[ale] Blocking ad sites with ipchains

Mike Fletcher fletch at phydeaux.org
Mon Nov 29 12:33:24 EST 1999


>>>>> "Joe" == Joe Knapka <jknapka at charter.net> writes:

    Joe> You would need a rule per site you want to block.  In the
    Joe> output chain, you want to block connections to port 80 of the
    Joe> site, so:

    Joe> ipchains -I output -d ad.monger.com 80 -p tcp -y -j REJECT

    Joe> should do the trick. Maybe DENY, instead of REJECT, if your
    Joe> browser puts up annoying dialogs when a connection is
    Joe> refused. That might have bad side effects though.

        For performance and maintainability reasons, you'd probably
want to shove those off into a separate chain and just have a jump to
that chain for tcp traffic to port 80 (the default action of the chain 
being ACCEPT).  Of course I'm not exactly sure what the performance
tradeoffs would be in the output chain vs. a secondary chain so take
that with a grain of salt (pointers to benchmark data one way or the
other would be most welcome; I'm curious :).


        Another posibility is to run squid and one of the many
ad-blocking add-ons for it.  I use one I found at:

http://www.zip.com.au/~cs/adzap/index.html

        There are many others (just check freshmeat.net).

-- 
Fletch                | "If you find my answers frightening,       __`'/|
fletch at phydeaux.org   |  Vincent, you should cease askin'          \ o.O'
678 443-6239(w)       |  scary questions." -- Jules                =(___)=
                      |                                               U






More information about the Ale mailing list