42
linuxxx
6y

And BAM. Wrote a quick'n dirty little php script which works with loads of shell_exec calls to block all ip addresses belonging to an ASN number.

For example: If I get Facebook's ASN number and use it as parameter for this script with a custom name (for the iptables chain), the script creates a chain called the custom name, adds all ip addresses/ranges it got from the whois lookup (on the ASN number) with DROP to iptables and then it adds that chain to the INPUT and OUTPUT chains.

I've done some tests and can indeed genuinely not reach Facebook at all anymore, Microsoft is entirely blocked out as well already 💜

Comments
  • 0
    Why are you blocking these sites? Is it for your company or local network?
  • 6
    @asgs Not those sites, all ip ranges belonging to those companies.

    And why? For one because I don't agree with the way they handle data/privacy and two, they're both integrated within the biggest mass surveillance network ever created

    This is on my home pc by the way.
  • 3
    Add Google to that list and you lock yourself out of half the internet (which isn't necessarily a bad thing).
  • 6
    @irene I tried it in pure bash but I'm still a have to learn a lot about it and I can write php of the top of my head because I love the language so why not? :)
  • 2
    @finiteAutomaton The only thing I would 'need' from Google are the captcha's and youtube, don't use anything from it except for those. L
  • 0
    @irene I know one which is hooktube.com but it still directly loads from a Google domain.

    Do you know any which don't?
  • 1
    @irene I solely noticed because I block any DNS queries with the word "google" and then hooktube stopped loading videos as well 😬, whitelisted googlevideo.com in my DNS server for now 😞
  • 2
    Could it be a script that you'd like to share?
  • 0
    @iKameo WhatsApp is owned by Facebook, so I believe his script would block it also, but I could be wrong about that.
  • 1
    @linuxxx you also need Google for their Maps service 😏😅
  • 0
    @Jilano it actually was an insider to the devmeetup im sorry. Linuxxx is also aware of those alternatives
  • 1
    so that is where your question of yesterday leaded to.

    the only problem with blanked excludes like this is the inconvience, there goes a lot of time into constantly finetuning stuff cause some random site uses some other random service you might want to actually use.
  • 1
    @BurnoutDV As long as that keeps me out of having to use mass surveillance integrated services, I'll take it any day.
  • 1
    @Flygger Yes! I'm going to try and out a self hosted gitlab instance up tonight.

    The only thing I'm asking is to give proper credit :) (will be open source, definitely)
  • 1
    @iKameo @infernalempress I searched but I noticed (WhatsApp and Instagram) some AWS ip addresses 😬
    Wrote a DNS (proxy) server with quite some blocking functionality for that, though 😁
Add Comment