LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-24-2020, 11:03 PM   #1
RandomTroll
Senior Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 1,539

Rep: Reputation: 244Reputation: 244Reputation: 244
Is there a way to block all outgoing access of a domain?


I want to block all access to Google. Is there a way to do this?
 
Old 11-25-2020, 06:11 AM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,141

Rep: Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332
Yeah, obtain the Google IP address ranges and block them: https://support.google.com/a/answer/10026322?hl=en
 
Old 11-25-2020, 09:16 AM   #3
teckk
Senior Member
 
Registered: Oct 2004
Distribution: FreeBSD Arch
Posts: 3,281

Rep: Reputation: 984Reputation: 984Reputation: 984Reputation: 984Reputation: 984Reputation: 984Reputation: 984Reputation: 984
If you do that, half of the internet won't work. Same as blocking Amazon or Cloudflare.
 
1 members found this post helpful.
Old 11-25-2020, 09:42 AM   #4
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,556

Rep: Reputation: 1581Reputation: 1581Reputation: 1581Reputation: 1581Reputation: 1581Reputation: 1581Reputation: 1581Reputation: 1581Reputation: 1581Reputation: 1581Reputation: 1581
Quote:
Originally Posted by teckk View Post
If you do that, half of the internet won't work. Same as blocking Amazon or Cloudflare.
Don't be silly, of COURSE the internet will still work. You simply will not be able to access any google services. That means you might want to change your search default to something other than google, use a non-google mail server, and plan on some faults when you hit web sites that require Google services or authentications.

Google did not invent the internet, the internet was here first and much of it is totally independent of google, amazon, and cloudflare.


And look, it is easy enough to give it a try and if it is terribly inconvenient to live without google just undo the blockage. Document your change
AND a backout plan so you have it to follow even should you forget.
 
2 members found this post helpful.
Old 11-25-2020, 10:00 AM   #5
boughtonp
Member
 
Registered: Feb 2007
Location: UK
Distribution: Debian
Posts: 967

Rep: Reputation: 740Reputation: 740Reputation: 740Reputation: 740Reputation: 740Reputation: 740Reputation: 740

A browser plugin like uMatrix can be configured to block all Google domains, and conditionally unblock them for specific websites only as needed.

 
1 members found this post helpful.
Old 11-25-2020, 11:19 AM   #6
RandomTroll
Senior Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 1,539

Original Poster
Rep: Reputation: 244Reputation: 244Reputation: 244
Quote:
Originally Posted by TenTenths View Post
obtain the Google IP address ranges and block
Google was just an example. I wanted to know how to block any address.

Quote:
Originally Posted by teckk View Post
If you do that, half of the internet won't work.
Quote:
Originally Posted by wpeckham View Post
Don't be silly, of COURSE the internet will
still work. You simply will not be able to access any google
services.
Which includes the 'multiquote' feature of LQ, which uses
google-analytics.


Quote:
Originally Posted by boughtonp View Post
A browser plugin like uMatrix can be
configured to block all Google domains, and conditionally unblock them
for specific websites only as needed.
It's apparently not just browser accesses. There seems to be traffic
I don't know about happening even when I have no browser loaded.
 
Old 11-25-2020, 11:27 AM   #7
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,141

Rep: Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332
Quote:
Originally Posted by RandomTroll View Post
Google was just an example. I wanted to know how to block any address.
You didn't ask that, you asked how to block google.com

Same thing applies, find all the IP addresses the domain uses and block them. For large providers like Google / AWS / etc. they may publish their ranges (usually for the other way around, to allow companies to whitelist their IPs) but for smaller companies it may be harder.
 
Old 11-25-2020, 11:42 AM   #8
boughtonp
Member
 
Registered: Feb 2007
Location: UK
Distribution: Debian
Posts: 967

Rep: Reputation: 740Reputation: 740Reputation: 740Reputation: 740Reputation: 740Reputation: 740Reputation: 740
Quote:
Originally Posted by RandomTroll View Post
It's apparently not just browser accesses. There seems to be traffic
I don't know about happening even when I have no browser loaded.
Then configure your firewall properly, and/or use Pi-hole.


Quote:
Which includes the 'multiquote' feature of LQ, which uses
google-analytics.
No it doesn't. The multiquote feature has been made to depend on cdnjs.cloudflare.com but does NOT depend on google-analytics.com


Last edited by boughtonp; 11-25-2020 at 11:46 AM.
 
1 members found this post helpful.
Old 11-25-2020, 09:19 PM   #9
RandomTroll
Senior Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 1,539

Original Poster
Rep: Reputation: 244Reputation: 244Reputation: 244
Quote:
Originally Posted by TenTenths View Post
You didn't ask that, you asked how to block google.com
In the subject line I asked that.


Quote:
Originally Posted by boughtonp View Post
Then configure your firewall properly, and/or use Pi-hole.
The Linux HOWTO on firewalls is 20 years old; I've never heard of Pi-hole. Where's a good place to start for the newbie who doesn't want to learn everything?


Quote:
Originally Posted by boughtonp View Post
No it doesn't. The multiquote feature has been made to depend on cdnjs.cloudflare.com but does NOT depend on google-analytics.com
You're right. I don't understand how to use uMatrix. I blocked Google's access and multiquote stopped working. When I looked
this time I saw that cloudflare was also blocked even though I didn't specify that. As I've experimented with other sites I see that uMatrix has blocked a number of domains without my instruction.
 
Old 11-26-2020, 08:28 AM   #10
boughtonp
Member
 
Registered: Feb 2007
Location: UK
Distribution: Debian
Posts: 967

Rep: Reputation: 740Reputation: 740Reputation: 740Reputation: 740Reputation: 740Reputation: 740Reputation: 740
Quote:
Originally Posted by RandomTroll View Post
I see that uMatrix has blocked a number of domains without my instruction.
Check the Assets tab of the settings - there are default blacklists for malware/etc there.

(It might also use Filter lists from uBlock Origin.)


Quote:
The Linux HOWTO on firewalls is 20 years old; I've never heard of Pi-hole. Where's a good place to start for the newbie who doesn't want to learn everything?
There are different words for people who are new and people who don't want to learn, and "Registered: Mar 2010 / Distribution: Slackware" is not the sign of a newbie. :|

I find Digital Ocean guides useful, here's one for setting up UFW: https://www.digitalocean.com/communi...w-on-debian-10
(I'm fairly sure the "on Debian" part only applies to the install step.)

 
1 members found this post helpful.
Old 11-26-2020, 08:52 AM   #11
crts
Senior Member
 
Registered: Jan 2010
Posts: 1,965

Rep: Reputation: 709Reputation: 709Reputation: 709Reputation: 709Reputation: 709Reputation: 709Reputation: 709
Quote:
You didn't ask that, you asked how to block google.com
Quote:
Originally Posted by RandomTroll View Post
In the subject line I asked that.
That is just rude. Everyone with common sense knows that the subject line is a rough hint about the topic. The real question is actually asked in the initial post. Put some effort in your question and do not try to twist this like the members who have helped you have a comprehension problem.

Last edited by crts; 11-26-2020 at 08:57 AM.
 
1 members found this post helpful.
Old 11-26-2020, 01:48 PM   #12
RandomTroll
Senior Member
 
Registered: Mar 2010
Distribution: Slackware
Posts: 1,539

Original Poster
Rep: Reputation: 244Reputation: 244Reputation: 244
Quote:
Originally Posted by boughtonp View Post
There are different words for people who are new and people who don't want to learn, and "Registered: Mar 2010 / Distribution: Slackware" is not the sign of a newbie.
Linux is an ocean: no one knows all its currents. I'm an expert in some things, not all, and I have other endeavors. I want to learn, just not everything. I repair my own automobile, am an expert on much of how it works, but not on other matters automotive, such as automatic transmissions and fuel injectors, don't care to learn.

Quote:
Originally Posted by boughtonp View Post
I find Digital Ocean guides useful, here's one for setting up UFW: https://www.digitalocean.com/communi...w-on-debian-10
See? You have an answer. Thanks.

Quote:
Originally Posted by crts View Post
That is just rude.
No it isn't; it isn't even disagreeable, just a disagreement.

Quote:
Originally Posted by crts View Post
Everyone with common sense knows
Quote:
Common sense is the set of prejudices acquired by age 18.
Einstein. To evoke 'common sense' is to give up trying to make a useful argument.

Quote:
Originally Posted by crts View Post
the subject line is a rough hint about the topic. The real question is actually asked in the initial post.
I disagree. The subject line is the most important line in a post. If it's a crummy one, I don't even look.
 
Old 11-27-2020, 02:09 AM   #13
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 16,665
Blog Entries: 10

Rep: Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923Reputation: 4923
Quote:
Originally Posted by RandomTroll View Post
I see that uMatrix has blocked a number of domains without my instruction.
UMatrix works on a whitelist principle, not blacklist.
 
Old 11-27-2020, 08:28 AM   #14
boughtonp
Member
 
Registered: Feb 2007
Location: UK
Distribution: Debian
Posts: 967

Rep: Reputation: 740Reputation: 740Reputation: 740Reputation: 740Reputation: 740Reputation: 740Reputation: 740
Quote:
Originally Posted by ondoho View Post
UMatrix works on a whitelist principle, not blacklist.
It can work both ways.

For scripts the default is that third-party domains needs to be whitelisted.

But even if you whitelist the whole script column, known bad domains remain blacklisted (dark red) and their scripts don't load (unless you override it).

 
Old 11-27-2020, 11:38 AM   #15
teckk
Senior Member
 
Registered: Oct 2004
Distribution: FreeBSD Arch
Posts: 3,281

Rep: Reputation: 984Reputation: 984Reputation: 984Reputation: 984Reputation: 984Reputation: 984Reputation: 984Reputation: 984
https://www.lifewire.com/what-is-the...-google-818153
https://md5calc.com/google/ip
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix: block outgoing mail to any domain except one bas_at_cipix Linux - Server 2 05-11-2012 10:50 AM
How to block all outgoing port 25 except internal mail server. sattech2000 *BSD 9 04-25-2011 10:23 AM
Block all outgoing requests from IP. (iptables+OpenVZ) sappi Linux - General 3 01-10-2010 03:50 PM
IPtables - block subdomains (a.domain.com, b.domain.com, c.domain.com,...) benjalien Linux - Networking 6 06-24-2009 08:03 AM
Which qmail log file details outgoing mail? (have huge outgoing mail volume) hilljockey Linux - Server 2 12-08-2008 05:26 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration