Am Sat, 19 Oct 2013 00:27:38 +0200 schrieb Stefan Wollny <[email protected]>:
> Hi there, > > having a personal dislike of Facebook (and the MeeToo-systems alike) > for their impertinent sniffing for private data [ ... ] Hi there again! First I'd like to thank all who replied - I received way more valuable input than I dared to hope for! A big THANK YOU! As a matter of fact OpenBSD is at its core "only" an Operating System and based on the additionally provided ports and packages it is up to the users -us- what to do with this gift. Thus there are a plentitude of experiences and solutions. I hope that this thread might be useful for others as well as for the core of the problem -blocking facebook.com- good advice was provided. >From what I have learned is that I must have made s.th. wrong when installing adsuck on the laptop as so many others reported that this should be sufficient. I will investigate what I might have done wrong. But from my point of view adsuck seems not to be the way to go for a server that "only" serves as squid-proxy. Or am I wrong here? One suggested way to go might be to set up an additional DNS-Server (what I have considered to do anyway). This should provide ultimate reliability if combined with chflags and securelevel=2. Correct? May I return to my initial question: Taken the situation that there is no other way to protect a network but by means of a single squid-server - what would be the "best" way to do it on _this_ system (OpenBSD, of course!)? Use squid, use PF or what? (Yes - I could change every hosts-file on every system attached to my network. But this is just a 'workaround', not an answer to the question.) The squid-server separates the home-network from the wild having just two clients: Incoming from the internet on one interface and the internal router on the other interface. No "bells and whistles", PF can do it (I know now) and squid should be set up to do it as well (from what I know). The machine has enough power to handle either solution. (Actually as an intermediate solution I use a big Xeon-machine with OpenBSD-amd64, so no dmesg at this point - replacement in two days). For those interested: 'Incoming' is a WLAN-capable router (Fritz!box) that might be opened for guests if they need it. All internal clients are cabled. As the question arose, why I dare to hinder others to contact Facebook via my network (yes - I am legally liable and thus consider this to my _my_ network!): Within our family and friends I have persuaded everyone to distrust the so-called 'social networks' - since the revelations that lately have come up no-one smiles at me any more for being 'paranoid'... (hint: We live in Germany, there is a track record here of what might happen to innocently collected data - an experience, lucky nations have not equally had to make and thus lack solid distrust...!) This much for tonight - Sunday is exclusive for my son :-) Again: Thank you all for taking your time to read on and to those who relied! Regards, STEFAN Mit freundlichen Grüßen, STEFAN WOLLNY Regulatory Reporting Consultancy Tel.: +49 (0) 177 655 7875 Fax.: +49 (0) 3212 655 7875 Mail: [email protected] GnuPG-Key ID: 0x9C26F1D0
