Hello,

On Thu, 13 May 2021, Walter Dnes wrote:
[..]
>  And maybe either stop logging Facebook, or else log iptables messages
>to a separate file (how is that done?).  The Facebook tracker messages
>are generated by iptables rules...
>
>-A INPUT -s 31.13.24.0/21 -j FECESBOOK
>-A INPUT -s 31.13.64.0/18 -j FECESBOOK
[..]
>-A OUTPUT -d 31.13.24.0/21 -j FECESBOOK
>-A OUTPUT -d 31.13.64.0/18 -j FECESBOOK

FWIW:

For one: why not filter the iptables messages into a seperate logfile?

E.g. for syslog-ng (you'll need to add the filter to other
filters/log, having them in the filters you can use those
more intuitively):

====
filter f_iptables   { facility(kern) and message("IN=") and message("OUT="); };
filter f_console    { ... and not filter(f_iptables); }
filter f_messages   { ... and not filter(f_iptables); };
filter f_warn       { ... and not filter(f_iptables); };
[..]
log { source(src); source(chroots); filter(f_messages); destination(messages); 
};

# Firewall (iptables) messages in one file:
destination firewall { file("/var/log/firewall" suppress(30)); };
log { source(src); source(chroots); filter(f_iptables); destination(firewall); 
};
====

You might be logging more specifically, so you could add more specific
filters. That's what those filters (and log-prefixes in iptables) are
for after all :)

Also add a matching logrotate entry:

====
/var/log/firewall {
    delaycompress
    missingok
    notifempty
    size +4096k
    sharedscripts
    postrotate
        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
    endscript
}
====

or some such as /etc/logrotate.d/firewall (or however you name you
iptables-logfile.

And second, how about setting up a local dnsmasq to send all fb-crap
to NXDOMAIN on the DNS-level?

==== dnsmasq.conf or e.g. /etc/dnsmasq.d/blocklist.conf [1] ====
address=/fb.com/
address=/fb.me/
address=/facebook.net/
address=/facebook.de/
address=/facebook.fr/
address=/facebook.co.uk/
address=/facebook.com/
address=/fbcdn.net/
address=/instagram.com/
address=/instagram.de/
address=/whatsapp.de/
address=/whatsapp.com/
address=/whatsapp.net/
====

That has the effect that all (sub-)domains with those names give
NXDOMAIN, i.e. are non-existant. Compare to:

$ nslookup there.is.no.such.domain.invalid

Depending on what sites you visit, you might add more domains like
e.g. facebook.ca, facebook.mx, facebook.es or whatever fb-domains
sites that you visit include...

Just as ideas,
-dnh

[1] you'll need a matching conf-dir or conf-file directive, preferably
    at the end of the main /etc/dnsmasq.conf then, I use:
    ====
    conf-dir=/etc/dnsmasq.d,*.conf
    ====
    which includes all *.conf files from /etc/dnsmasq.d/ (and ignores
    other files there like *.conf~ or Makefile or whatnot, so you can
    be creative and e.g. generate your blocklist from a simple list of
    domains ;) E.g.:
    ==== /etc/dnsmasq.d/Makefile
    all: blocklist.conf
    blocklist.conf: blocklist.conf.in
        sort -u $< | sed 's@\(.*\)@address=/&/@' > $@
    ====

    You get the ideas ;) (and if not: ask!)

-- 
Of course. Anything with more than 2 buttons is too complex. This includes
things with 2 or less buttons. This may include clothing.  -- Satya

Reply via email to