LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-13-2013, 09:04 AM   #1
strugglingbadly
LQ Newbie
 
Registered: Sep 2010
Posts: 3

Rep: Reputation: 0
using iptables to restrict my browser to a limited list of websites


I have a second partition on my computer with an Ubuntu 12.10 system installed. I select and use this system exclusively for online banking. How can I set up the iptables to confine the browser to communicating only with these online bank sites?
 
Old 04-13-2013, 09:28 AM   #2
bhaslinux
Member
 
Registered: Oct 2003
Location: UnitedKingdom
Distribution: Debian Lenny
Posts: 351

Rep: Reputation: 47
use a squid proxy server and setup browser to use the local proxy server
Setup squid to run as a special user
Configure acl on squid proxy to allow only banking sites
configure iptables to match
-o <interf> -m owner --uid-owner <your current login> -j DROP
-o <interf> -m owner --uid-owner <your squid id> -j ACCEPT

to test, if you open a terminal, it will not be able to ping anybody and wget will not work saying it cannot resolve the ip but you will be able to browse
Now <only> squid packets will go through. You can keep logs of what is allowed etc., and selectively allow sites via squid !
Enjoy!
 
Old 04-13-2013, 11:00 AM   #3
strugglingbadly
LQ Newbie
 
Registered: Sep 2010
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks for that bhaslinux - unfortunately I didn't understand a single bit of it. Note my name!

No idea what a squid is or aci and dont even know where to find the iptables yet - let alone how to set them up. Thats what i'm trying to learn.
 
Old 04-13-2013, 08:08 PM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,417

Rep: Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397
If you're doing only online banking in that install, that would imply a limited set of sites you go to.
Simple soln is to type in (do not copy and paste what appears to be a correct link) the site for each bank, and when it comes up, bookmark it.
From then on, only use your bookmark and never use that install for anything else.
I'd also advise adding NoScript, Https-Everywhere and possibly Ghostery to your Firefox.
Have FF block images and cookies, then allow specifically only(!) those you need to make the bank sites work.

No need to mess with iptables.

Last edited by chrism01; 04-18-2013 at 09:33 AM. Reason: typo
 
Old 04-18-2013, 01:27 AM   #5
bhaslinux
Member
 
Registered: Oct 2003
Location: UnitedKingdom
Distribution: Debian Lenny
Posts: 351

Rep: Reputation: 47
Smile

Quote:
Originally Posted by strugglingbadly View Post
Thanks for that bhaslinux - unfortunately I didn't understand a single bit of it. Note my name!

No idea what a squid is or aci and dont even know where to find the iptables yet - let alone how to set them up. Thats what i'm trying to learn.
squid is a proxy server. This runs in your local system and allows connections to go through. It has acl (access control list) which can be configured to block/selectively-allow websites).
 
Old 05-01-2013, 12:47 PM   #6
strugglingbadly
LQ Newbie
 
Registered: Sep 2010
Posts: 3

Original Poster
Rep: Reputation: 0
Hi all

Thanks for your help, and my apologies for my delay in replying to your posts - been a bit busy with other stuff.

chrism01 - have set it up as you suggest. I'm familiar with noscript etc so no problems there.

bhaslinux - sounds as though it's beyond my modest abilities so I think i'll steer well clear of that approach!

thanks again.
 
Old 06-26-2013, 06:37 AM   #7
warkruid
LQ Newbie
 
Registered: Jun 2013
Location: netherlands
Distribution: slackware puppy debian
Posts: 2

Rep: Reputation: Disabled
You could also take a look at https://github.com/warkruid/lockdown‎
A simple iptables firewall script to use when you are banking online. This script limits traffic from and to your computer to a set of ipadresses you define.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to access Websites that support only IE Browser in Fedora 17 linuxwhacko Fedora 5 01-01-2013 01:23 AM
[SOLVED] Why my Chrome browser can't remember websites I had viewed e3399 Linux - Newbie 6 12-02-2010 06:25 AM
how to restrict Mplayer file browser option kkpal Linux - Newbie 1 07-31-2008 10:13 AM
Apache2 - Restrict various websites the simple way bence8810 Linux - Server 2 08-29-2007 11:31 AM
Firefox browser closes on some websites Kristijan Linux - Software 3 07-15-2004 02:08 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration