[kwlug-disc] Freedom Box?

Colin K colin at void11.com
Sun Aug 21 03:11:51 EDT 2011


I like this idea but I'm starting to think that unless a freedombox comes
out sooner than later I may have to go the pfsense route.

On Sun, Aug 21, 2011 at 2:18 AM, unsolicited <unsolicited at swiz.ca> wrote:

> Actually, and I forget for sure ... OpenWRT may be able to call out to
>  other facilities/storage for pass/fail. Much like radius. I believe Richard
> gave up on nfs, but had success with samba. I don't recall seeing a
> correlation between file storage for lists, and actual increase in iptable
> memory footprint. Or horsepower.
>
> You could try it, and if it immediately kills OpenWRT performance, turn it
> off. Or run Openwrt on a stick on a box, to try. All I'm thinking of there
> (as opposed to long term pfsense strategy) is it should be close to pick up
> / put down the OpenWRT config files.
>
> Even just running the level1 & bogon lists may have some benefit, instead
> of everything including the kitchen sink.
>
> Colin K wrote, On 08/21/2011 2:00 AM:
>
>> I provide wireless / ethernet network  access to several people who do who
>> knows what on my connection I want to plug a filter between my internet
>> and
>> all of us I don't care necessarily what they do thats their business I
>> just
>> don't want to get attention from it.  So something like this will be
>> highly
>> anticipated.  I was actually looking at the memory footprint of Peerblock
>> on
>> one of my machines... yeah its pretty painful for memory.  Its looking
>> more
>> and more like its going to be a pfsense box for me in the mean time.
>>
>> On Sat, Aug 20, 2011 at 7:27 PM, unsolicited <unsolicited at swiz.ca> wrote:
>>
>>  Colin K wrote, On 08/20/2011 6:55 PM:
>>>
>>>  Archive.org to the rescure?
>>>> Link<http://web.archive.org/****web/20100222030154/http://www.****<http://web.archive.org/**web/20100222030154/http://www.**>
>>>> bluetack.co.uk/forums/index.****php<http://bluetack.co.uk/forums/index.**php>
>>>> <http://web.archive.org/**web/20100222030154/http://www.**
>>>> bluetack.co.uk/forums/index.**php<http://web.archive.org/web/20100222030154/http://www.bluetack.co.uk/forums/index.php>
>>>> >
>>>>
>>>>  from JULY 15, 2009 Snapshot
>>>>
>>>> Software packages such as PeerGuardian, PeerBlock(forked from PG),
>>>> Moblock
>>>> (linux variant) these all use the bluetack lists. Afaik unless they pull
>>>> from here http://ipblocklist.com/ im not sure but either way they block
>>>> crap
>>>> tonnes of ip's.  Wish I could get a router to filter this stuff right
>>>> now
>>>> not later.
>>>>
>>>>  You can. You can do it with the linux router you have right now. (You
>>> just
>>> probably don't want to. Below.)
>>>
>>> Have used PeerGuardian / PeerBlock, for years. Happily so. Installed
>>> iplist
>>> / ipblock in the last couple of days. Seems to be working well. (One
>>> buggette, one user interface issue. One issue left uninvestigated thus
>>> far.)
>>>
>>> All pull from bluetack, which, if I read correctly, is more of a central
>>> point of retrieval, than entirely a source of the lists. I believe they
>>> pull
>>> their lists from iplists, or vice versa, I forget which / get confused.
>>> Upshot - either gets you the other and to the same place.
>>>
>>> The iplist forum (or moblock adjacent references there or somewhere) note
>>> router attempts. The problem being the 16MB of memory consumed by the
>>> lists
>>> - with limited router memory. Although intuitive, today, didn't see any
>>> references to people with usb drives connected to them (the router)
>>> trying.
>>>
>>> You can get at least part of where you're talking in the mean time,
>>> though.
>>> Be it running a web proxy and having it suck in the lists, downloading a
>>> hosts file (dynamic update mechanism undiscovered to date) or loading a
>>> static 'high-level' list into openwrt's iptables.
>>>
>>> Or running iplist everywhere, all sucking up the same lists.
>>>
>>> Not point of traversal, unless your linux box is your gateway, but the
>>> limited hardware power of typical OpenWRT devices seems insurmountable.
>>> I'll
>>> guess pfsense will take advantage of the lists, if you have one in place.
>>>
>>>
>>> ______________________________****_________________
>>> kwlug-disc mailing list
>>> kwlug-disc at kwlug.org
>>> http://kwlug.org/mailman/****listinfo/kwlug-disc_kwlug.org<http://kwlug.org/mailman/**listinfo/kwlug-disc_kwlug.org>
>>> <**http://kwlug.org/mailman/**listinfo/kwlug-disc_kwlug.org<http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org>
>>> >
>>>
>>>
>>
>> ------------------------------**------------------------------**
>> ------------
>>
>>
>> ______________________________**_________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/**listinfo/kwlug-disc_kwlug.org<http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org>
>>
>
> ______________________________**_________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/**listinfo/kwlug-disc_kwlug.org<http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20110821/ed94cf30/attachment.htm>


More information about the kwlug-disc mailing list