Difference between revisions of "BlackBlockGoogle"

From FuckOffGoogle
Jump to: navigation, search
(add ipsets script)
 
(9 intermediate revisions by 4 users not shown)
Line 2: Line 2:
  
 
== Methods ==  
 
== Methods ==  
 +
 
There are different methods for blocking google..  
 
There are different methods for blocking google..  
  
Line 16: Line 17:
  
 
=== Blocking using hosts file ===
 
=== Blocking using hosts file ===
You can edit your hosts file like the one showed [https://gist.github.com/Gaubee/6546308/ here].
+
You can edit your hosts file.
  
 +
An axample of [[hosts]] file, it contains a whole list of all google, twitter, facebook, etc... domains
 
Doing this all listed domains will be redirected to that ip address. You can easily change the ip addresses whit your local host 127.0.0.1 or whatever you want :)
 
Doing this all listed domains will be redirected to that ip address. You can easily change the ip addresses whit your local host 127.0.0.1 or whatever you want :)
 
  
 
=== Blocking using a firewall ===
 
=== Blocking using a firewall ===
Line 82: Line 83:
 
echo "iptables -t mangle -X $2_ip" >> del_$2.sh
 
echo "iptables -t mangle -X $2_ip" >> del_$2.sh
 
echo "iptables -t mangle -X $2_do" >> del_$2.sh
 
echo "iptables -t mangle -X $2_do" >> del_$2.sh
 +
 +
</pre>
 +
 +
 +
== Use ipsets instead of iptables ==
 +
 +
If you block AS with a large number of entries, you will notice a performance hit when using iptables.
 +
 +
ipsets are much more efficient. Here is a similar script for setting up corporate monster blocking using ipsets on OpenWRT.
 +
 +
<pre>
 +
#!/bin/sh
 +
 +
IP=`nslookup $1 | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | tail -n1 | cut -d\  -f3`
 +
AS=`wget -q -O - http://ipinfo.io/$IP/org | cut -f1 -d \  | sed -e 's/AS//'`
 +
 +
echo '#!/bin/sh' > add_$2.sh
 +
chmod 750 add_$2.sh
 +
echo '#!/bin/sh' > del_$2.sh
 +
chmod 750 del_$2.sh
 +
NETWORKS=`wget -O - http://stat.ripe.net/data/announced-prefixes/data.yaml?resource=$AS|grep prefix\:|grep -v \:\:|awk '{print $3}'`
 +
 +
echo "ipset create $2_ip hash:net" >> add_$2.sh
 +
echo "iptables -A forwarding_rule -m set --match-set $2_ip dst -j reject" >> add_$2.sh
 +
 +
for i in $NETWORKS; do echo "ipset add $2_ip $i" >> add_$2.sh; done
 +
 +
echo "ipset destroy $2_ip" >> del_$2.sh
  
 
</pre>
 
</pre>
Line 91: Line 120:
 
Privacy badge [https://www.eff.org/privacybadger/] is a very easy friendly and powerful tool for blocking trackers and ads.
 
Privacy badge [https://www.eff.org/privacybadger/] is a very easy friendly and powerful tool for blocking trackers and ads.
  
Ensure your browser only runs opensource/readable javascript code with librejs [https://addons.mozilla.org/en-US/firefox/addon/librejs/]
+
Ensure your browser only runs opensource/readable javascript code with librejs [https://addons.mozilla.org/en-US/firefox/addon/librejs/]<br>
 +
The link posted here is broken, but there is an Alpha version: [https://addons.mozilla.org/en-US/firefox/addon/gnu-librejs-7-0-alpha/]
  
 
Made your browser click and load random ads to obfuscate monitoring and tracking with adnauseam [https://adnauseam.io/]
 
Made your browser click and load random ads to obfuscate monitoring and tracking with adnauseam [https://adnauseam.io/]
Line 98: Line 128:
  
 
Decentraleyes [https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/]
 
Decentraleyes [https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/]
 +
 +
Cloud Firewall [https://addons.mozilla.org/en-US/firefox/addon/cloud-firewall/]<br>
 +
This Add On is currently unavailable from mozilla, see a recent toot from the maintainer: [https://social.avareborn.de/@nipos/103696273631245687]
  
  

Latest revision as of 16:48, 23 February 2020

Methods

There are different methods for blocking google..

Browser extensions

Using ublock

Install the extension ublock origin [1] on your firefox installation.

1. Open ublock dashboard

2. Select the tab "My filters"

3. Past this list[2] hosts to your ublock configuration.


Blocking using hosts file

You can edit your hosts file.

An axample of hosts file, it contains a whole list of all google, twitter, facebook, etc... domains Doing this all listed domains will be redirected to that ip address. You can easily change the ip addresses whit your local host 127.0.0.1 or whatever you want :)

Blocking using a firewall

Using OpenWRT / iptables

This is a script that would run on OpenWRT:

With some modification (maybe) to the output processing of the nslookup command, or use host, it'll work on your local *NIX box

You would do, for example:

  • root@OpenWrt:~# ./iptsetup.sh google.com gl 1
  • That would create for you add_gl.sh and del_gl.sh in the current working directory.
  • Then run ./add_gl.sh and all packets destined to google will be marked with MARK 1
  • So add a rule something like:
iptables -N reject
iptables -A OUTPUT -m mark --mark 1 -j reject
iptables -A reject -p tcp -j REJECT --reject-with tcp-reset
iptables -A reject -j REJECT --reject-with icmp-port-unreachable

  • You also need to feed traffic into the m_ip chain in your mangle table.
  • How you might wish to do this is left as an exercise to the reader ;-) (don't just blindly "follow", Read up!!)

But for example, you could do something as simple as this, seeing as how you are running on a router:


iptables -t mangle -A PREROUTING -s lan-ip.of.user-that-not-want.google -j m_ip


#!/bin/sh
#
## iptsetup.sh domain.com name fwmark#
#
IP=`nslookup $1 | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | tail -n1 | cut -d\  -f3`
AS=`wget -q -O - http://ipinfo.io/$IP/org | cut -f1 -d \  | sed -e 's/AS//'`

echo '#!/bin/sh' > add_$2.sh
chmod 750 add_$2.sh
echo '#!/bin/sh' > del_$2.sh
chmod 750 del_$2.sh
NETWORKS=`wget -O - http://stat.ripe.net/data/announced-prefixes/data.yaml?resource=$AS|grep prefix\:|grep -v \:\:|awk '{print $3}'`

echo "iptables -t mangle -N $2_ip" >> add_$2.sh
echo "iptables -t mangle -N $2_do" >> add_$2.sh
echo "iptables -t mangle -A m_ip -j $2_ip" >> add_$2.sh
echo "iptables -t mangle -D m_ip -j $2_ip" >> del_$2.sh

for i in $NETWORKS; do echo "iptables -t mangle -A $2_ip -d $i -j $2_do" >> add_$2.sh; done
for i in $NETWORKS; do echo "iptables -t mangle -D $2_ip -d $i -j $2_do" >> del_$2.sh; done

echo "iptables -t mangle -A $2_do -j MARK --set-mark $3" >> add_$2.sh
echo "iptables -t mangle -D $2_do -j MARK --set-mark $3" >> del_$2.sh

echo "iptables -t mangle -X $2_ip" >> del_$2.sh
echo "iptables -t mangle -X $2_do" >> del_$2.sh


Use ipsets instead of iptables

If you block AS with a large number of entries, you will notice a performance hit when using iptables.

ipsets are much more efficient. Here is a similar script for setting up corporate monster blocking using ipsets on OpenWRT.

#!/bin/sh

IP=`nslookup $1 | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | tail -n1 | cut -d\  -f3`
AS=`wget -q -O - http://ipinfo.io/$IP/org | cut -f1 -d \  | sed -e 's/AS//'`

echo '#!/bin/sh' > add_$2.sh
chmod 750 add_$2.sh
echo '#!/bin/sh' > del_$2.sh
chmod 750 del_$2.sh
NETWORKS=`wget -O - http://stat.ripe.net/data/announced-prefixes/data.yaml?resource=$AS|grep prefix\:|grep -v \:\:|awk '{print $3}'`

echo "ipset create $2_ip hash:net" >> add_$2.sh
echo "iptables -A forwarding_rule -m set --match-set $2_ip dst -j reject" >> add_$2.sh

for i in $NETWORKS; do echo "ipset add $2_ip $i" >> add_$2.sh; done

echo "ipset destroy $2_ip" >> del_$2.sh


Other tools

Useful addons for a private, free & open source internet

Privacy badge [3] is a very easy friendly and powerful tool for blocking trackers and ads.

Ensure your browser only runs opensource/readable javascript code with librejs [4]
The link posted here is broken, but there is an Alpha version: [5]

Made your browser click and load random ads to obfuscate monitoring and tracking with adnauseam [6]

Trackmenot [7]

Decentraleyes [8]

Cloud Firewall [9]
This Add On is currently unavailable from mozilla, see a recent toot from the maintainer: [10]


Prismbreak, a list of tools avoid massive surveillance

A list of tools, please check their descriptions inside... https://prism-break.org/en/