On 15/12/2014 18:47, meino.cra...@gmx.de wrote: > Hi, > > this question is not related to a fully fledged, > big local area network with DMZs and such. > > Even the word "firewall" seems to be a little too > "huge and mighty" in this context to me. > > "The network" consists of a PC, which is connected > to a FritzBox (cable, no Wifi/WLAN), which connects > to the ISP (internet) and (same adress range) to a > embedded system (eth1) > > There are two additional embedded systems, both on > a separate interface (eth over usb: usb0 & usb1). > > I want to block (DROP or REJECT) the access to certain > sites (the "noise" which is produced mostly by sites, > which all exclusively "only want my best": ads, trackers, analysts > and so on...) > > I tried different tools: fwbuilder, which locks up either itsself > or my rulesset...I had to reboot and Shorewall, which definitely > is a great tool....a little too great tool and much more capable > as I am... ;) > > I am sure that the problems are mostly not the problems of the > tools but mine. > > Is there any simple straight forward tool to just block accesses > to certain sites?
to do it network-wide: squid to do it on a per-pc per-browser basis: there's a large variety of firefox plugins to chose from that will block this and allow that. It seems to me this is the better approach as you want to stop your browser chatting with sites who only have your best interest at heart :-) Either way, the list of black and white lists gets very big very quick, so chose your tool carefully. Try a bunch and pick one that makes sense to you, bonus points if it comes with a community-supported blacklist you can drop in, maintained by people whose POV matches your own. You don't want a classic firewall for this; firewalls are mostly built to block based on address and port, this is not how you solve your problem -- Alan McKinnon alan.mckin...@gmail.com