Frederick Page wrote:
> Hallo Vincent,
> 
> Vincent Fleuranceau schrieb am 09. November 2004:
> 
> 
>>Solution: use a decent Web browser (Firefox for example) and block ads 
>>at the application level, not at the routing level!
> 
> 
> That works, however why should one transfer the junk to the internal
> client and discard it there? Especially users who pay by volume would
> appreciate that.

Blocking at the client doesn't 'transfer the junk'. Your browser makes a 
request to the wrong server for 'the junk' and hence, doesn't ever 
transfer it.

If you're using m0n0 for a small user group, then blocking at the client 
is the best way to do this. If you have a large enough user community 
that traffic becomes expensive, then you should be using squid.

That gets you all the nice regexp / user authentication goodies for free 
without turning your firewall into a bloated monster.

> That would be nice indeed. What about a wildcard scenario? If one
> could specify stuff like
> 
> ad.*
> ads.*
> adserv*
> */realmedia/*
> 
> this would be quite a short list and still catch most junk. Firefox'
> extension "Adblock" works that way.

Think CPU and memory utilization for a m0n0 trying to regexp at wire 
speed. ick.

This problem has already been solved, and it's called squid. If you want 
to turn your firewall into a small business application server, there 
are lots of other packages out there to do it.

Graham