--
You received this message because you are subscribed to the Google Groups "QUIC Prototype Protocol Discussion group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to proto-quic+...@chromium.org.
To post to this group, send email to proto...@chromium.org.
For more options, visit https://groups.google.com/a/chromium.org/d/optout.
iptables -A FORWARD -p tcp -m tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j DROP
--
iptables -A FORWARD -p tcp -m tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j DROP
--
Hi Luis,
I had gone through your mail and implemented the changes in my iptables.
I have included these lines
-A FORWARD -p tcp -m tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j
DROP
-A FORWARD -p tcp -m tcp --dport 443 -m state --state NEW,RELATED,ESTABLISHED -j
DROP
and also
-A FORWARD -i eth1 -p udp -m udp --dport 80 -j DROP
-A FORWARD -i eth1 -p udp -m udp --dport 443 -j DROP
But still I am not able to stop access to facebook through google chrome.
--
On Sat, Feb 14, 2015 at 1:21 AM, Ashima Loomba <ashl...@gmail.com> wrote:Hi Luis,
I had gone through your mail and implemented the changes in my iptables.
I have included these lines
-A FORWARD -p tcp -m tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j
DROP
-A FORWARD -p tcp -m tcp --dport 443 -m state --state NEW,RELATED,ESTABLISHED -j
DROP
and also
-A FORWARD -i eth1 -p udp -m udp --dport 80 -j DROP
-A FORWARD -i eth1 -p udp -m udp --dport 443 -j DROP
But still I am not able to stop access to facebook through google chrome.
Facebook does not speak QUIC, so blocking QUIC will have no effect on Chrome's ability to talk to Facebook.I have included my entire iptables setting in previous mail. If you could go through that and help me resolve it.
Hi Luic,
I am able to access facebook or twitter (social networking sites) from google chrome even though they are blocked in my proxy. They get blocked when accessed from IE.
COMMIT
# Completed on Fri Feb 13 12:55:39 2015
# Generated by iptables-save v1.4.21 on Fri Feb 13 12:55:39 2015
*nat
:PREROUTING ACCEPT [418:82046]
:INPUT ACCEPT [362:35108]
:OUTPUT ACCEPT [1218:79092]
:POSTROUTING ACCEPT [246:16215]
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.
11.1:3126
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3126
-A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168
.11.1:3127
-A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j ACCEPT
-A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3127
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Fri Feb 13 12:55:39 2015
I don't know where I am going wrong. Can you please help. Also can we block facebook apps from mobile
root@appliance:~# ip6tables -L -nv
Chain INPUT (policy ACCEPT 715 packets, 97640 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 2708K packets, 2033M bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
--