[ale] Blocking ad sites with ipchains
Mike Fletcher
fletch at phydeaux.org
Mon Nov 29 12:33:24 EST 1999
>>>>> "Joe" == Joe Knapka <jknapka at charter.net> writes:
Joe> You would need a rule per site you want to block. In the
Joe> output chain, you want to block connections to port 80 of the
Joe> site, so:
Joe> ipchains -I output -d ad.monger.com 80 -p tcp -y -j REJECT
Joe> should do the trick. Maybe DENY, instead of REJECT, if your
Joe> browser puts up annoying dialogs when a connection is
Joe> refused. That might have bad side effects though.
For performance and maintainability reasons, you'd probably
want to shove those off into a separate chain and just have a jump to
that chain for tcp traffic to port 80 (the default action of the chain
being ACCEPT). Of course I'm not exactly sure what the performance
tradeoffs would be in the output chain vs. a secondary chain so take
that with a grain of salt (pointers to benchmark data one way or the
other would be most welcome; I'm curious :).
Another posibility is to run squid and one of the many
ad-blocking add-ons for it. I use one I found at:
http://www.zip.com.au/~cs/adzap/index.html
There are many others (just check freshmeat.net).
--
Fletch | "If you find my answers frightening, __`'/|
fletch at phydeaux.org | Vincent, you should cease askin' \ o.O'
678 443-6239(w) | scary questions." -- Jules =(___)=
| U
More information about the Ale
mailing list