Blocking ips/hosts


Forum: water cooler
Topic: Blocking ips/hosts
started by: Zucca

Posted by Zucca on Feb. 25 2007,12:03
Those who know, please list here the most simple ways to block all traffic from a specific ip/host. Incoming traffic and outcomming traffic.
Posted by mikshaw on Feb. 25 2007,14:57
I don't know if this is the simplest, but the /etc/hosts.deny file is pretty basic
< http://www.google.com/linux?h....=Search >

Posted by Zucca on Feb. 25 2007,16:30
Ok.
I can still access to a website I have blocked.
Now it seems I need to reload hosts.deny -file. How?

Posted by humpty on Feb. 25 2007,20:58
i think rcfirewall.dsl can do it. but i think it works in reverse, i.e it blocks everything, so you have to edit the script to let stuff through.
Posted by Zucca on Feb. 26 2007,04:39
What I wanted was a simple way to block few advertising hosts so that browsing the net would be nicer.
Anyway I ran rc.firewall and configured it, but I can still see those banners/ads.

Posted by mikshaw on Feb. 26 2007,14:40
using firefox?
If so, install adblock or adblock plus. This is perhaps the most  vital firefox extension available. It's especially helpful due to its ability to use wildcards, so you can set a filter < http://ads.* > to block all subdomains named "ads", or */banners/* to block all content from any directory named "banners"

I've honestly never used the host access files in Linux, but it just seemed like it would be the easiest way to block a host from any access to your machine.  For banners in a web browser, however, I tend to just let the browser block them. This might have to change eventually, though. It seems the more time goes by, the tougher we need to get with security, privacy, and annoyances.

Posted by humpty on Feb. 27 2007,03:11
>Anyway I ran rc.firewall and configured it, but I can still see those banners/ads.

Sometimes the ip address is not the same as the web IP address, e.g this-ad.com will be different from www.this-ad.com.

As a last resort you could try peerguard.dsl i submitted some time ago. (It requires iptables.dsl, and you will have to comment out PORTS_NOT_TO_BLOCK=80 from PG.conf)

Posted by Zucca on Feb. 28 2007,03:55
Quote (mikshaw @ Feb. 26 2007,11:40)
using firefox?
If so, install adblock or adblock plus.

No. I want it system wide.
Posted by Jason W on Mar. 05 2007,03:29
For me, the easiest way to block access to certain hosts is to modify the /etc/hosts file.  To block ads from, say, www.adserver.com just add this line to the /etc/hosts file:

127.0.0.1    www.adserver.com

Or if you want to block a certain smutserver, then add:

127.0.0.1   www.smutserver.com

You get the point.  This maps the address of the adserver or smutserver to your local loopback 127.0.0.1, and produces an instant "cannont find server" rather than taking you to their site, regardless of their IP or www address.
A good sample file is available online that blocks thousands of adware sites.  Go to:

< http://hostsfile.mine.nu/ >

for an example hosts file that contains over 50.000 ad sites.   It works without delay on a router/server even with minimal resources, and does not slow down your browsing.  It in fact speeds it up by not displaying all those resource hogging ad graphics.  On a desktop pc I would add entries to the /etc/hosts file judiciously, though, since it slows down a desktop machine for some reason if the /etc/hosts file is big.  I use this procedure with my floppfw router and it works well at blocking most ads.

Posted by mikshaw on Mar. 05 2007,15:42
keep in mind that if you happen to be running a webserver on your localhost, the 127.0.0.1 address is not the best choice. You'll probably want to change it to something that doesn't exist
Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.