Date: Wed, 12 Dec 2007 12:31:08 +0000 From: Alex Zbyslaw <xfb52@dial.pipex.com> To: "Heiko Wundram (Beenic)" <wundram@beenic.net> Cc: freebsd-questions@freebsd.org, Nikos Vassiliadis <nvass@teledomenet.gr> Subject: Re: performance impact of large /etc/hosts files Message-ID: <475FD48C.7090508@dial.pipex.com> In-Reply-To: <200712121310.01617.wundram@beenic.net> References: <475E0190.7030909@pacific.net.sg> <200712120920.46626.nvass@teledomenet.gr> <475FCD8A.5090903@dial.pipex.com> <200712121310.01617.wundram@beenic.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Heiko Wundram (Beenic) wrote: >Am Mittwoch, 12. Dezember 2007 13:01:14 schrieb Alex Zbyslaw: > > >><snip explanation> >>I don't see how a firewall is appropriate for this (hosts.allow, >>likewise). The point of the exercise is to never even contact the ad host. >> >> > >Transparent proxy with squid on the firewall? There's even plugins to manage >exactly this kind of ad-blocking with squid; although I don't currently know >the extension's name. > >This is pretty much going to be your only option to do this in a centralized >fashion. > > > Squid may well be an alternative solution, but it's not, imho, a firewall solution as Nikos was proposing. I have zero experience of squid beyond reading about it, but it has always sounded like a major resource hog. Perhaps just running one plugin to do just this would be OK? The advantage of /etc/hosts is simplicity. For a small home network of BSD machines it's pretty trivial to propagate updates. Not even *that* hard to copy the file to a couple windows machines. Beyond that, the updates could get pretty tedious. For a network-wide, multi-OS solution I would still look at DNS just because it's more lightweight than squid. Which is not to say that someone else shouldn't reach an alternate conclusion :-) Always good to know what the alternatives are! Best, --Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?475FD48C.7090508>