Forums
| BadPhorm - When good ISPs go bad! :: Forums :: Privacy in an Electronic Age :: Privacy & Encryption |
|
<< Previous thread | Next thread >> |
| Blocking web trackers in Linux | ||
| Go to page >> | |
|
Moderators: Jim Murray, narcosis, felixcatuk, Sammy, revrob
|
| Author | Post | ||
| PingusPeriratus |
| ||
 Registered Member #657 Joined: Fri May 01 2009, 06:32PMPosts: 1226 | Building on the sterling work done by Lardycake and his Blocktracker script and blocked ip list. I say building but really it's just messing about and finding I could enter the list into Firestarter the firewall available in the repos for Ubuntu (I'm using Ubuntu 10.4 LTS) but it should be ok in other versions. Users of other distro's will have to check if Firestarter is available for them. Install firestarter Open Nautilus file manager as root ( ALT-F2 to get run dialog) enter gksu nautilus Navigate to /etc/firestarter/outbound and replace the file deny-to with this one http://www.pingus-periratus.webspace.virginmedia.com/deny-to Restart PC. The firewall (iptables) will start on reboot and incorporate the list into iptables. You can check this by entering, sudo iptables --list in a terminal It may take a while until you see the ip's being listed. To start the Firestarter gui press ALT-F2 and enter gksu firestarter and then your root password. For those who cant use Firestarter Lardycakes's original script and data file are here http://www.pingus-periratus.webspace.virginmedia.com/blocktracker http://www.pingus-periratus.webspace.virginmedia.com/block_outbound_ip.data You will need to alter the location where you put the data file in the Blocktracker script # ***** EDIT LINE BELOW with location of your blocklist file ***** IPLIST="/home/phil/blocked_outbound_ip.data" # *****------------------------------------------------------***** Do right click and save target or save link as to get the files [ Edited Sat Jul 30 2011, 10:45PM ] | ||
| Back to top | | ||
| lardycake |
| ||
 Registered Member #141 Joined: Sun Mar 09 2008, 06:17PMPosts: 183 | Hi Pingus, I have an updated script that will read an IP block list file that can contain optional comments eg: 123.123.123.123 #bad bot from badbot.com The bit after the hash is the comment. If you are interested I will post the script. I found the list had got so long that I needed comments to know what was going on and what I had blocked or not. [ Edited Sun Jul 31 2011, 10:31PM ] | ||
| Back to top | | ||
| PingusPeriratus |
| ||
| Registered Member #657 Joined: Fri May 01 2009, 06:32PMPosts: 1226 | Hi Lardycake, Yes please would like to see it. | ||
| Back to top | | ||
| lardycake |
| ||
| Registered Member #141 Joined: Sun Mar 09 2008, 06:17PMPosts: 183 | http://pastebin.com/uZKgkSkn | ||
| Back to top | | ||
| PingusPeriratus |
| ||
| Registered Member #657 Joined: Fri May 01 2009, 06:32PMPosts: 1226 | Cheers Lardycake, I'm sure it will be helpful to quite a few members | ||
| Back to top | | ||
| Gordon |
| ||
 Registered Member #287 Joined: Thu Apr 03 2008, 09:06PMPosts: 445 | Right - I'm thick. I'm running Ubuntu 10.04 - Xubuntu actually, so for me "gksu nautilus" becomes "gksu thunar", but everything basically works the same way. I have Firestarter - complete with the tray icon, so to open the Firestarter GUI I just click that instead of doing ALT-F2 and entering gksu firestarter. Now... Having thrown in a few IPs just to experiment before I actually put the proper list in, if I check things using sudo iptables --list, they show up, either as a block or, if it's a single IP rather than a range, with the hostname, thus: Chain OUTBOUND (1 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED LSO all -- anywhere 64.215.254.0/23 LSO all -- anywhere 216.73.80.0/20 LSO all -- anywhere cache02.theplanet.com LSO all -- anywhere 208.77.164.0/22 LSO all -- anywhere 70.42.249.0/24 ACCEPT all -- anywhere anywhere ...but when I look at Firestarter, going to the outbound policy bit, which is set to "Permissive by default, blacklist traffic" I find that the "Deny connections to host" bit is as blank as it was before. ??? Have I screwed something up, or is it just that Firestarter only shows *additional* blocked stuff that has been entered manually, not stuff that's already been dealt with by IP tables? | ||
| Back to top | | ||
| PingusPeriratus |
| ||
| Registered Member #657 Joined: Fri May 01 2009, 06:32PMPosts: 1226 | Nope youre ok . My fault for not menioning it. The ip's dont show up in Firestarter, but I did test it by entering s selection of the ip's from the list into Firefox and iptables --list [ Edited Thu Aug 04 2011, 10:04PM ] | ||
| Back to top | | ||
| Gordon |
| ||
| Registered Member #287 Joined: Thu Apr 03 2008, 09:06PMPosts: 445 | Oh! You mean I did something correctly? Well, we can't have that, can we? I think I'll have to give up this Linux lark and go back to my old Windoze ME (I think "ME" stands for "Made to Explode") that I abandoned about four years ago after running a dual-boot system for a while while I got used to Linux. I used to have hours (sometimes days) of fun fixing it after the inevitable crash every time I altered anything - Linux is much too boring! ;) Thanks for that, Pingus. :) | ||
| Back to top | | ||
| Gordon |
| ||
| Registered Member #287 Joined: Thu Apr 03 2008, 09:06PMPosts: 445 | Oops - forgot to say... Thanks to you also, lardycake, for your original work on this. :) | ||
| Back to top | | ||
| PingusPeriratus |
| ||
| Registered Member #657 Joined: Fri May 01 2009, 06:32PMPosts: 1226 | This may help anyone not familiar with firestarter. http://www.pcdudes.co.uk/showthread.php?203-Firestarter-Firewall-Configuration-for-Ubuntu | ||
| Back to top | | ||
| Go to page >> | |
Powered by e107 Forum System