Skip to content
Amazon publishes a list of the IP addresses they control here: https://ip-ranges.amazonaws.com/ip-ranges.json . What follows is a way to prevent yourself / the websites you visit from reaching out to AWS machines. Spoiler alert: The internet becomes pretty un-useable.
Branch: master
Clone or download
Latest commit 3a2a9dc Jul 26, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
scripts amazon openvpn/blocking Jul 26, 2018
README.md comment Jul 26, 2018

README.md

Fuck off AWS

Amazon publishes a list of the IP addresses they control here: https://ip-ranges.amazonaws.com/ip-ranges.json . What follows is a way to prevent yourself / the websites you visit from reaching out to AWS machines. Spoiler alert: The internet becomes pretty unuseable. For linux see: https://github.com/corbanworks/aws-blocker

Dependencies

This is for OSX - specifically using their builtin packet filter PF. You will also need a json processor called JQ. I used Homebrew to install it

  1. xcode-select --install
  2. ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
  3. brew install jq

Installation

  1. Clone this repository
  2. cd fuck-off-aws/scripts
  3. chmod +x build.sh start-blocking.sh stop.sh
  4. create or edit the file: /etc/pf.conf, and add this line to the end of it: block out log from any to <aws>
  5. sudo ./build.sh <- all scripts must be run as a super user :(. This sript will find the most recent list of Amazon IPs, and set up a filter using PF to block and log all traffic from your machine to those IP addresses. This will also block any third party content, images, or fonts that are served by AWS.

Usage

  1. sudo ./start-blocking.sh <- this will enable your packet filter. It will also log all blocked traffic to an interface, and read those packets using tcpdump. To log to a file run sudo start-blocking.sh > log.txt
  2. sudo ./stop.sh <- will disable your packet filter.

NOTE/BUG

Even when you stop running the start-blocking.sh you will need to run the sudo ./stop.sh command to fully disable the filter. Also this was adapted from https://github.com/corbanworks/aws-blocker/blob/master/aws-blocker

OpenVPN

  1. vpn-server.sh is meant to be run on a VPN server. This will block all connected clients' requests to aws
You can’t perform that action at this time.