Try this (filtering facebook.com DNS request): /sbin/iptables -t mangle -A POSTROUTING -m string --hex-string "|66616365626f6f6b03636f6d|" --algo bm -p udp --dport 53 -j DROP **** All sites with facebook plugin will be slowly! **** IMHO, with proxy applications (like Squid/Dansguardian) you have best results. With TCP/443 open, you greatly facilitates the use of tools such as UltraSurf. Change your proxy config to WPAD and deny tcp/443 FORWARD chain. 2012/9/18 John A. Sullivan III <jsullivan@xxxxxxxxxxxxxxxxxxx>: > On Tue, 2012-09-18 at 07:32 +0200, Jan Engelhardt wrote: >> On Tuesday 2012-09-18 03:54, Julien Vehent wrote: >> >> > On 2012-09-17 18:30, Usuário do Sistema wrote: >> >> Hello everyone, >> >> >> >> it's possible to drop traffic to facebook with iptables Layer7 ? I >> >> have done some test with Squid but I found some difficult because I'm >> >> using Transparent Proxy so maybe it been more easy to drop with >> >> iptables layer7. >> >> >> >> any tips is welcome......as well as some how to.... >> >> >> >> >> > >> > iptables -t filter -I FORWARD -p tcp --dport 80 -m string --string "host: >> > facebook.com" --icase --algo bm -j DROP >> > >> > Of course, this won't work with HTTPS connections. >> >> And easily kills the connection whenever there's "host: facebook.com" in >> the payload. Like... this mail, when read through a web archive. > <snip> > Isn't that where one would specify the offsets - not to mention more > efficient parsing? > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
