| View previous topic :: View next topic |
| Author |
Message |
DarkRyder
n00b
Joined: 16 Jul 2003
Posts: 49
Location: Sol-III, west edge of the smaller northern continent, near a big bay (Send help!)
|
 Posted: Thu Oct 16, 2003 9:14 pm Post subject: Firewalling away the ads? |
 |
|
I recently got my household set up behind a firewall (vanilla-sources + shorewall) and would like to use it to filter out known advertisers, but have not found a way to do so.
Shorewall has a "blacklist", but it appears to only work for incoming connections, while I want to block outgoing. Basically, I want to be able to set up something like ZoneAlarm's "Blocked Sites" on the firewall so I don't have to install and configure software on each of the systems behind it.
Any advice?
_________________
Unless, of course, scissors *can't* beat rock... |
|
| Back to top |
|
 |
lorenb
Apprentice
Joined: 24 Aug 2002
Posts: 207
Location: Toronto, ON
|
| Posted: Thu Oct 16, 2003 9:23 pm Post subject: |
|
|
You could try this:
| Quote: |
* net-www/junkbuster
Latest version available: 2.0.2
Latest version installed: [ Not Installed ]
Size of downloaded files: 228 kB
Homepage: http://internet.junkbuster.com
Description: Filtering HTTP proxy
|
|
|
| Back to top |
|
|
slartibartfasz
Veteran
Joined: 29 Oct 2002
Posts: 1462
Location: Vienna, Austria
|
| Posted: Fri Oct 17, 2003 6:27 am Post subject: |
|
|
there are also possibilities to do that with squid
_________________
To an engineer the glass is neither half full, nor half empty - it is just twice as big as it needs to be. |
|
| Back to top |
|
|
funkmankey
Guru
Joined: 06 Mar 2003
Posts: 304
Location: CH
|
| Posted: Fri Oct 17, 2003 6:48 am Post subject: |
|
|
append to /etc/hosts :
http://www.accs-net.com/hosts/get_hosts.html
of course you still have to do it on each machine, but at least there's no additional software required.
or, it would be pretty easy to convert into iptables rules...
e.g.
| Code: | $IPTABLES -N blacklistdrop
$IPTABLES -A blacklistdrop -j LOG --log-prefix="Blacklist DROP:"
$IPTABLES -A blacklistdrop -j DROP
# create the blacklist chain from /etc/blacklist
$IPTABLES -N blacklist
for subnet in `cat /etc/blacklist | awk '{print $2}'`;
do
$IPTABLES -A blacklist -s $subnet -j blacklistdrop
done
...
$IPTABLES -A OUTPUT -j blacklist
|
or, turn your firewall machine into a local caching DNS (I recommend djbdns ^_^) and add the bogus entries for all of those ad domains.
_________________
I've got the brain, I'm insane, you can't stop the power |
|
| Back to top |
|
|
|
Networking & Security
