Nikos Vassiliadis wrote:
I don't understand how you think any firewall would do this. Firewalls
will block based on IP addresses, whereas what I do (pointing numerous
ad sites at a local apache vhost) works based on names. I have no clue
if the ad sites share IP addresses with anything else, nor do I care;
nor do I care if some ad site has 50 different IP addresses because I
never resolve the real IP.
On Wednesday 12 December 2007 04:06:01 Erich Dollansky wrote:
There's no clean solutions to getting different lookups per-user that
The clen solution is hosts.
But hosts is operating system-wide.
Both ipfw and pf support tables, which is what you
want, large sets or unrelated (addresses|networks).
Both of them support UID matching as a target
(caution: this feature is not mpsafe on FreeBSD-6).
To take a random, made up example:
ads.useful.site = 10.1.1.1
www.useful.site = 10.1.1.1
Using hosts (or DNS) I can make ads.useful.site instead = 192.168.1.1
ads.useful.site = 101.1.1 -> 10.1.1.255
but I'm going to spend *forever* before I get all those IP addresses
from a round-robin DNS entry to put into some ipfw table, and if any of
those addresses also hosts the main site, I end up blocking that too.
I don't see how a firewall is appropriate for this (hosts.allow,
likewise). The point of the exercise is to never even contact the ad host.
If I've misunderstood something about your approach, please enlighten me.
email@example.com mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"