Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Not if you want people to read it. There is also a lot to be said for keeping all the discussion and the code in the same place. Pastebin links expire quickly, so the link will be dead sooner or later, and there's no telling how long that site as whole will be around. LQ posts will be around as long as LQ is around and that's what matters in this context.
So you can block the site's IP address, as evidenced by the second curl command. When you use the site's DNS name, traffic is not blocked. Which tells me that the first curl command above resolves waterfox.net to a different IP address.
The only different IP address that I can find is 2001:bc8:6005:1b:dac4:97ff:fe2a:2ec0. So, try again after adding this rule to the OUTPUT chain:
Code:
iptables6 -I OUTPUT -d 2001:bc8:6005:1b:dac4:97ff:fe2a:2ec0/128 -j DROP
(I can't test this because I don't have IPv6 enabled right now)
Last edited by berndbausch; 09-09-2020 at 07:09 PM.
For archival and access purposes can you please post it here within [code] [/code] tags? Thanks in advance.
I tried.
Quote:
The following errors occurred with your submission:
The text that you have entered is too long (76480 characters). Please shorten it to 30000 characters long.
Thoughts.
Browser cache clear.
Ideally router would block.
Set hosts file for address to bad name and a 0.0.0.0 address. This may not work on some types of proxy.
iptables6 -I OUTPUT -d 2001:bc8:6005:1b:dac4:97ff:fe2a:2ec0/128 -j DROP
I found that iptables6 in Debian is ip6tables. Grumble.
So:
Code:
ip6tables -I OUTPUT -d 2001:bc8:6005:1b:dac4:97ff:fe2a:2ec0/128 -j DROP
That really blocks the site I wanted to. Solved.
Note: I investigated NFtables and fwbuilder, and found both way too complicated for me. Maybe they seem 'simple' if you're used to iptables and know what you're doing. Neither is my case. I felt very helpeless at all the material that I read. I installed fwbuilder and found it very difficult to understand, never mind to use. That firewall script I shared on Pastebin has done the job for me for many years.
Great that it's working. One thing which will increase the speed would be to use REJECT as a target instead of DROP on the outgoing packets. Otherwise it is you who has to wait for the connection to time out.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
