Hahaha.

You need an .ovpn file from your provider of course

It holds the details where to connect to and how ect.

Its basically a "Deny Anything OUT" rule followed by "Allow 80 out" ect. Make sure to allow port 53/tcp out and 443/tcp

On the firewall window, am I right?

On the firewall window, am I right?

in the console

Outgoing traffic is possible by hand: http://serverfault.com/questions/618164/block-outgoing-connections-on-rhel7-centos7-with-firewalld

^

You need an .ovpn file from your provider of course

What provider do you use? ?.

What provider do you use? ?.

Aforementioned solfconfigured Hetzner Server

^

I'm forwarding these to myself - I'll take care of them later on. Too tired.

Aforementioned solfconfigured Hetzner Server

Oh, jeez. That's pretty smart of you...

Any other easier provider you'd say is at least, somewhat trustable?

(Yeah, yeah - none...)

(Yeah, yeah - none...)

You got the Spirit XD

While you are at it adding Https everywhere, Ublock Origin, Umatrix (and ublock websockets if using chromium), NoHttp and so to your browser, configuring them, setting a local "opennet" Firewall Profile with firewalld that basically only allows encrypted dns and https trough if the remote isnt in a adaway-generated hosts file can go a long way too

If you did all that you could try to use vpnbook

But _BEWARE_

Vpnbook are private poeple offering their servers as free vpn servers

While you are at it adding Https everywhere, Ublock Origin, Umatrix (and ublock websockets if using chromium), NoHttp and so to your browser, configuring them, setting a local "opennet" Firewall Profile with firewalld that basically only allows encrypted dns and https trough if the remote isnt in a adaway-generated hosts file can go a long way too

How did you actually only allowed encrypted DNS and HTTPS through? What options within the firewalld window did you make?

They will very likely either record your activity or store something or their servers may be compromised. so you need to have a very decent, tightly locked down firewall setup in and outgoing and of course use encrypted dns querys

Vpnbook are private poeple offering their servers as free vpn servers

/ban

How did you actually only allowed encrypted DNS and HTTPS through? What options within the firewalld window did you make?

sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 2 -j DROP sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 53 -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p udp --dport 53 -j ACCEPT sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT

/ban

what

there is no vpn provider i'd trust with my personal data

sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 2 -j DROP sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 53 -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p udp --dport 53 -j ACCEPT sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT

(telegram may replace '- -' with —

sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 2 -j DROP sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 53 -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p udp --dport 53 -j ACCEPT sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT

fixed —

fixed —

God bless Telegram's edit feature.

I love you, Tobias. ❤️

sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 2 -j DROP sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 53 -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p udp --dport 53 -j ACCEPT sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT

this is ignoring ipv6 and allows dns querys to all servers still - there is so much you can do with fwd that one should toroughly read into it before going this deep

sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 2 -j DROP sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 53 -j ACCEPT firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p udp --dport 53 -j ACCEPT sudo firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT

I think I did it correctly... I'll try to get around 'shady' websites or whatever...

If I notice something's broken, I'll nudge you.

this is ignoring ipv6 and allows dns querys to all servers still - there is so much you can do with fwd that one should toroughly read into it before going this deep

Yeah - it is like su and a rookie. (Hey! You are one. (Self-talk. Don't mind me.))

I think I did it correctly... I'll try to get around 'shady' websites or whatever...

As normal user i'd rather advise you to not selectively allow ports (or even applications) but instead block http inside your browser

I love you, Tobias. ❤️

We all ❤️ Tobias.

That way you'd save yourself a lot of trouble until you know how the internet works ^^

As normal user i'd rather advise you to not selectively allow ports (or even applications) but instead block http inside your browser

Mozilla. How to. Show me! Show me!

Mozilla. How to. Show me! Show me!

https://addons.mozilla.org/de/firefox/addon/http-nowhere/?src=search

If enabled = no HTTP anywhere if disabled = allow http

And of course open the firewall config, go to "view" and "display direct Configuration"

There's a curious fact I've been doing quite for a while - I allocate a short period of time during the week and start wandering around the Internet to find out what websites and services happen to work with http only and fill out a form or better yet, mail them with the Let's Encrypt about website in order to persuade them to provide HTTPS to their users - it's free and it protects their users and themselves from potential threats.

so you can disable your previously set (permanent) rules for block all

(of course, change the configuration on top in Firewall config to "permanent"

There's a curious fact I've been doing quite for a while - I allocate a short period of time during the week and start wandering around the Internet to find out what websites and services happen to work with http only and fill out a form or better yet, mail them with the Let's Encrypt about website in order to persuade them to provide HTTPS to their users - it's free and it protects their users and themselves from potential threats.

Chrome is about to display warnings on http logins as will firefox - and https will now be the default while http displays a warning instead of green https box and nothing

Chrome is about to display warnings on http logins as will firefox - and https will now be the default while http displays a warning instead of green https box and nothing

I bet you there'll be billions of people not taking care of any of these warnings and staying 'OK' with http connections. I bet you my balls...

It's incredibly better to advocate for cryptographic standards and spread the word than wait until browsers take their step forwards.

We all ❤️ Tobias.

Oh yes!

i remember an article of them displaying a massive "YOUR PASSWORD COULD BE COMPROMISED; THE SITE IS NOT SECURE" next to password boxes on http sites (planned)

I want this to come by soon. There's a relative of mine who made fun out of me for advocating for HTTPS in a website a few days ago...

I'll surely let him see that note next to his Chrome window, running Winbloze. ?

I want this to come by soon. There's a relative of mine who made fun out of me for advocating for HTTPS in a website a few days ago...

Starting 2017

He uses iPhone, Windows and he works for a company whose servers are running Winbloze 7.

I get triggered by staying next to him...

One day said the classic 'I have nothing to hide'.

Too many triggering comments and handsets...

i remember an article of them displaying a massive "YOUR PASSWORD COULD BE COMPROMISED; THE SITE IS NOT SECURE" next to password boxes on http sites (planned)

^^^.

i remember an article of them displaying a massive "YOUR PASSWORD COULD BE COMPROMISED; THE SITE IS NOT SECURE" next to password boxes on http sites (planned)

Where's this?

Link me, link me, link me, link link link.

Link me, link me, link me, link link link.

http://techdows.com/2016/09/firefox-51-insecure-password-warning.html this is what they do now

I can't find the comment about making some uBlock Origin hosts file work. Do you mind forwarding it, please? @Tobias4X.

https://www.thesslstore.com/blog/firefox-warn-password-fields-insecure/

There was that picture

51 makes a padlock for transition, 52 is contextual warning

I can't find the comment about making some uBlock Origin hosts file work. Do you mind forwarding it, please? @Tobias4X.

Urf - erm Just open the ublock panel by clicking the ublock icon, click on the black bar with "ublock" written on top and there go to third party or external filters

enable all but the Country-specific ones at the bottom - choose only your country there

Too many triggering comments and handsets...

i gave half the poeple that have turned off their adblockers repeatedly after being asked to by websites . The rest is now either on Linux or a windows so tighly locked down to basically the browser that they are pretty free of most risks

i gave half the poeple that have turned off their adblockers repeatedly after being asked to by websites . The rest is now either on Linux or a windows so tighly locked down to basically the browser that they are pretty free of most risks

Hold on a second... It's getting worse... Brace yourself...

I uninstalled AdBlock Plus on his Chrome and installed a) uBlock Origin, b) Privacy Badger and c) HTTPS Everywere on his Chrome. (Not fond to even try to get him used to Chromium because 'Adobe Flash Player' bullshit... or don't change things on _my_ setup.) Yeah, okay; it's theirs but they somehow expose people who happen to be around them. Next day he tried to watch a video in a random website and it wasn't working (sure, some Javascript crap bundled and Privacy Badger taking care of it seamlessly). Hey, don't change anything here, okay? Purged everything and installed AdBlock Plus back. A couple of days later on I decided to try it again by installing uBlock Origin back. Next day, AdBluck Plus was once again, back. I gave up. One of the reasons he says he likes AdBlock the best is because of the Malware protection added.

ERROR: S client not available

Oh jeez, if that motherfucker weren't that lazy to get himself documented on adblockers... Do you feel me yet? @Tobias4X.

I uninstalled AdBlock Plus on his Chrome and installed a) uBlock Origin, b) Privacy Badger and c) HTTPS Everywere on his Chrome. (Not fond to even try to get him used to Chromium because 'Adobe Flash Player' bullshit... or don't change things on _my_ setup.) Yeah, okay; it's theirs but they somehow expose people who happen to be around them. Next day he tried to watch a video in a random website and it wasn't working (sure, some Javascript crap bundled and Privacy Badger taking care of it seamlessly). Hey, don't change anything here, okay? Purged everything and installed AdBlock Plus back. A couple of days later on I decided to try it again by installing uBlock Origin back. Next day, AdBluck Plus was once again, back. I gave up. One of the reasons he says he likes AdBlock the best is because of the Malware protection added.

Adblock has no added malware Protection, only ublock offers kind of something like that by being able to block hostfile based

Oh jeez, if that motherfucker weren't that lazy to get himself documented on adblockers... Do you feel me yet? @Tobias4X.

Eh, There are those willing to learn and those that have been given a pc without them being sound of using it

Adblock has no added malware Protection, only ublock offers kind of something like that by being able to block hostfile based

I don't know man, that's what he told me one day later the 'problem' we had... I kept my mouth shut. Most of the time I acknowledge folks will not get to understand anything about FLOSS or privacy...

the latter are a growing problem but one we have to endure with an 'eh' until their world burns so bright they either leave the platform or start going secure

Eh, There are those willing to learn and those that have been given a pc without them being sound of using it

No, he is _not_ fond to learn or discuss things further. He's the classic 'it just werks' mindset person...

No, he is _not_ fond to learn or discuss things further. He's the classic 'it just werks' mindset person...

As is 99% of the Population when its concerning technology

As is 99% of the Population when its concerning technology

A tad disgusting...

It happens to me with most things I think. I mull over the idea of either commiting suicide or killing billions of them. I'm fed up of individuals staying that numb. It drives me nuts quick.

Hey, in the end mirai is a good thing for those people - it was the most crappily coded exploit but if it succeded (it dodnt because of a small coding error) we'd be experiencing the largest ddos ever with millions of pcs infected and encrypted each hour

only then we can get em to think otherwise - or teach it in school much earlier in an interesting way

Do you mean enabling every item listed here by hand?

Enable only your country down there

@Tobias4X - I'll put you the strawberry on the cake. That person I'm talking about, happens to be an IT Software Engineer at a well-known company nationwide.

Cringy, cringy...

@Tobias4X - I'll put you the strawberry on the cake. That person I'm talking about, happens to be an IT Software Engineer at a well-known company nationwide.

Yes, and? Even in tech fields many are University Standard Material

When i took CS classes only 3! of the whole year could use a pc the way it'd be properly required to be a sysmin/coder/IT engineer

from 400 poeple

I still don't understand how come there are millions of IT-oriented persons still using Winbloze and even bragging about it... Arg...

the other 397 proceed to walk into other firms and suck the IT Structure out of them

I still don't understand how come there are millions of IT-oriented persons still using Winbloze and even bragging about it... Arg...

Two words, "Active Directory"

the other 397 proceed to walk into other firms and suck the IT Structure out of them

and the other 3 have to work for way under their price or go into another country where they are paid for their skills

I had a talk with a coder for germany's state a while ago - he said germany had until recently a 1000€/Month extra for coders to even compete with Private firms _average_ pay. but without a diploma in certain fields that would still end at 3,5k/month

You meant nothing but these last? I enabled those as instructed. I cannot see US in the acronyms for the countries. Is US over there? :-P.

You meant nothing but these last? I enabled those as instructed. I cannot see US in the acronyms for the countries. Is US over there? :-P.

All but the last

You meant nothing but these last? I enabled those as instructed. I cannot see US in the acronyms for the countries. Is US over there? :-P.

Us is the default easylist

All but the last

The other options right above those two sections, disabled or enabled? Language barriers, errr.

Us is the default easylist

Ah, yay!

There you go!