[ previous ] [ next ] [ threads ]
 
 From:  ryan <ryanag at zoominternet dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Cc:  "Mr. listman" <savethelist at hotmail dot com>
 Subject:  Re: [m0n0wall] Host list feature request
 Date:  Mon, 4 Apr 2005 10:52:46 -0500
> According to me, the directives of the creator of m0n0wall, has been
> clearly stated that m0n0wall, wants to be basically a firewall, and do
> activities base on a Firewall, and not an e-mail server, spamfighter etc...

Making the modifications we discussed (hosts file blocking) does not make 
m0n0wall an email server or spamfighter.

It does give some more access control flexibility, something most firewalls 
try to do.


> What i would advise, is installing redwall-firewall or clarck connect of
> which u can use as a stand-alone server, and have your users using
> transperant proxy,

Overkill for the requested feature. 

The only things required are:
-Proxy DNS on the firewall (m0n0wall does this already)
-a place to put the modifications and an easy way to edit

A proxy server is not required for a firewall to implement access control 
based on hostname if it acts as a DNS proxy.
cause slower reboots, and if i'm on the right track, 

> think it did cause some extra cpu burden, depending on the size of the host
> file

Clearly an issue. I've run hosts-file based blocking on ancient machines with 
coyote linux and have seen no slowdown. I doubt the performance hit would be 
too terrible, although I have no evidence unless we try it. :-D

On Monday 04 April 2005 08:35, Mr. listman wrote:
> According to me, the directives of the creator of m0n0wall, has been
> clearly stated that m0n0wall, wants to be basically a firewall, and do
> activities base on a Firewall, and not an e-mail server, spamfighter etc...
>
> What i would advise, is installing redwall-firewall or clarck connect of
> which u can use as a stand-alone server, and have your users using
> transperant proxy,
> Clearkconnect has all these added features,
> SpamFighter, Popup Blocker, SpyWare blocker, u namer it.
>
> We do would like to have all of these nice tools on one dedicated pc, but
> the creator of m0n0wall, made it clearly the direction of m0n0wall, so many
> other features just won't be added, or maybe u can take a look at pfsense..
>
> If u search the threads, u would find a thread on using the host file, as
> somekind  of blocker, but if my memory serves me correct, it took some
> extra time to load, cause slower reboots, and if i'm on the right track, i
> think it did cause some extra cpu burden, depending on the size of the host
> file
>
> over and out
>
> On Monday 04 April 2005 07:35, Curt Maughs wrote:
> >&#160;Would anyone besides myself find this useful?
> >I am trying to add hosts from the blacklisted mailservers and spyware host
> >lists so
> >that I will not have to worry if a user's individual machine is update
> >anymore.
>
> _________________________________________________________________
> Talk with your online friends with MSN Messenger http://messenger.msn.nl/
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch