LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-11-2004, 06:01 PM   #1
Dog Byte
LQ Newbie
 
Registered: Jan 2004
Location: The Great White North
Distribution: RedHat 9
Posts: 10

Rep: Reputation: 0
How do I blocks sites just like ZoneAlarm?


I'm trying to block some sites so that I don't have to look at annoying ads and such. On my Windows machine I had ZoneAlarm Pro and could add sites to the restricted zone.

Now I've added a RH9 system to my collection and I'm using iptables to do the same using the command:

Code:
iptables -A OUTPUT -d <some addr> -p tcp -j REJECT
This does work but the browser (Mozilla 1.5) takes a long time (~4s) and seems to time out or retry instead accepting the REJECT and moving on. On Windows Mozilla immediately stops trying. So I'm wondering how ZoneAlarm rejects the outbound request. I've tried that various reject-with options but they all have the same effect. Using DROP causes a very long time out (~30s) as I would expect.

Thanks.
 
Old 01-11-2004, 06:39 PM   #2
heema
Senior Member
 
Registered: Sep 2003
Location: Egypt
Distribution: Arch
Posts: 1,528

Rep: Reputation: 47
you could use guarddog , its a very good firewall and it let u avoid the hastle of dealing with cryptic shell scripts and ipchains/iptables parameters.

http://www.simonzone.com/software/guarddog/
 
Old 01-11-2004, 06:52 PM   #3
J_Szucs
Senior Member
 
Registered: Nov 2001
Location: Budapest, Hungary
Distribution: SuSE 6.4-11.3, Dsl linux, FreeBSD 4.3-6.2, Mandrake 8.2, Redhat, UHU, Debian Etch
Posts: 1,126

Rep: Reputation: 58
Mozilla 1.5 can be configured so as not to download images (and pop-up windows) from sites you specify.
Maybe that is what you want.

I myself use the squid proxy server, which, in addition to letting me specify an acl to deny source domains (and much more), also lets me analize my traffic (it prepares a log file with all information on files downloaded during browsing), so I can determine what deserves denying, and, finally, it maintains a very efficient local cache of downloaded files, so it gives me a high speed increase during browsing.

Last edited by J_Szucs; 01-11-2004 at 06:55 PM.
 
Old 01-12-2004, 12:14 PM   #4
Dog Byte
LQ Newbie
 
Registered: Jan 2004
Location: The Great White North
Distribution: RedHat 9
Posts: 10

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by heema
you could use guarddog , its a very good firewall and it let u avoid the hastle of dealing with cryptic shell scripts and ipchains/iptables parameters.

http://www.simonzone.com/software/guarddog/
Thanks. Maybe I'll try it and see what rules it generates.
 
Old 01-12-2004, 12:19 PM   #5
Dog Byte
LQ Newbie
 
Registered: Jan 2004
Location: The Great White North
Distribution: RedHat 9
Posts: 10

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by J_Szucs
Mozilla 1.5 can be configured so as not to download images (and pop-up windows) from sites you specify.
Maybe that is what you want.
The problem isn't really images since I can turn off animation. The problem is flash programs which sing and dance and work so hard to distract you. I took out the flash plugin just for that reason but now many sites need flash for site navigation.
 
Old 01-12-2004, 12:42 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
You'll like Privoxy then. Successor to Junkbuster it's a filtering (but non-caching) proxy. Can block, explicitly or using regexes, TLD's, domains, subdomains, directories. Can filter, applied general or per site, for any Javascript, CSS, popups, pop-unders, Flash, movies and whatnot. On top of that it gives you rewrite rules.
Stupid example: s/microsoft(?!.com)/MicroSuck/ig.


BTW, I'll be moving this thread to the Linux - General forum: it isn't a security issue.
 
Old 01-12-2004, 03:02 PM   #7
Dog Byte
LQ Newbie
 
Registered: Jan 2004
Location: The Great White North
Distribution: RedHat 9
Posts: 10

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by unSpawn
You'll like Privoxy then. Successor to Junkbuster it's a filtering (but non-caching) proxy. Can block, explicitly or using regexes, TLD's, domains, subdomains, directories. Can filter, applied general or per site, for any Javascript, CSS, popups, pop-unders, Flash, movies and whatnot. On top of that it gives you rewrite rules.
Stupid example: s/microsoft(?!.com)/MicroSuck/ig.


BTW, I'll be moving this thread to the Linux - General forum: it isn't a security issue.
Thanks, I'll look at Privoxy. I guess it's not security -- I just like to keep the riffraff out.
 
Old 01-12-2004, 03:11 PM   #8
quatsch
LQ Addict
 
Registered: Aug 2003
Location: New York, NY
Distribution: gentoo, gentooPPC
Posts: 1,661

Rep: Reputation: 48
there are a couple of extensions for Mozilla/Mozilla-Firebird that can block flash and other annoying stuff. I use 'Flash click to view'. Go to
http://extensionroom.mozdev.org/
to find the extensions. Loads of cool stuff.
 
Old 01-15-2004, 02:06 PM   #9
R4z0r
Member
 
Registered: Jan 2002
Distribution: CentOS 3.1
Posts: 119

Rep: Reputation: 15
Either add the sites to /etc/hosts.deny add an entry in your /etc/hosts file liek this:

127.0.0.1 website.you.want.to.block
 
Old 01-16-2004, 02:42 AM   #10
Skunk_Face
Member
 
Registered: Jan 2004
Posts: 54

Rep: Reputation: 15
I dont know if this will work to solve you problem....but you could try to use

REJECT -reject--with tcp-reset

this could send the reset packet to your browser and avoid the delayed response.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
are any programes like Zonealarm or Babylon available for linux? billgnu Linux - Newbie 14 11-05-2009 12:30 AM
bad blocks bong.mau Linux - General 1 11-16-2005 02:17 PM
ZoneAlarm blocks Firefox but not Outlook Express (dialup) lrt2003 General 3 12-14-2004 12:25 AM
easy firewall like sygate or zonealarm ? cmorey Linux - Software 2 10-08-2004 10:19 PM
cygwin ssh and zonealarm Cass Linux - Newbie 1 01-24-2004 08:14 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration