Facebook bypasses my firewall

lucmove · 12-07-2019, 06:09 PM

I am flummoxed. I run this script when I want to block my Internet connection:

#!/bin/bash
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

Everything stops. I can't check my email, I can't ping any address at all and I can't open any site... except Facebook. Facebook keeps opening as if noothing had happened. The Messenger won't work, but all other pages still open, even pages I don't think I ever opened before so they can't be cached.

Or can they? I just tested it here, on linuxquestions, and I can open and read threads I had never opened until now. Many of them. Does Firefox read all those posts and cache them preemptively?

I am posting this with firewall blocked. Let's see if it goes through...

lucmove · 12-07-2019, 06:10 PM

Yes, it still works. How is that possible? What am I doing wrong?

Code:

# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain LOGME (0 references)
target     prot opt source               destination         

Chain TRUSTED (0 references)
target     prot opt source               destination

astrogeek · 12-07-2019, 06:29 PM

Quote:

Originally Posted by lucmove

Yes, it still works. How is that possible? What am I doing wrong?

Code:

# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere        

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain LOGME (0 references)
target     prot opt source               destination         

Chain TRUSTED (0 references)
target     prot opt source               destination

You, or something running on your machine, told it to ACCEPT everything...

lucmove · 12-07-2019, 06:37 PM

Not me. Then who/what? I have no idea.

iptables -F should reset everything before the instructions to block it all.

astrogeek · 12-07-2019, 06:46 PM

Quote:

Originally Posted by lucmove

Not me. Then who/what? I have no idea.

iptables -F should reset everything before the instructions to block it all.

No one here can know, only you are sitting at the machine...

If you do iptables -F followed shortly by iptables -L, without opening anything else in between, does it flush all and remain flushed? Does it remain clear if you do nothing else? If so, do one thing at a time until it changes to try to find out what is changing it.

sevendogsbsd · 12-10-2019, 03:45 PM

A little late to the game but Facebook is a web site. ALL web traffic is stateless and there are no connections between client and web server other than those initiated by the client. Immediately after a request from the client, the server responds and that's it for the traffic. Facebook, or any web site for that matter, cannot initiate a connection to anyone.

Unless I misunderstood OPs post title...in which case "nevermind"

rnturn · 12-10-2019, 11:21 PM

Quote:

Originally Posted by lucmove

I am flummoxed. I run this script when I want to block my Internet connection:

#!/bin/bash
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

Everything stops. I can't check my email, I can't ping any address at all and I can't open any site... except Facebook. Facebook keeps opening as if noothing had happened. The Messenger won't work, but all other pages still open, even pages I don't think I ever opened before so they can't be cached.

Or can they? I just tested it here, on linuxquestions, and I can open and read threads I had never opened until now. Many of them. Does Firefox read all those posts and cache them preemptively?

I am posting this with firewall blocked. Let's see if it goes through...

How is the system that you're seeing FB pages on communicating with the Internet? If your Linux firewall is locked down as you've shown, you have a wifi router on the "clean" side of the firewall, and you're connecting to the internet through that "internal" wifi, then you do indeed have a mystery. If, on the other hand, you're using a laptop that's connecting to the wifi provided by your ISP-provided router, the firewall settings mean nothing---you're bypassing them. Are you certain this isn't the case?