Heiko Wundram (Beenic) wrote:
Am Mittwoch, 12. Dezember 2007 13:01:14 schrieb Alex Zbyslaw:
<snip explanation>
I don't see how a firewall is appropriate for this (hosts.allow,
likewise). The point of the exercise is to never even contact the ad host.
Transparent proxy with squid on the firewall? There's even plugins to manage
exactly this kind of ad-blocking with squid; although I don't currently know
the extension's name.
This is pretty much going to be your only option to do this in a centralized
fashion.
Squid may well be an alternative solution, but it's not, imho, a
firewall solution as Nikos was proposing.
I have zero experience of squid beyond reading about it, but it has
always sounded like a major resource hog. Perhaps just running one
plugin to do just this would be OK?
The advantage of /etc/hosts is simplicity. For a small home network of
BSD machines it's pretty trivial to propagate updates. Not even *that*
hard to copy the file to a couple windows machines. Beyond that, the
updates could get pretty tedious.
For a network-wide, multi-OS solution I would still look at DNS just
because it's more lightweight than squid. Which is not to say that
someone else shouldn't reach an alternate conclusion :-) Always good to
know what the alternatives are!
Best,
--Alex
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"