE] Reject Facebook for $shost -> INET"
> >   for dhost in $(whois -h whois.radb.net '!gAS32934' | grep '/'); do
> >     iptables -A LAN_INET_FORWARD_CHAIN -s $shost -d $dhost -j REJECT
> >   done
> > done
> >
> > ----
> > Multiple internal.host.ip.address's can be added on the first 'for' if
> > needed.
> >
> > Though, you will have to do a "arno-iptables-firewall restart" to update
> the
> > rules.
> >
> > Lonnie
> >
> > On Jul 6, 2014, at 10:49 PM, Eli Wapniarski wrote:
> > > Thanks for responding Lonnie
> > >
> > > Correct me if I'm wrong, the block hosts file will block everybody
> won't
> > > it?? Actually, the hard work that I did was to google it. lol???
> > >
> > > Eli
> > >
> > > On Sunday 06 July 2014 22:14:01 Lonnie Abelbeck wrote:
> > >> Eli,
> > >>
> > >> If you are not already using the BLOCK_HOSTS_FILE, enable it in
> > >> firewall.conf: --
> > >> BLOCK_HOSTS_FILE="/etc/arno-iptables-firewall/blocked-hosts"
> > >> --
> > >>
> > >> Then run this **untested** script via cron every day or so...
> > >>
> > >> ---- cron script ----
> > >> #!/bin/sh
> > >>
> > >> BLOCK_HOSTS_FILE="/etc/arno-iptables-firewall/blocked-hosts"
> > >>
> > >> (
> > >>
> > >>  for ip in $(whois -h whois.radb.net '!gAS32934' | grep '/'); do
> > >>
> > >>    echo "$ip"
> > >>
> > >>  done
> > >>
> > >> ) > "$BLOCK_HOSTS_FILE"
> > >>
> > >> arno-iptables-firewall force-reload
> > >> ----
> > >>
> > >> You did the hard work with the 'whois' :-)
> > >>
> > >> Lonnie
> > >>
> > >> On Jul 6, 2014, at 7:22 AM, Eli Wapniarski wrote:
> > >>> I was wondering if anyone can help.
> > >>>
> > >>> I probably need to write a custom rule to block facebook access from
> a
> > >>> specific ip address on my internal network. I am having a weird
> problem
> > >>> that where the launcher for an mmorpg game on that computer first
> runs,
> > >>> it tries to access facebook and then crashes. If access to facebook
> is
> > >>> blocked, then the launcher and the game works just fine. The
> developers
> > >>> have been alerted and they are working on a fix.
> > >>>
> > >>> In the meantime, I need to have a rule in place to block all of
> > >>> facebooks
> > >>> ips.
> > >>>
> > >>>
> > >>> I've found a script, which does work, but it would be cool if I could
> > >>> turn
> > >>> this into a custom rule for arnos-iptables-firewall. The script
> follows
> > >>>
> > >>> for ip in `whois -h whois.radb.net '!gAS32934' | grep /`; do
> iptables
> > >>> -A
> > >>> OUTPUT  -p all -d $ip -s internal.host.ip.address -j DROP; done
> > >>>
> > >>> Thanks
> > >>
> > >> _______________________________________________
> > >> Firewall mailing list
> > >> Firewall at rocky.eld.leidenuniv.nl
> > >> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> > >> Arno's (Linux IPTABLES Firewall) Homepage:
> > >> http://rocky.eld.leidenuniv.nl
> > >
> > > _______________________________________________
> > > Firewall mailing list
> > > Firewall at rocky.eld.leidenuniv.nl
> > > http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> > > Arno's (Linux IPTABLES Firewall) Homepage:
> > > http://rocky.eld.leidenuniv.nl
> >
> > _______________________________________________
> > Firewall mailing list
> > Firewall at rocky.eld.leidenuniv.nl
> > http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> > Arno's (Linux IPTABLES Firewall) Homepage:
> > http://rocky.eld.leidenuniv.nl
>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20140707/af998aae/attachment.html>


More information about the Firewall mailing list