How to block my computer from connecting TO a specific IP address?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to block my computer from connecting TO a specific IP address?
I was taking a peek at the active connections shown by the Firestarter GUI and noticed the following (the source is my computer):
Source Destination Port Service Program
192.168.0.112 66.235.133.42 80 HTTP
I closed all Internet related apps and the connection persisted. After a reboot it did not reconnect (yet).
The IP address appears to belong to esomniture.com - some sort of web analytics company.
So my question is... How do I prevent my computer from connecting to these rascals. I have found a lot of documentation regarding stopping inbound connections to services on my computer but not the other way. I have various filtering addons installed in Firefox however, this connection seems to be at a lower level as no program is specified as being responsible for the connection.
should force anything going from your machine to that ip to just be dropped for the session. It might require sudo and run by /sbin/iptables rather then iptables.
This of course assumes you are running iptables, this is only a temp fix, but let's see if it works first.
I will try that if/when the connection reappears. Otherwise I will have no idea if it works as desired.
Yes, I am running iptables - Firestarter is a GUI front end for it as I understand.
Further searching tells me that the offending web site uses tracking cookies. I clear all cookies when I close Firefox so I generally do not worry about them very much. I have explicitly added esomniture.com to Add Block Plus so I may never see it again.
However, I have your command example in my bag of tricks should some other rascal connection appear.
please note that the command I supplied is for the destination IP, if you want to block traffic coming from an ip you'd use -s instead of -d as -s states source IP.
In the interim I have tracked down my latest strange connection. It seems to that VMWare player and workstation phone home to be able to download updates and other necessary files on an as needed basis. Why the programs need to maintain a continuous HTTPS connection - who knows. I found the preference settings to turn off the phone home. I will keep the correct syntax in my bag of tricks and try it in the future.
Sorry about the case mistake there, it's useful to know iptables when it comes to being secure. VMWare does like to keep up to date and has caused other issues in the past but it's still a sweet piece of software relatively speaking, personally tho, license prices do put me off.
From what little I have looked into Iptables - it is hardly user friendly. I am running Firestarter in anal retentive mode where it stops everything unless I allow the connection. I have enabled HTTP, HTTPS, ssh, smb and a couple of others such as ftp to my ISP's speed test site. When I see a connection which I do not expect, such as the one from VMWare, I get a little perturbed and investigate.
As to VMWare... I purchased a license for Workstation on sale a couple of years back on Cyber Monday. I though I needed it to create virtual machines although I knew I could run them in the free Player. Turns out that Player can create new machines so I have the extra capabilities of Workstation although I do not really take advantage of them.
I have run Linux for many years - at least a Samba server for file and printer sharing - but until recently not as my primary OS. Now that I have a more capable machine (Dell XPS 8000 with an i7-860 processor and 8 GB of RAM) I am running Ubuntu 9.10 64 bit with an XP Pro VM for those few things I cannot yet run in Linux (such as some Flash enabled web sites).
Enough computer stuff for the moment. I have to do some TIG welding on a brake servo I am repairing for my 1980 MGB and I have to fabricate new wings for the wife's whirly gig goose. The recent winds have broken off two of them.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
How to block my computer from connecting TO a specific IP address?
