Heiko Wundram (Beenic) wrote:

Am Mittwoch, 12. Dezember 2007 13:01:14 schrieb Alex Zbyslaw:
<snip explanation>
I don't see how a firewall is appropriate for this (hosts.allow,
likewise).  The point of the exercise is to never even contact the ad host.

Transparent proxy with squid on the firewall? There's even plugins to manage exactly this kind of ad-blocking with squid; although I don't currently know the extension's name.

This is pretty much going to be your only option to do this in a centralized fashion.

Squid may well be an alternative solution, but it's not, imho, a firewall solution as Nikos was proposing.

I have zero experience of squid beyond reading about it, but it has always sounded like a major resource hog. Perhaps just running one plugin to do just this would be OK?

The advantage of /etc/hosts is simplicity. For a small home network of BSD machines it's pretty trivial to propagate updates. Not even *that* hard to copy the file to a couple windows machines. Beyond that, the updates could get pretty tedious.

For a network-wide, multi-OS solution I would still look at DNS just because it's more lightweight than squid. Which is not to say that someone else shouldn't reach an alternate conclusion :-) Always good to know what the alternatives are!

Best,

--Alex

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to