Hi Tapio, see upstream response below for a workaround. The version in the current stable release is not affected by this bug.
Michael ----- Forwarded message from Lonnie Abelbeck <li...@lonnie.abelbeck.com> ----- Date: Fri, 26 Aug 2011 08:37:59 -0500 From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> To: Arno's IPTABLES firewall script <firew...@rocky.eld.leidenuniv.nl> Subject: Re: [Firewall] Fwd: Bug#639249: blocked-hosts loaded but does not block X-Mailer: Apple Mail (2.1084) Reply-To: Arno's IPTABLES firewall script <firew...@rocky.eld.leidenuniv.nl> Hi Michael, Yes, 1.8.8.o is ancient... the issue back then was blocked hosts only blocked by source address, which didn't block output traffic by destination address. This was changed in AIF 1.9.2h. As a workaround, this should work for Facebook via IPv4: -- Block Facebook from the AIF box: (AIF 1.8.8.o) HOST_DENY_TCP_OUTPUT="69.63.181.12>80 69.63.189.11>80 69.63.189.16>80" or for LAN clients: (AIF 1.8.8.o) LAN_INET_HOST_DENY_TCP="0/0>69.63.181.12:80 0/0>69.63.189.11:80 0/0>69.63.189.16:80" -- Any remaining blocked hosts by destination address can be implemented similarly for AIF 1.8.8.o. Lonnie -- Michael Hanke http://mih.voxindeserto.de -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
