Forum: water cooler
Topic: Blocking ips/hosts
started by: Zucca
Posted by Zucca on Feb. 25 2007,12:03Those who know, please list here the most simple ways to block all traffic from a specific ip/host. Incoming traffic and outcomming traffic.
Posted by mikshaw on Feb. 25 2007,14:57I don't know if this is the simplest, but the /etc/hosts.deny file is pretty basic
< http://www.google.com/linux?h....=Search >
Posted by Zucca on Feb. 25 2007,16:30Ok.
I can still access to a website I have blocked.
Now it seems I need to reload hosts.deny -file. How?
Posted by humpty on Feb. 25 2007,20:58i think rcfirewall.dsl can do it. but i think it works in reverse, i.e it blocks everything, so you have to edit the script to let stuff through.
Posted by Zucca on Feb. 26 2007,04:39What I wanted was a simple way to block few advertising hosts so that browsing the net would be nicer.
Anyway I ran rc.firewall and configured it, but I can still see those banners/ads.
Posted by mikshaw on Feb. 26 2007,14:40using firefox?
If so, install adblock or adblock plus. This is perhaps the most vital firefox extension available. It's especially helpful due to its ability to use wildcards, so you can set a filter < http://ads.* > to block all subdomains named "ads", or */banners/* to block all content from any directory named "banners"
I've honestly never used the host access files in Linux, but it just seemed like it would be the easiest way to block a host from any access to your machine. For banners in a web browser, however, I tend to just let the browser block them. This might have to change eventually, though. It seems the more time goes by, the tougher we need to get with security, privacy, and annoyances.
Posted by humpty on Feb. 27 2007,03:11>Anyway I ran rc.firewall and configured it, but I can still see those banners/ads.
Sometimes the ip address is not the same as the web IP address, e.g this-ad.com will be different from www.this-ad.com.
As a last resort you could try peerguard.dsl i submitted some time ago. (It requires iptables.dsl, and you will have to comment out PORTS_NOT_TO_BLOCK=80 from PG.conf)
Posted by Zucca on Feb. 28 2007,03:55
No. I want it system wide.
Posted by Jason W on Mar. 05 2007,03:29For me, the easiest way to block access to certain hosts is to modify the /etc/hosts file. To block ads from, say, www.adserver.com just add this line to the /etc/hosts file:
Or if you want to block a certain smutserver, then add:
You get the point. This maps the address of the adserver or smutserver to your local loopback 127.0.0.1, and produces an instant "cannont find server" rather than taking you to their site, regardless of their IP or www address.
A good sample file is available online that blocks thousands of adware sites. Go to:
< http://hostsfile.mine.nu/ >
for an example hosts file that contains over 50.000 ad sites. It works without delay on a router/server even with minimal resources, and does not slow down your browsing. It in fact speeds it up by not displaying all those resource hogging ad graphics. On a desktop pc I would add entries to the /etc/hosts file judiciously, though, since it slows down a desktop machine for some reason if the /etc/hosts file is big. I use this procedure with my floppfw router and it works well at blocking most ads.
Posted by mikshaw on Mar. 05 2007,15:42keep in mind that if you happen to be running a webserver on your localhost, the 127.0.0.1 address is not the best choice. You'll probably want to change it to something that doesn't exist