Am 07/16/15 um 02:29 schrieb David Higgs: > On Wed, Jul 15, 2015 at 5:09 PM, Erling Westenvik < > [email protected]> wrote: > >> On Wed, Jul 15, 2015 at 08:25:03PM +0200, Stefan Wollny wrote: >>> Hi misc@! >>> >> [ ... ] >> >> > I use adsuck without issues on my gateway; it hangs off a stable DHCP > uplink so I don't have to monkey with /var/adsuck/resolv.conf after initial > setup. The following lets me blackhole DNS for internal devices without > exposing the service to external hosts. Also, I figured out how to > regularly update the hosts file. > > > [/etc/rc.conf.local] > pkg_scripts="adsuck" > adsuck_flags="-c /var/adsuck -f /files/resolv.conf /files/hosts.small" > > [/etc/pf.conf] > # redirect all DNS from internal networks to adsuck > # note: adsuck does not handle TCP DNS > # note: gateway lookups are unfiltered > match in on $internal_ifs proto udp to port domain rdr-to 127.0.0.1 > > [/etc/weekly.local] > # periodically update blackhole list, needs reformatting > if TMP=`mktemp`; then > HFILE=/var/adsuck/files/hosts.small > trap 'rm -f $TMP; exit 1' 0 1 15 > mv $HFILE $HFILE.out > ftp -Vo $TMP http://winhelp2002.mvps.org/hosts.txt > sed -e 's/^M$//' -e '/::1/d' -e 's/^0.0.0.0/127.0.0.1/' $TMP > > $HFILE > /etc/rc.d/adsuck reload > /dev/null > else > echo "Cannot install adsuck hosts file" > fi > > --david >
Hi David! Thank you for sharing your solution. I think you can omit the "adsuck_flags"-line in /etc/rc.conf.local as the rc.d-script for adsuck has identical parameters for 'daemon_flags'. Basically I used the same script for updating hosts.small though your implementation seems to be more sophisticated - mine is just more complex as I want to keep the entries for my private network (plus some additions/exceptions mvps does not have). Another thing is that I fetch the zip-file as I used adsuck on my laptop and sometimes the connections are slooow - that's why I update manually at irregular intervals. I find it astounding that using the mvps-entries on a regular /etc/hosts-file gives me the same results without any noticeable delay - what is adsuck actually providing if I get the same with one daemon less? Best, STEFAN
