0

I've been working on a solution to this for weeks, and I'm about to say screw it and write a python app that can actually block IP addresses, because so far nothing seems to work like it's supposed to.

/etc/hosts can't block a range of IP addresses, nor can it block the URL I'm trying to block, and there doesn't seem to be a decent GUI that can manage iptables locally without insecurities like ssh (fwbuilder) that isn't unavailable (firestarter).

So I'm stuck to using gufw which in itself doesn't want to work:
The site shown is an ad cdn I'm trying to block for an app I use. (the log is empty)

I think I'm starting to understand why every search I do refers to cumbersome terminal solutions like ufw or iptables...

Is there any way to actually get gufw to work like it's supposed to??

Tcll
  • 735
  • 1
  • 7
  • 15
  • To block a site like that in your /etc/hosts you add the line and make it go to loopback (127.0.0.1) or 0.0.0.0 so the entry looks like 127.0.0.1 a-us00-kxcdn.com. That way when the app tries to make the call back to the ad it is routed to 127.0.0.1 instead. – Terrance Nov 27 '19 at 23:36
  • @Terrance trust me, I've tried that (both localhost and 0.0.0.0), though honestly most seem to recommend iptables over /etc/hosts anyways, and I've used it before (it's quite a hassle) so I know it works better. – Tcll Nov 27 '19 at 23:40
  • Look into using something like pihole to block ads. – Terrance Nov 27 '19 at 23:51
  • @Terrance that's exactly what I'm trying to replicate... does linux really have that big of an unmanageable security hole that the only easy solution is a pihole or pfsense? – Tcll Nov 27 '19 at 23:53
  • Not that I'm aware of. You can do it, but your question lacks exact layout of how you tried to block those sites in your hosts file. All I can do it guess on how you did it. I have other ways I block on mine off more at the router level with extra hosts files that contain all that how I laid it out in my first comment. – Terrance Nov 28 '19 at 00:03
  • honestly, I'm more interested in disabling the hosts file and relying independently on iptables through some sort of manager that does it's job well. so right now my hosts file is blank (or what it initially contained) after removing everything... really the only thing that worked there was 127.0.0.1 68.70.205.# for however many entries I had to add, although that stopped working when I got to .30 – Tcll Nov 28 '19 at 00:10
  • now that I'm a little less perturbed about gufw, and just more genuinely annoyed by the whole ordeal of how difficult blocking trackers is, I just realized I probably should've mentioned I disabled dnsmasq as an older recommendation I read mentioned, however I also read about nsswitch, which I have configs for, but not in the layout everyone recommends for disabling it, just to make hosts work properly. – Tcll Nov 28 '19 at 00:39
  • You might be blocking the wrong thing and need to only block kxcdn.com instead. I have been looking at the blocking hosts files I have and a lot of them are blocking the domains that are involved instead of individual hosts. I have mine using the dnsmasq since it is capable of loading as many hosts files as I want. Right now my router which runs Linux is blocking just over 63,000 sites. – Terrance Nov 28 '19 at 01:30
  • trust me, I got that too kxcdn.com actually has a completely different IP that doesn't actually show up in wireshark when the ad requests are made... although I'd only blocked the url and not the ip... still though, I have the 68.70.205.xx IP blocked, meaning I should be seeing requests (maybe) with no responses... I'm actually not sure if wireshark would display the blocked requests, since I assume it catches them before they're blocked... – Tcll Nov 28 '19 at 01:47

1 Answers1

0

The short answer:
Don't Bother.

The long answer:
Nobody in the linux security space focuses on making a sensible UI for less-informed users that functions appropriately for local management.
Remove ufw and gufw, and rely strictly on iptables.

If you want something easy that works like you'd expect it to, focus on a rules file for iptables:
(please don't use your home directory like my example shows, use a higher privileged directory like /etc/)

This is no more tedious (and is the recommended method) than modifying hosts, other than of course having to execute the command $ sudo iptables-restore < /home/tcll/rules every time a change is made.
(note that I used the directory relative to the image, you'll want to change this to something like /etc/rules)

If you already have a ton of rules saved and want to export them, use $ sudo iptables-save > /home/tcll/rules with your directory of course.
(you'll want to prune these if you previously used gufw because ufw destroys it with tons of params)

This solution was the only thing that worked for me before, and continues to prove itself after 6 years.

Tcll
  • 735
  • 1
  • 7
  • 15