1 |
On 15/12/2014 18:47, meino.cramer@×××.de wrote: |
2 |
> Hi, |
3 |
> |
4 |
> this question is not related to a fully fledged, |
5 |
> big local area network with DMZs and such. |
6 |
> |
7 |
> Even the word "firewall" seems to be a little too |
8 |
> "huge and mighty" in this context to me. |
9 |
> |
10 |
> "The network" consists of a PC, which is connected |
11 |
> to a FritzBox (cable, no Wifi/WLAN), which connects |
12 |
> to the ISP (internet) and (same adress range) to a |
13 |
> embedded system (eth1) |
14 |
> |
15 |
> There are two additional embedded systems, both on |
16 |
> a separate interface (eth over usb: usb0 & usb1). |
17 |
> |
18 |
> I want to block (DROP or REJECT) the access to certain |
19 |
> sites (the "noise" which is produced mostly by sites, |
20 |
> which all exclusively "only want my best": ads, trackers, analysts |
21 |
> and so on...) |
22 |
> |
23 |
> I tried different tools: fwbuilder, which locks up either itsself |
24 |
> or my rulesset...I had to reboot and Shorewall, which definitely |
25 |
> is a great tool....a little too great tool and much more capable |
26 |
> as I am... ;) |
27 |
> |
28 |
> I am sure that the problems are mostly not the problems of the |
29 |
> tools but mine. |
30 |
> |
31 |
> Is there any simple straight forward tool to just block accesses |
32 |
> to certain sites? |
33 |
|
34 |
|
35 |
|
36 |
to do it network-wide: squid |
37 |
|
38 |
to do it on a per-pc per-browser basis: there's a large variety of |
39 |
firefox plugins to chose from that will block this and allow that. It |
40 |
seems to me this is the better approach as you want to stop your browser |
41 |
chatting with sites who only have your best interest at heart :-) |
42 |
|
43 |
|
44 |
Either way, the list of black and white lists gets very big very quick, |
45 |
so chose your tool carefully. Try a bunch and pick one that makes sense |
46 |
to you, bonus points if it comes with a community-supported blacklist |
47 |
you can drop in, maintained by people whose POV matches your own. |
48 |
|
49 |
You don't want a classic firewall for this; firewalls are mostly built |
50 |
to block based on address and port, this is not how you solve your problem |
51 |
|
52 |
-- |
53 |
Alan McKinnon |
54 |
alan.mckinnon@×××××.com |