Nikos Vassiliadis wrote:

On Wednesday 12 December 2007 04:06:01 Erich Dollansky wrote:
There's no clean solutions to getting different lookups per-user that
The clen solution is hosts.

But hosts is operating system-wide.

Both ipfw and pf support tables, which is what you
want, large sets or unrelated (addresses|networks).
Both of them support UID matching as a target
(caution: this feature is not mpsafe on FreeBSD-6).
I don't understand how you think any firewall would do this. Firewalls will block based on IP addresses, whereas what I do (pointing numerous ad sites at a local apache vhost) works based on names. I have no clue if the ad sites share IP addresses with anything else, nor do I care; nor do I care if some ad site has 50 different IP addresses because I never resolve the real IP.

To take a random, made up example: = =

Using hosts (or DNS) I can make instead =

or = 101.1.1 ->

but I'm going to spend *forever* before I get all those IP addresses from a round-robin DNS entry to put into some ipfw table, and if any of those addresses also hosts the main site, I end up blocking that too.

I don't see how a firewall is appropriate for this (hosts.allow, likewise). The point of the exercise is to never even contact the ad host.

If I've misunderstood something about your approach, please enlighten me.


_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to