[ale] Blocking ad sites with ipchains
smn
smnoldelinux at mediaone.net
Mon Nov 29 22:12:42 EST 1999
OK, I found it... from the IPCHAINS HOWTO:
4.2 Useful Examples
I have a dialup PPP connection (-i ppp0). I grab news (-p TCP -s
news.virtual.net.au nntp) and mail (-p TCP -s
mail.virtual.net.au pop-3) every time I dial up. I use Debian's FTP
method to update my machine regularly (-p TCP -y -s
ftp.debian.org.au ftp-data). I surf the web through my ISP's proxy while
this is going on (-p TCP -d proxy.virtual.net.au 8080),
but hate the ads from doubleclick.net on the Dilbert Archive (-p TCP -y
-d 199.95.207.0/24 and -p TCP -y -d 199.95.208.0/24).
I don't mind people trying to ftp to my machine while I'm online (-p TCP
-d $LOCALIP ftp), but don't want anyone outside pretending to have an IP
address of my internal network (-s 192.168.1.0/24). This is commonly
called IP spoofing, and there is a better way to protect yourself from
it in the
2.1.x kernels and above: see How do I set up IP spoof protection?.
This setup is fairly simple, because there are currently no other boxes
on my internal network.
I don't want any local process (ie. Netscape, lynx etc.) to connect to
doubleclick.net:
# ipchains -A output -d 199.95.207.0/24 -j REJECT
# ipchains -A output -d 199.95.208.0/24 -j REJECT
#
- Scott
smn wrote:
>
> Basically, the pictures aren't loaded.
>
> However, if a web site sites behind a domain (or IP address) I've
> blocked then I can't get to it. There is no nasty message until the
> page times out. But if you are careful then you can successfully block
> the larger ad servers.
>
> I originally saw this syntax in a HOW-TO, either firewall or ipchains
> (but I couldn't find it mentioned recently in these docs!).
>
> - Scott
More information about the Ale
mailing list