Reco wrote: ... > This rule is wrong, assuming that you're trying to prevent your browser > to connect to 1.2.3.4: > > -A ufw-user-output -s 1.2.3.4/32 -j REJECT --reject-with icmp-port-unreachable > > "-s" means "source", and it'll only work if you have ip 1.2.3.4.
i don't have 1.2.3.4 and i have no idea how 1.2.3.4 is getting involved, it isn't a cloud service or hosting site just some completely unrelated site and i have no idea why it is being dragged into any of this unless there is some infection or redirection going on which i have no knowledge. i know i didn't put it in there, so it is either produced by the website generator code, some other library involved or the hosting service. i can't find it in any of the code i have so i don't think i'm doing this specifically, but i don't know how to narrow it down either. > What you should use is: > > -A ufw-user-output -d 1.2.3.4/32 -j REJECT --reject-with icmp-port-unreachable > > "-d" means destination. i'd be ok with just dropping it all. > I don't use ufw, so I cannot comment on how to specify "source" and > "destination" there. ok, thanks for commenting. not sure what i'll do yet. songbird