[kwlug-disc] Freedom Box?
colin at void11.com
Sun Aug 21 03:11:51 EDT 2011
I like this idea but I'm starting to think that unless a freedombox comes
out sooner than later I may have to go the pfsense route.
On Sun, Aug 21, 2011 at 2:18 AM, unsolicited <unsolicited at swiz.ca> wrote:
> Actually, and I forget for sure ... OpenWRT may be able to call out to
> other facilities/storage for pass/fail. Much like radius. I believe Richard
> gave up on nfs, but had success with samba. I don't recall seeing a
> correlation between file storage for lists, and actual increase in iptable
> memory footprint. Or horsepower.
> You could try it, and if it immediately kills OpenWRT performance, turn it
> off. Or run Openwrt on a stick on a box, to try. All I'm thinking of there
> (as opposed to long term pfsense strategy) is it should be close to pick up
> / put down the OpenWRT config files.
> Even just running the level1 & bogon lists may have some benefit, instead
> of everything including the kitchen sink.
> Colin K wrote, On 08/21/2011 2:00 AM:
>> I provide wireless / ethernet network access to several people who do who
>> knows what on my connection I want to plug a filter between my internet
>> all of us I don't care necessarily what they do thats their business I
>> don't want to get attention from it. So something like this will be
>> anticipated. I was actually looking at the memory footprint of Peerblock
>> one of my machines... yeah its pretty painful for memory. Its looking
>> and more like its going to be a pfsense box for me in the mean time.
>> On Sat, Aug 20, 2011 at 7:27 PM, unsolicited <unsolicited at swiz.ca> wrote:
>> Colin K wrote, On 08/20/2011 6:55 PM:
>>> Archive.org to the rescure?
>>>> from JULY 15, 2009 Snapshot
>>>> Software packages such as PeerGuardian, PeerBlock(forked from PG),
>>>> (linux variant) these all use the bluetack lists. Afaik unless they pull
>>>> from here http://ipblocklist.com/ im not sure but either way they block
>>>> tonnes of ip's. Wish I could get a router to filter this stuff right
>>>> not later.
>>>> You can. You can do it with the linux router you have right now. (You
>>> probably don't want to. Below.)
>>> Have used PeerGuardian / PeerBlock, for years. Happily so. Installed
>>> / ipblock in the last couple of days. Seems to be working well. (One
>>> buggette, one user interface issue. One issue left uninvestigated thus
>>> All pull from bluetack, which, if I read correctly, is more of a central
>>> point of retrieval, than entirely a source of the lists. I believe they
>>> their lists from iplists, or vice versa, I forget which / get confused.
>>> Upshot - either gets you the other and to the same place.
>>> The iplist forum (or moblock adjacent references there or somewhere) note
>>> router attempts. The problem being the 16MB of memory consumed by the
>>> - with limited router memory. Although intuitive, today, didn't see any
>>> references to people with usb drives connected to them (the router)
>>> You can get at least part of where you're talking in the mean time,
>>> Be it running a web proxy and having it suck in the lists, downloading a
>>> hosts file (dynamic update mechanism undiscovered to date) or loading a
>>> static 'high-level' list into openwrt's iptables.
>>> Or running iplist everywhere, all sucking up the same lists.
>>> Not point of traversal, unless your linux box is your gateway, but the
>>> limited hardware power of typical OpenWRT devices seems insurmountable.
>>> guess pfsense will take advantage of the lists, if you have one in place.
>>> kwlug-disc mailing list
>>> kwlug-disc at kwlug.org
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the kwlug-disc