Thursday, May 28, 2009

Blocking facebook (but not pidgin-facebookchat) with iptables

I wanted to be able to have an iptable rule to block me from using the internet (as part of a script I wrote to keep my nose to the grindstone) with a few exceptions. One was irc chats, as they're useful and don't really take up much time. The second is facebook chats. My script limits me to a certain amount of time with full internet access, and I found it annoying to constantly turn it on and off to see if my girlfriend was home from work yet.

Using the pidgin facebook plugin, I'm able to chat on facebook without the browser, but since the plugin uses http anyway, it will still be blocked. The trick that I'm using is that the User agent used by the facebook plugin is Opera, whereas I use firefox. So, I changed my iptables rule to match the user agent as well as the destination port.

iptables -A OUTPUT --protocol tcp --dport 80
-m string --string "User-Agent: Mozilla" --algo=kmp

This rule will block me from going to facebook when I've turned off access to the internet, but still allow me to chat.

No comments:

Post a Comment