[kwlug-disc] Freedom Box?
unsolicited at swiz.ca
Sun Aug 21 02:18:33 EDT 2011
Actually, and I forget for sure ... OpenWRT may be able to call out to
other facilities/storage for pass/fail. Much like radius. I believe
Richard gave up on nfs, but had success with samba. I don't recall
seeing a correlation between file storage for lists, and actual
increase in iptable memory footprint. Or horsepower.
You could try it, and if it immediately kills OpenWRT performance,
turn it off. Or run Openwrt on a stick on a box, to try. All I'm
thinking of there (as opposed to long term pfsense strategy) is it
should be close to pick up / put down the OpenWRT config files.
Even just running the level1 & bogon lists may have some benefit,
instead of everything including the kitchen sink.
Colin K wrote, On 08/21/2011 2:00 AM:
> I provide wireless / ethernet network access to several people who do who
> knows what on my connection I want to plug a filter between my internet and
> all of us I don't care necessarily what they do thats their business I just
> don't want to get attention from it. So something like this will be highly
> anticipated. I was actually looking at the memory footprint of Peerblock on
> one of my machines... yeah its pretty painful for memory. Its looking more
> and more like its going to be a pfsense box for me in the mean time.
> On Sat, Aug 20, 2011 at 7:27 PM, unsolicited <unsolicited at swiz.ca> wrote:
>> Colin K wrote, On 08/20/2011 6:55 PM:
>>> Archive.org to the rescure?
>>> from JULY 15, 2009 Snapshot
>>> Software packages such as PeerGuardian, PeerBlock(forked from PG), Moblock
>>> (linux variant) these all use the bluetack lists. Afaik unless they pull
>>> from here http://ipblocklist.com/ im not sure but either way they block
>>> tonnes of ip's. Wish I could get a router to filter this stuff right now
>>> not later.
>> You can. You can do it with the linux router you have right now. (You just
>> probably don't want to. Below.)
>> Have used PeerGuardian / PeerBlock, for years. Happily so. Installed iplist
>> / ipblock in the last couple of days. Seems to be working well. (One
>> buggette, one user interface issue. One issue left uninvestigated thus far.)
>> All pull from bluetack, which, if I read correctly, is more of a central
>> point of retrieval, than entirely a source of the lists. I believe they pull
>> their lists from iplists, or vice versa, I forget which / get confused.
>> Upshot - either gets you the other and to the same place.
>> The iplist forum (or moblock adjacent references there or somewhere) note
>> router attempts. The problem being the 16MB of memory consumed by the lists
>> - with limited router memory. Although intuitive, today, didn't see any
>> references to people with usb drives connected to them (the router) trying.
>> You can get at least part of where you're talking in the mean time, though.
>> Be it running a web proxy and having it suck in the lists, downloading a
>> hosts file (dynamic update mechanism undiscovered to date) or loading a
>> static 'high-level' list into openwrt's iptables.
>> Or running iplist everywhere, all sucking up the same lists.
>> Not point of traversal, unless your linux box is your gateway, but the
>> limited hardware power of typical OpenWRT devices seems insurmountable. I'll
>> guess pfsense will take advantage of the lists, if you have one in place.
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
More information about the kwlug-disc