Alan McKinnon <alan.mckin...@gmail.com> [14-12-16 03:43]: > On 15/12/2014 18:47, meino.cra...@gmx.de wrote: > > Hi, > > > > this question is not related to a fully fledged, > > big local area network with DMZs and such. > > > > Even the word "firewall" seems to be a little too > > "huge and mighty" in this context to me. > > > > "The network" consists of a PC, which is connected > > to a FritzBox (cable, no Wifi/WLAN), which connects > > to the ISP (internet) and (same adress range) to a > > embedded system (eth1) > > > > There are two additional embedded systems, both on > > a separate interface (eth over usb: usb0 & usb1). > > > > I want to block (DROP or REJECT) the access to certain > > sites (the "noise" which is produced mostly by sites, > > which all exclusively "only want my best": ads, trackers, analysts > > and so on...) > > > > I tried different tools: fwbuilder, which locks up either itsself > > or my rulesset...I had to reboot and Shorewall, which definitely > > is a great tool....a little too great tool and much more capable > > as I am... ;) > > > > I am sure that the problems are mostly not the problems of the > > tools but mine. > > > > Is there any simple straight forward tool to just block accesses > > to certain sites? > > > > to do it network-wide: squid > > to do it on a per-pc per-browser basis: there's a large variety of > firefox plugins to chose from that will block this and allow that. It > seems to me this is the better approach as you want to stop your browser > chatting with sites who only have your best interest at heart :-) > > > Either way, the list of black and white lists gets very big very quick, > so chose your tool carefully. Try a bunch and pick one that makes sense > to you, bonus points if it comes with a community-supported blacklist > you can drop in, maintained by people whose POV matches your own. > > You don't want a classic firewall for this; firewalls are mostly built > to block based on address and port, this is not how you solve your problem > > -- > Alan McKinnon > alan.mckin...@gmail.com >
Hi Alan, thanks for reply! :) actually the thing is: There is a plugin called "NoScript" which constantly accesses secure.informaction.com, which is the author of this plugin. I tried a lot to block that access from inside firefox but did not find a way to do so (read: _I_ did not find... ;) If you know a plugin for firefox which is able to block accesses from all other plugins to certain sites of the internet I would be happy to check that out. I tried to block the accesses via iptable rules which DROP/REJECT the name and the IP-address of that site...no chance. The IP has not changed of that site... Wireshark still reports traffic to and from that site and following the TCP stream with wireshark shows, that the traffic has encrypted contents. The other access, which origin I haven't located exactly yet (its origin is in firefox (a plugin I think), is to s3-1.amazonaws.com. I also want to block this. Please what is the plugin of the large variety of plugins, which is able to block access of all other plugins to customer defined sites? Thank you very much in advance for any help. Best regards, Meino
