This setup is used on a ECM3610 Debian machine serving as a firewall, DHCP server, and DNS server. The following assumes that you have a working installation something like this:

  • eth0 is connected to the local ( network.
  • eth1 is connected to the internet.
  • Shorewall is installed and configured for regular firewall duty.
  • dnsmasq is installed and configured to act as DHCP and DNS server.
  • lighttpd is installed and only exposed on the local network.

Functional description.

This setup allows requests to a list of domains to be redirected to an internal web server. Use this setup to block for instance known tracking servers on the internet.

Somewhere along investigating how to do this I read, in the ArchWiki privoxy page that blocking trackers creates a unique browser signature. I have absolutely no reason to doubt this, but there were some servers that I simply did not want to talk to.

Using dnsmasq to redirect domains.


If your dnsmasq is configured to listen on an interface, reconfigure it to use addresses to make stuff prettier when assigning another IP address to the interface in a little while.


Use files in /etc/dnsmasq.d/ as configuration files. Uncomment or add the following:


Get a list of servers to block, spits out a list formatted for dnsmasq, if you ask it to. The list uses as target, replace it with the address of a local web server if you want to inform the user that something was blocked, in this case.

curl -s '' | sed -r 's/' > /etc/dnsmasq.d/block2local

This could be made into a cron job to update the list from time to time.

Setting up a web server to show an information page.

I have lighttpd serving some pages to the local network, so I add another IP address to eth0, and configure lighttpd to serve this address from another directory.


Add this:

iface eth0 inet static


Add this:

$SERVER["socket"] == "" {
   server.document-root = "/var/www/blocked"

Add something that serves your purpose to the server.document-root directory. Simplest is something like:


<title>Server blocked.</title>
<p>This server is blocked on this network.</p>

My Acer Aspire One D250, kept going into suspend every minute or so, whenever I was not logged in to a window manager. I run Debian testing and had my first real interaction with systemd (except for systemctl).

Turns out there are some settings in /etc/systemd/logind.conf that configures some of the power management features.

#  This file is part of systemd.
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.
# See logind.conf(5) for details


First I asked systemd to ignore everything but the power button, and as I somewhat expected this didn't do the trick. Then I set the IdleActionSec to the actual amount of second (1800), that didn't work either. In the end completely disabling idling, stopped the suspend.


Generated on 2017-10-10 09:11:09.661933