[ previous ] [ next ] [ threads ]
 
 From:  Don Munyak <don dot munyak at gmail dot com>
 To:  ryan <ryanag at zoominternet dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Host list feature request
 Date:  Mon, 4 Apr 2005 13:04:09 -0400
ahh... I see. This would be pretty slick.

- Don

On Apr 4, 2005 1:00 PM, ryan <ryanag at zoominternet dot net> wrote:
> The hosts file is a way to map names to IP addresses.
> 
> If I want to block a specific domain, I can map it to 127.0.0.1. My PC checks
> its hosts file *before* looking to the DNS server for mappings. Perhaps I
> would want to block a giant list of spyware / ad farms.... google on "hosts
> file" - at least 4 or 5 will come up with hundreds of entries ready for cut
> and paste.
> 
> If I would do the same (and I have with smoothwall/ipcop) on a firewall
> running DNS proxy, I get similar results.
> 
> I could get the same thing in m0n0wall if I were willing to write IP address
> rules blocking WAN traffic to every single "bad IP". Unfortunately, that task
> would take forever, and its not immediately obvious to me what IP addresses a
> spyware host will use (where as a domain name is somewhat static).
> 
> Also, it would be convenient for a small network to be able to see
> printers/file servers by name. Networks to small to run their own DNS servers
> can manually update hosts files on each PC- once you get around 5 or 6 this
> is a pain.
> 
> The advantage of using the m0n0wall as the central point for the hosts file
> mods is so you don't need to update them on all the machines connected to the
> network.
> 
> Short answer to your questions: Both. ;-)
> 
> On Monday 04 April 2005 09:59, Don Munyak wrote:
> > My question is slightly my confusion.
> >
> > Do you want to use host files for blocked websites?
> > or...for LAN clients wanting to go through the firewall ?
> >
> > - don
> >
> > On Apr 4, 2005 11:52 AM, ryan <ryanag at zoominternet dot net> wrote:
> > > > According to me, the directives of the creator of m0n0wall, has been
> > > > clearly stated that m0n0wall, wants to be basically a firewall, and do
> > > > activities base on a Firewall, and not an e-mail server, spamfighter
> > > > etc...
> > >
> > > Making the modifications we discussed (hosts file blocking) does not make
> > > m0n0wall an email server or spamfighter.
> > >
> > > It does give some more access control flexibility, something most
> > > firewalls try to do.
> > >
> > > > What i would advise, is installing redwall-firewall or clarck connect
> > > > of which u can use as a stand-alone server, and have your users using
> > > > transperant proxy,
> > >
> > > Overkill for the requested feature.
> > >
> > > The only things required are:
> > > -Proxy DNS on the firewall (m0n0wall does this already)
> > > -a place to put the modifications and an easy way to edit
> > >
> > > A proxy server is not required for a firewall to implement access control
> > > based on hostname if it acts as a DNS proxy.
> > > cause slower reboots, and if i'm on the right track,
> > >
> > > > think it did cause some extra cpu burden, depending on the size of the
> > > > host file
> > >
> > > Clearly an issue. I've run hosts-file based blocking on ancient machines
> > > with coyote linux and have seen no slowdown. I doubt the performance hit
> > > would be too terrible, although I have no evidence unless we try it. :-D
> > >
> > > On Monday 04 April 2005 08:35, Mr. listman wrote:
> > > > According to me, the directives of the creator of m0n0wall, has been
> > > > clearly stated that m0n0wall, wants to be basically a firewall, and do
> > > > activities base on a Firewall, and not an e-mail server, spamfighter
> > > > etc...
> > > >
> > > > What i would advise, is installing redwall-firewall or clarck connect
> > > > of which u can use as a stand-alone server, and have your users using
> > > > transperant proxy,
> > > > Clearkconnect has all these added features,
> > > > SpamFighter, Popup Blocker, SpyWare blocker, u namer it.
> > > >
> > > > We do would like to have all of these nice tools on one dedicated pc,
> > > > but the creator of m0n0wall, made it clearly the direction of m0n0wall,
> > > > so many other features just won't be added, or maybe u can take a look
> > > > at pfsense..
> > > >
> > > > If u search the threads, u would find a thread on using the host file,
> > > > as somekind  of blocker, but if my memory serves me correct, it took
> > > > some extra time to load, cause slower reboots, and if i'm on the right
> > > > track, i think it did cause some extra cpu burden, depending on the
> > > > size of the host file
> > > >
> > > > over and out
> > > >
> > > > On Monday 04 April 2005 07:35, Curt Maughs wrote:
> > > > >&#160;Would anyone besides myself find this useful?
> > > > >I am trying to add hosts from the blacklisted mailservers and spyware
> > > > > host lists so
> > > > >that I will not have to worry if a user's individual machine is update
> > > > >anymore.
> > > >
> > > > _________________________________________________________________
> > > > Talk with your online friends with MSN Messenger
> > > > http://messenger.msn.nl/
> > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>