HOWTO Easily Block Gmail Twitter Facebook with iptables using SSL certificates
We need two tools here:
- ngrep to find an SSL certificate in the TCP packets, and
- iptables to block the SSL string.
This output shows part of Google's ASN.1 encoded X.509 certificate.
# ngrep -d eth0 -x 'Google Inc' ... 47 6f 6f 67 6c 65 20 49 6e 63 31 18 30 16 06 03 Google Inc1.0... 55 04 03 14 0f 6d 61 69 6c 2e 67 6f 6f 67 6c 65 U ... mail.google 2e 63 6f 6d 30 81 9f 30 0d 06 09 2a 86 48 86 f7 .com0..0...*.H..Therefore, the following Linux firewall commands will stop any connection to Gmail:
# iptables -I INPUT -m string --algo bm --hex-string \
'|476f6f676c6520496e63311830160603550403140f6d61696c2e676f6f676c652e636f6d30819f30|' -j REJECT
Try it, you will get a connection timeout:
$ curl --connect-timeout 60 https://mail.google.com/
curl: (28) SSL connection timeout
The same applies for Twitter, Facebook and any application that uses a certificate.
There is no need to restrict this HTTPS sessions.
A far more efficient method than DNS/IP blocking!