Technical Discussion
  >> Linux Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | (show all)   Print Thread
Standard User billford
(elder) Tue 17-Nov-15 22:51:55
Print Post

GUFW


[link to this post]
 
Linux Mint 17.2.

I want to prevent a machine establishing a connection to a specific IP address on the internet. It would take to long to explain why, but it's legit- I just don't have control over the app that's doing it.

I looked at iptables and I'd be waaay out of my depth, anyone know if I could do it with GUFW?

It looks easy enough, but I've heard that before... frown

Bill
A level playing field is level in both directions.

_______________________________________Planes and Boats and ... ______________BQMs: IPv4 IPv6
Standard User BatBoy
(sensei) Wed 18-Nov-15 09:06:46
Print Post

Re: GUFW


[re: billford] [link to this post]
 
Looks simple enough http://notepad2.blogspot.co.uk/2012/02/linux-block-o...
Standard User dandnsmith
(experienced) Wed 18-Nov-15 09:10:00
Print Post

Re: GUFW


[re: billford] [link to this post]
 
I think I'd try setting an entry in the hosts file to translate the unwanted address to 127.0.0.1 (ie loopback), and ensure that the hosts file gets higher in the resolution than outside dns.

Derek


Register (or login) on our website and you will not see this ad.

Standard User TinyMongomery
(experienced) Wed 18-Nov-15 09:29:30
Print Post

Re: GUFW


[re: dandnsmith] [link to this post]
 
That only works for a URL, not an IP address.

@OP - It should be simple. Just configure an advanced rule denying access, outbound, to that particular address. Leave the port blank. It translates to the rule:

ufw deny to 1.2.3.4

(substitute the appropriate address!).
Standard User billford
(elder) Wed 18-Nov-15 09:50:41
Print Post

Re: GUFW


[re: dandnsmith] [link to this post]
 
That was my first thought, but the app authors thought of it as well- the app uses an IP address not a hostname tongue

Bill
A level playing field is level in both directions.

_______________________________________Planes and Boats and ... ______________BQMs: IPv4 IPv6
Standard User billford
(elder) Wed 18-Nov-15 09:57:01
Print Post

Re: GUFW


[re: BatBoy] [link to this post]
 
I saw that page, and others saying the same thing, but I didn't have any luck from the command line- just error messages which did nothing to improve my understanding of what I was doing wrong frown

GUFW seems to be working (by default it blocks all incoming, so I had to allow a few like Samba etc), but so far the app is being unco-operative and not trying to contact the IP I think I've blocked mad

Sod's Law of course… but I can be patient tongue

Bill
A level playing field is level in both directions.

_______________________________________Planes and Boats and ... ______________BQMs: IPv4 IPv6
Standard User BatBoy
(sensei) Wed 18-Nov-15 09:57:52
Print Post

Re: GUFW


[re: billford] [link to this post]
 
In reply to a post by billford:
I saw that page,
Why am I not surprised?
Standard User billford
(elder) Wed 18-Nov-15 09:58:45
Print Post

Re: GUFW


[re: TinyMongomery] [link to this post]
 
That's what (I hope) I've done, see my reply to Batboy.

Bill
A level playing field is level in both directions.

_______________________________________Planes and Boats and ... ______________BQMs: IPv4 IPv6
Standard User billford
(elder) Wed 18-Nov-15 09:59:47
Print Post

Re: GUFW


[re: BatBoy] [link to this post]
 
grin

Bill
A level playing field is level in both directions.

_______________________________________Planes and Boats and ... ______________BQMs: IPv4 IPv6
Standard User BatBoy
(sensei) Wed 18-Nov-15 10:08:09
Print Post

Re: GUFW


[re: billford] [link to this post]
 
It seems to be missing "out"
Pages in this thread: 1 | 2 | (show all)   Print Thread

Jump to