Are these better than using adblockers and other browser extensions?
Daniel Gonzalez
Why doesn't someone photoshop into JC Denton?
Angel Walker
networking works in 2 ways: Push & pull in order to block an ad, you have to pull the medium from the server then block it. By blacklisting them in DNS, you never 'pull' the medium, thus not only save bandwidth but the ad does not display, ever. This works better in every scenario. That's why pi-hole is so big. You won't need a browser addon at all, if you choose to not use one you'll see an error, maybe 404 error or image did not load error, where the ad should have been. If you want to not see the error, you'll still need an addon. But again, you never used your internet bandwidth to get the ad, so there's that.
Camden Martin
Will having a hosts file with 100k entries slow down by browsing, since each DNS query runs against a list wist 100k entries?
Tyler Rivera
Only if you're browsing through a toaster
Josiah Scott
not only that, but each time you direct to 127.0.0.1, you're using additional processing time due to receiving and discarding your own requests
Brandon Rodriguez
Do you know what a hash map is? It's constant time.
Christian Gutierrez
NetBSD BTFO
Noah Allen
No, it'll speed it up you shouldn't use 127.0.0.1 as only idiots do. you should use 0.0.0.0 which drops the packet if you're looking up hosts it goes to an external DNS and processes it much harder than 127.0.0.1... but 0.0.0.0 just drops the packet.
good stuff i guess you can trivially convert hosts lists into iptables rules with some regex
Juan Wilson
Thanks. I'll try using iptables instead.
Noah James
Just use ublock-o ffs.
William Lee
Mines always senoai
Daniel Johnson
You're a fucking liar, but great bait.
Adam Brooks
thoughts on using dnsmask as a blocker.
Justin Diaz
The only problem with that is iptables has to resolve the domain before adding it to the rules so it will take a little while for longer lists and you'll likely need to update it regularly (cronie should do the trick)
Here's a better script for that #!/bin/bash while read -r host; do if iptables -I INPUT -s "$host" -j DROP 2>/dev/null && iptables -I OUTPUT -d "$host" -j REJECT 2>/dev/null; then echo "Blocking $host" else echo "Unable to resolve $host" fi done <
Andrew Allen
Hosts file blocks hosts, not domains. Use dnsmasq instead.
PS. can't post example Error: Our system thinks your post is spam. Please reformat and try again.
I suggest adding 4hcannel as well.
Cooper Bailey
>ctrl+f >no energized protection energized.pro/blu energized.pro/ultimate Retarded answer, just redirect to 0.0.0.0 instead and all your problems are gone. hosts files are easier to maintain than iptables rules.
This resolved the blu list in less than a minute. After that just grep all ip's, sort -u, and add to iptables. Much better option than relying on a hosts file, as you really shouldn't be using a hosts file as a firewall when a perfectly good one exists.
Jonathan Mitchell
>I have no idea what I'm talking about Why go through the trouble of resolving a malware domain (ads are malware and should be treated as such) and only denying a connection to the IP afterwards if you could have an instant(!) DNS query pointing to a bogus address, ending the connection process much sooner? What if the address record changes? A firewall is not suited for adblocking. A hosts file is not a firewall.
Wyatt Anderson
>in order to block an ad, you have to pull the medium from the server then block it. Wrong, not how adblock works.
Ian Sanders
use 0x0.st
Christian Jones
No point. Most ad "hosts" are in a unique domain. You can use dnsmasq for addn_hosts though so you can use a dedicated adblocking hosts file along a normal one.
Lucas Green
See It's by no means instant. The sorted and resolved blu list is only 60k lines from the initial 200k. Do that with some ipset rules and it'll be even quicker when adding to iptables. It's faster, and more secure.
>What if the address record changes? >What are cron jobs
>A firewall is not suited for adblocking Correct, it's suited for blocking known malicious IP addresses though.
