Michal 'vorner' Vaner wrote:
DROP causes the packet to get blackholed without a trace. It sometimes
happens to packets on internet so it is usual to try again and again
until it succeeds or timeout (usually in tens of seconds) is reached.
That was the intention. The site in question is my banks site. And they
have a marketing survey company linked to their site which I want to
hide from. If I want to use the banks internet services, which I pay
for, I don't want third parties to snoop on my activities...
I read somewhere that the default timeout for a SYN request is 2 minutes.
Does this help?
I tried doing what you suggested:
iptables -A OUTPUT/INPUT -m iprange --src-range
66.235.128.0-66.235.159.255 -j REJECT
iptables -A OUTPUT/INPUT -m iprange --dst-range
66.235.128.0-66.235.159.255 -j REJECT
This should REJECT from both ends, no? But netstat says the connection
is established anyway...
With DROP it worked for the first page (it never showed up as SYN_SENT).
But when I logged (with DROP) in there would still be a SYN_SENT on port
443 (SSL) and firefox would wait for timeout.
Have a nice help
Thanks!
FYI, I tried using a firefox extension called Siteblock but it doesn't
work for "third party" access, only direct, it seems...
Best regards
Peter K
