-------- Original Message --------
> 3) Getting Squid to do it on a dedicated machine is faster. I've an XP1700+
> (hell, it was cheaper than a PIII, even second-hand ones) running as a
> "network services" machine for the sort of things that m0n0 doesn't do -
> that's things like a Squid proxy (the cache is extremely helpful if you've
> lots of client machines accessing similar/the same sites), Samba for a WINS
> server, NTPd for clock updates, etc. etc. Updating the list of blocksites is
> a simple matter of replacing the .acl file I've defined for the task with a
> new one, then telling Squid to reload the config. No restarts of anything
> involved. No downtime. And if a user wants to bypass ad-blocking for any
> site, they simply define it as an exception to the proxy server rules.
This is exactly my point of view: running Squid on another *dedicated*
and powerful machine (traffic redirection) is the best solution, from afar.
More, this has already been discussed when some of us asked for squid
integration in m0n0wall. Take a look at the archives...