[kwlug-disc] Freedom Box?
Colin K
colin at void11.com
Sun Aug 21 03:11:51 EDT 2011
I like this idea but I'm starting to think that unless a freedombox comes
out sooner than later I may have to go the pfsense route.
On Sun, Aug 21, 2011 at 2:18 AM, unsolicited <unsolicited at swiz.ca> wrote:
> Actually, and I forget for sure ... OpenWRT may be able to call out to
> other facilities/storage for pass/fail. Much like radius. I believe Richard
> gave up on nfs, but had success with samba. I don't recall seeing a
> correlation between file storage for lists, and actual increase in iptable
> memory footprint. Or horsepower.
>
> You could try it, and if it immediately kills OpenWRT performance, turn it
> off. Or run Openwrt on a stick on a box, to try. All I'm thinking of there
> (as opposed to long term pfsense strategy) is it should be close to pick up
> / put down the OpenWRT config files.
>
> Even just running the level1 & bogon lists may have some benefit, instead
> of everything including the kitchen sink.
>
> Colin K wrote, On 08/21/2011 2:00 AM:
>
>> I provide wireless / ethernet network access to several people who do who
>> knows what on my connection I want to plug a filter between my internet
>> and
>> all of us I don't care necessarily what they do thats their business I
>> just
>> don't want to get attention from it. So something like this will be
>> highly
>> anticipated. I was actually looking at the memory footprint of Peerblock
>> on
>> one of my machines... yeah its pretty painful for memory. Its looking
>> more
>> and more like its going to be a pfsense box for me in the mean time.
>>
>> On Sat, Aug 20, 2011 at 7:27 PM, unsolicited <unsolicited at swiz.ca> wrote:
>>
>> Colin K wrote, On 08/20/2011 6:55 PM:
>>>
>>> Archive.org to the rescure?
>>>> Link<http://web.archive.org/****web/20100222030154/http://www.****<http://web.archive.org/**web/20100222030154/http://www.**>
>>>> bluetack.co.uk/forums/index.****php<http://bluetack.co.uk/forums/index.**php>
>>>> <http://web.archive.org/**web/20100222030154/http://www.**
>>>> bluetack.co.uk/forums/index.**php<http://web.archive.org/web/20100222030154/http://www.bluetack.co.uk/forums/index.php>
>>>> >
>>>>
>>>> from JULY 15, 2009 Snapshot
>>>>
>>>> Software packages such as PeerGuardian, PeerBlock(forked from PG),
>>>> Moblock
>>>> (linux variant) these all use the bluetack lists. Afaik unless they pull
>>>> from here http://ipblocklist.com/ im not sure but either way they block
>>>> crap
>>>> tonnes of ip's. Wish I could get a router to filter this stuff right
>>>> now
>>>> not later.
>>>>
>>>> You can. You can do it with the linux router you have right now. (You
>>> just
>>> probably don't want to. Below.)
>>>
>>> Have used PeerGuardian / PeerBlock, for years. Happily so. Installed
>>> iplist
>>> / ipblock in the last couple of days. Seems to be working well. (One
>>> buggette, one user interface issue. One issue left uninvestigated thus
>>> far.)
>>>
>>> All pull from bluetack, which, if I read correctly, is more of a central
>>> point of retrieval, than entirely a source of the lists. I believe they
>>> pull
>>> their lists from iplists, or vice versa, I forget which / get confused.
>>> Upshot - either gets you the other and to the same place.
>>>
>>> The iplist forum (or moblock adjacent references there or somewhere) note
>>> router attempts. The problem being the 16MB of memory consumed by the
>>> lists
>>> - with limited router memory. Although intuitive, today, didn't see any
>>> references to people with usb drives connected to them (the router)
>>> trying.
>>>
>>> You can get at least part of where you're talking in the mean time,
>>> though.
>>> Be it running a web proxy and having it suck in the lists, downloading a
>>> hosts file (dynamic update mechanism undiscovered to date) or loading a
>>> static 'high-level' list into openwrt's iptables.
>>>
>>> Or running iplist everywhere, all sucking up the same lists.
>>>
>>> Not point of traversal, unless your linux box is your gateway, but the
>>> limited hardware power of typical OpenWRT devices seems insurmountable.
>>> I'll
>>> guess pfsense will take advantage of the lists, if you have one in place.
>>>
>>>
>>> ______________________________****_________________
>>> kwlug-disc mailing list
>>> kwlug-disc at kwlug.org
>>> http://kwlug.org/mailman/****listinfo/kwlug-disc_kwlug.org<http://kwlug.org/mailman/**listinfo/kwlug-disc_kwlug.org>
>>> <**http://kwlug.org/mailman/**listinfo/kwlug-disc_kwlug.org<http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org>
>>> >
>>>
>>>
>>
>> ------------------------------**------------------------------**
>> ------------
>>
>>
>> ______________________________**_________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/**listinfo/kwlug-disc_kwlug.org<http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org>
>>
>
> ______________________________**_________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/**listinfo/kwlug-disc_kwlug.org<http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20110821/ed94cf30/attachment.htm>
More information about the kwlug-disc
mailing list