[ previous ] [ next ] [ threads ]
 From:  Graham Dunn <gdunn at inscriber dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Ad Blocking in m0n0wall
 Date:  Wed, 10 Nov 2004 16:25:43 -0500
Frederick Page wrote:
> Hallo Vincent,
> Vincent Fleuranceau schrieb am 09. November 2004:
>>Solution: use a decent Web browser (Firefox for example) and block ads 
>>at the application level, not at the routing level!
> That works, however why should one transfer the junk to the internal
> client and discard it there? Especially users who pay by volume would
> appreciate that.

Blocking at the client doesn't 'transfer the junk'. Your browser makes a 
request to the wrong server for 'the junk' and hence, doesn't ever 
transfer it.

If you're using m0n0 for a small user group, then blocking at the client 
is the best way to do this. If you have a large enough user community 
that traffic becomes expensive, then you should be using squid.

That gets you all the nice regexp / user authentication goodies for free 
without turning your firewall into a bloated monster.

> That would be nice indeed. What about a wildcard scenario? If one
> could specify stuff like
> ad.*
> ads.*
> adserv*
> */realmedia/*
> this would be quite a short list and still catch most junk. Firefox'
> extension "Adblock" works that way.

Think CPU and memory utilization for a m0n0 trying to regexp at wire 
speed. ick.

This problem has already been solved, and it's called squid. If you want 
to turn your firewall into a small business application server, there 
are lots of other packages out there to do it.