How to selectively stop a DNS request from being made … with Windows and / or IPCOP. How to break / block PowerDVD v6, Internet Download Manager (IDM), Windows, IPCOP & IPCOP addons / plug-ins, from looking for updates and / or whatever else they might be doing behind your back. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Both Windows & IPCOP have a similar way to hardwire break a DNS lookup … - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The “Windows hosts file” can be found in the folder … C:\WINDOWS\system32\drivers\etc … hosts Usually used to redirect DNS requests this file can also be used to hardwire break a connection request by directing the request to the loopback address instead …ie 127.0.0.1 Below is a simple set of addresses that I use in the “hosts” file ... which insures that these requests never make it out (into the www) … because despite having blocked the application via some personal internal firewall … the request / lookups were still being made … until now. (Modifications require a reboot to take effect). Use most any basic Windows text editor to modify the file. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ################################################## (start of example) ################################################## # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ################################################## ###### Microsoft - ET Phone Home 127.0.0.1 crl.microsoft.com ################################################## ###### PowerDVD v6 - ET Phone Home 127.0.0.1 liveupdate.gocyberlink.com 127.0.0.1 detect.gocyberlink.com ################################################## ###### Microsoft - ET Phone Home (MS & Adobe both use crl.verisign.com) 127.0.0.1 crl.verisign.com 127.0.0.1 csc3-2004-crl.verisign.com ################################################## ###### Internet Download Manager - update 127.0.0.1 www.internetdownloadmanager.com 127.0.0.1 internetdownloadmanager.com 127.0.0.1 registeridm.com ################################################## ################################################## (end of example) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IPCOP has a similar app / tool / method that accomplishes the same thing … built in … via “dnsmasq” … but the default IPCOP install gives no configuration file for it to follow. Should IPCOP be directed to use / implement “dnsmasq” … its configuration file would be located in … /etc … dnsmasq.conf In order to make use of the built-into-IPCOP “dnsmasq” utiltily … all you have to do is make a “dnsmasq.conf” file & place it in the folder “/etc” … using similar syntax within the file as shown in the example below. Every time IPCOP starts up it called out for updates & some of the plug-ins did so also upon viewing them via the IPCOP gui … so with the use of another upstream IPCOP the following list (below) was harvested / compiled. (DNS requests can also be viewed within the IPCOP gui … via “Logs/System” … then change “Section:” to “DNS” … then click the “Update” button) With a Linux text editor (Windows made files may error) … perhaps from your favorite SSH – sftp client, create the file in the IPCOP folder “/etc” … named “dnsmasq.conf” and add the following to it … (or download the file attached below and copy it to “/etc”) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ################################################## (start of example) ################################################## ############################################################################### ############################################################################### # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # See ... /var/log/messages ... For debugging info. # For debugging purposes, log each DNS query as it passes through dnsmasq. log-queries # Log lots of extra information about DHCP transactions. # log-dhcp # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # ############################################################################### # IPCop - Stop IPCop from looking for update. address=/www.ipcop.org/127.0.0.1 # address=/sourceforge.net/127.0.0.1 # address=/vhost.sourceforge.net/127.0.0.1 # IPCop - Stop UrlFilter from looking for update. address=/www.urlfilter.net/127.0.0.1 # IPCop - Geoip update. address=/www.maxmind.com/127.0.0.1 # IPCop - Copfilter -- ET Phone Home address=/www.copfilter.org/127.0.0.1 address=/www.copfilter.org/LATEST-VERSION/127.0.0.1 # IPCop - Advanced Proxy version check. address=/www.advproxy.net/127.0.0.1 address=/www.advproxy.net/version/ipcop/latest/127.0.0.1 # IPCop - IPTables GUI - update check address=/ipcop-addons.ath.cx/127.0.0.1 # Web - Redicecreations.com, map spyware from, NoZone, Inc. Chicago IL. address=/maps.amung.us/127.0.0.1 address=/whos.amung.us/127.0.0.1 # Software - HP Printer Update # address=/www.hp.com/127.0.0.1 # address=/www.hpgtm.nsatc.net/127.0.0.1 # Firefox & Addons address=/addons.mozilla.org/127.0.0.1 address=/fxfeeds.mozilla.com/127.0.0.1 address=/www.firefoxdownload.com/127.0.0.1 address=/firefoxdownload.com/127.0.0.1 # Firefox (New v3.5.2) # address=/sb-ssl.google.com/127.0.0.1 # address=/ocsp.thawte.com/127.0.0.1 # address=/ocsp.verisign.net/127.0.0.1 # address=/www.verisign.net/127.0.0.1 # address=/verisign.net/127.0.0.1 # address=/www.verisign.com/127.0.0.1 # address=/verisign.com/127.0.0.1 # address=/www.squidguard.org/127.0.0.1 # address=/squidguard.org/127.0.0.1 # address=/www.stopbadware.org/127.0.0.1 # address=/stopbadware.org/127.0.0.1 # Google - ET Phone Home # address=/sb.google.com/127.0.0.1 # PowerDVD v6 - ET Phone Home address=/liveupdate.gocyberlink.com/127.0.0.1 address=/detect.gocyberlink.com/127.0.0.1 # Macromedia -- ET Phone Home address=/crl.verisign.com/127.0.0.1 address=/www.adobe.com/127.0.0.1 address=/www.macromedia.com/127.0.0.1 address=/adobe.omniture.112.2o7.net/127.0.0.1 # Alcohol 120% - ET Phone Home address=/www.alcohol-soft.com/127.0.0.1 address=/vodka.alcohol-soft.com/127.0.0.1 # Internet Download Manager - update address=/www.internetdownloadmanager.com/127.0.0.1 address=/registeridm.com/127.0.0.1 # Microsoft - ET Phone Home address=/crl.microsoft.com/127.0.0.1 # Microsoft - ET Phone Home (MS & Adobe both use crl.verisign.com) # address=/crl.verisign.com/127.0.0.1 address=/csc3-2004-crl.verisign.com/127.0.0.1 # Microsoft - ET Phone Home address=/www.download.windowsupdate.com/127.0.0.1 address=/www.download.windowsupdate.nsatc.net/127.0.0.1 address=/mscom-wui.vo.llnwd.net/127.0.0.1 # Microsoft - Windowsmedia ET Phone Home address=/autoupdate.windowsmedia.com/127.0.0.1 address=/codecs.microsoft.com/127.0.0.1 # Microsoft - Office ET Phone Home # address=/www.office.microsoft.com/127.0.0.1 # address=/office.microsoft.com/127.0.0.1 # address=/www.support.microsoft.com/127.0.0.1 # address=/support.microsoft.com/127.0.0.1 # address=/www.support.microsoft.akadns.net/127.0.0.1 # address=/support.microsoft.akadns.net/127.0.0.1 # address=/www.microsoft.com/127.0.0.1 # address=/microsoft.com/127.0.0.1 # address=/www.js.microsoft.com/127.0.0.1 # address=/js.microsoft.com/127.0.0.1 # address=/www.i.microsoft.com.edgesuite.net/127.0.0.1 # address=/i.microsoft.com.edgesuite.net/127.0.0.1 # ZoneAlarm - ET Phone Home address=/zonelabs.com/127.0.0.1 address=/cm2.zonelabs.com/127.0.0.1 # Filseclab - ET Phone Home address=/filseclab.com/127.0.0.1 address=/messenger3.filseclab.com/127.0.0.1 address=/onlineres.148.hh82.com/127.0.0.1 # Gravatar - Tracking Avatar (Suspicious Behavior) address=/gravatar.com/127.0.0.1 address=/www.gravatar.com/127.0.0.1 address=/en.gravatar.com/127.0.0.1 address=/www.en.gravatar.com/127.0.0.1 # CounterStrikeCZ - ET Phone Home address=/207.173.177.11/127.0.0.1 address=/207.173.177.12/127.0.0.1 address=/11.177.173.207.in-addr.arpa/127.0.0.1 address=/12.177.173.207.in-addr.arpa/127.0.0.1 address=/steam1.steampowered.com/127.0.0.1 address=/www.steam1.steampowered.com/127.0.0.1 address=/steam2.steampowered.com/127.0.0.1 address=/www.steam2.steampowered.com/127.0.0.1 address=/hlmaster1.hlauth.net/127.0.0.1 address=/www.hlmaster1.hlauth.net/127.0.0.1 address=/half-life.east.won.net/127.0.0.1 address=/www.half-life.east.won.net/127.0.0.1 ################################################## ################################################## (end of example) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Add / Remove / Modify the list to match your personal needs. Placing a “#” at the beginning of any line, disables the command. Such as Windows … Modifications to IPCOP’s “dnsmasq.conf” file require a reboot to take effect. Now that these blocks are in place … these listed DNS requests return INSTANT FAILURE. This is by far much more of a block then if it were done with a plug-in such as “UrlFilter” … because, absolutely nothing gets out!!! -
Samba SWAT on ipcop Elixa, Is there a way to enable SWAT on ipcop without BlockOutTraffic? Here is an screenshot what I'am seing right now http://img140.imageshack.us/img140/1789/notabletoexecuteswat.jpg
Samba & SWAT - Ports Yes, no problem. “BlockOutTraffic” is not prerequisite for Samba … I just included a hint about how to rule “BlockOutTraffic” in the event that someone was using that plugin also (because “BlockOutTraffic” can be a pain in the a--). If using BlockOutTraffic 3.0.0 - Build 3 ... Port 901 had to be opened ... 'IPCop access' … but only if, you are using “BlockOutTraffic” The only prerequisite that was necessary for “Samba” was the changing of the gui port from 445 to something else … so that “Samba” could use that port. In my travels I came across information about a script or command, built into IPCOP, that could change the default gui port … though I have no idea where to look for it now … but that simple modification can be done with “guiports-1.6.2.tar.gz”, easily. I see from the picture you provided that you are using port 446 to access the “Samba” page … so I can assume you did change the gui access port successfully (port 445 being needed for the share). It’s kind of sad waiting two weeks for such a simple answer … but here it goes (sorry about the delay) … Try using the following url … (the IP is specific to dxighithall’s example) Upon success ... within the SWAT settings, consider disabling the printer & / or other services that you don't need (for security & resource reasons). Good luck …& if that doesn’t work … say something & I’ll reinstall it (& then post a better response). Hope that helped. -
Simple modification to the IPCOP css style menu … for a more visible menu hover color Info … to change the default menu hover color from a bright white to one of the colors in the IPCOP shield (a yellow-ish orange) In the file … /home/httpd/html/include/ipcop.css … (near the bottom of the page) … Find the following … clipped out of context … Before … ---------- ---------- ---------- ---------- ---------- div.ipcop_menuElementHover { color: #FFFFFF; } div.ipcop_subMenuElement { padding: 3px; color: #DEDFEF; } div.ipcop_subMenuElementHover { padding: 3px; color: #FFFFFF; } ---------- ---------- ---------- ---------- ---------- After … *(2 changes) ---------- ---------- ---------- ---------- ---------- div.ipcop_menuElementHover { color: #FFCC33; } div.ipcop_subMenuElement { padding: 3px; color: #DEDFEF; } div.ipcop_subMenuElementHover { padding: 3px; color: #FFCC33; } ---------- ---------- ---------- ---------- ---------- Change the default hover color … from #FFFFFF … to #FFCC33 … *(above example already modified) Save the file … then refresh any IPCOP cgi page … … the IPCOP menu should now be a little easier to see – n’ navigate. -
