4

Can anyone give a step-by-step how-to that explains how to

  1. block all outgoing internet traffic to all websites, but allows only a selected list (needed for working, fi. online dictionaries)
  2. allows Dropbox and Ubuntu One to do their job (so backups will not be lost and things get synced)
  3. that can be switched off easily after a period of hard work

I have no knowledge whatsoever of networking, about hosts, IPs, subnets, subnetmasks, ports, ipconfig or whatever. In the past I always used firestarter to block all my outgoing traffic apart from a few webpages. Firestarter does not do the trick anymore. If I add an outgoing whitelist the policies just don't apply. With gufw I can't work because it is overtly complicated.

The use case: I need to stay focused on my work and thus I need easy access to the internet to be less easy. Thanks in advance on behalf of all networking noobs.

Edit/Update on why gufw is hard to use

What is hard to understand on gufw is how to define policies. In the Add Rules dialogue I do not understand

  • in the simple tab, whether I should choose TCP or UDP or both. Whether I should choose a port or a service, what the dangers are of this and how to find the name of this port or service
  • in the advanced tab, whether I should choose TCP or UDP or both and what the values of the from and to fields should be (especially the port number). Also why should I specify a from field? That's localhost right?
Community
  • 1
don.joey
  • 28,662
  • 2
    What documentation are you following on gufw and what part do you not understand? Without a specific question we would be repeating the documentation you are already reading. Also, for the most part, the firewall in Linux is not designed to block / allow sites, although you can do so, most people use a proxy. To use iptables (gufw) you need a white list of servers (ip addresses + port). If you do not understand networking try http://bodhizazen.net/Tutorials/iptables – Panther Jul 30 '13 at 16:28
  • OK. You make an absolutely valid point. I'll edit. A proxy is fine for me too. Thanks for the nice webpage. – don.joey Jul 31 '13 at 07:11
  • 1
    A firewall is probably overkill here. Unless you're using using lots of non-browser based time sinks, you can find browser addons which can impose various restrictions. See, eg, LeechBlock for Firefox (blacklists sites rather than a whitelist, but I expect you can find a whitelist if you prefer). – chronitis Jul 31 '13 at 08:36
  • @bodhi.zazen I read the page you offered. Interesting. A tiny bit too difficult for me. Quite frankly, firestarter is deprecated, but it did the job very intuitively for me. Do you feel like answering the question explaining how to allow dropbox and a few websites with gufw? Would really make my day. – don.joey Aug 08 '13 at 08:04
  • you need to know the ip address of the servers you want to allow. Allow server 1, allow server 2 ... then deny all. See also http://blog.bodhizazen.net/linux/firewall-ubuntu-gufw/ – Panther Aug 08 '13 at 15:36
  • @bodhi.zazen I can't access that website. I am trying to split the quesiton up. First part = http://askubuntu.com/questions/330066/how-to-block-all-but-one-or-two-websites-without-browser-extensions?lq=1 – don.joey Aug 09 '13 at 14:44

1 Answers1

3

This is not the first time somebody wanted to block the distraction of the internet while allowing some websites. Projects like SelfControl and FocalFilter have existed for a while. There has been a port to Linux of SelfControl and we have a few questions that travel down the same path:

Community
  • 1
Oli
  • 293,335
  • Hi Oli, I know these services and I will most likely resort temporarily to leechblock. I know, however, it can also be done with a firewall (thus also blocking games, rss and the like). Any idea on how to do that? – don.joey Aug 08 '13 at 08:43
  • The self-control port is a firewall-based solution. – Oli Aug 08 '13 at 09:37
  • I'd have to retry self-control. I tried it a month ago on 13.04, but it had several bugs. – don.joey Aug 08 '13 at 09:43
  • 1
    Update: the current trunk of self-control is working again on 13.04. I think Ubuntu needs a mature application that not only controls network activity, but applications as such. – don.joey Aug 20 '13 at 19:24