Lately, a lot of Web pages have begun selling ad space "banners." Wasting valuable bandwidth, these banners often hawk products I don't care to hear about. I'd rather not see them, and not have to download their contents.
There are two ways of filtering out these banners. The first is to deny all pictures that are wider than tall and generally towards the top or bottom of the page. The second is to simply block all the accesses to and from the web sites that are the notorious advertisers. This second approach is the one I'm going to take.
When searching around the web, you will see that many of the banners come from the site ad.linkexchange.com. This is the site we will want to ban.
Our first order of business is to set up our firewall. We won't be using it for security, although this doesn't prohibit also using the firewall for security. First, we recompile the kernel, saying "Yes" to CONFIG_FIREWALL. This allows us to use the built in kernel firewalling.
Then, we need to get the IPFWADM utility. You can find it at: http://www.xos.nl/linux/ipfwadm . Untar, compile and install this utility.
Since we are doing no other firewalling, this should be sufficient.
Now, we come to the meat of the maneuver. We need now to block access to our machine from ad.linkexchange.com. First, block out access to the sight, so that our requests don't even make it there. ipfwadm -O -a reject -P tcp -S 0.0.0.0/0 -D ad.linkexchange.com 80
This tells ipfwadm to append a rule to the Output filter. The rule says to reject all packets of protocol TCP from anywhere to ad.linkexchange.com on port 80. If you don't get this, read Chris Kostick's excellent article on IP firewalling at http://www.ssc.com/lj/issue24/1212.html.
The next rule is to keep any stuff from ad.linkexchange.com from coming in. Technically, this shouldn't be necessary. If we haven't requested it, it shouldn't come. But, better safe than sorry. ipfwadm -I -a reject -P tcp -S ad.linkexchange.com 80 -D 0.0.0.0/0
Now, all access to and from ad.linkexchange.com is rejected.
Note: this will only work when web browsing from that machine. To filter for a whole network, do them same but with -F instead of -O and -I.
To test, visit the site http://www.reply.net. They have a banner on top which should either not appear or appear as a broken icon. Either way, no network bandwidth will be wasted downloading the picture, and all requests will be rejected immediately.
Not all banners are so easily dealt with. Many companies, like Netscape, host their own banners. You don't want to block access to Netscape, so this approach won't work. But, you will find a number of different advertisers set up like linkexchange. As you find more, add them to the list of rejected sites.
Good luck, and happy filtering!