Old 10-11-2009, 10:42 AM   #1
atomicdryad

Junior Member
Join Date: Oct 2009
Posts: 1
Default That router question again
Has anyone managed to successfully use MoBlock, NFBlock, or iplist on the linksys / asus / whatever routers that typically come with 16-32 megs of ram, and run openwrt / tomato / etc? The older threads don't report any successes but I figured I'd ask before I try to port NFblock to optware, which is proving to be a PITA - and may not work due to my WRT54G having to use kernel 2.4.

It seems like it should be doable since ideally the level1 list should fit into 2 megs of ram, (but I'm unfamiliar with peerblocking on linux). What is the typical ram usage for these programs, and how many iptable rules do they typically generate? At work I had to make use of ipsets in blocking a 200k ip botnet ddosing a customer, as his high end servers would hardlock past 2000 or so iptable rules...and neither moblock or nfblock seem to use that.
atomicdryad is offline   Reply With Quote

 
Old 10-13-2009, 03:40 PM   #2
jre

Senior Member
Join Date: Sep 2005
Posts: 588
Default Re: That router question again
Donīt know, havenīt heard anything.

But if you start work: we have started work on "PeerGuardian Linux", based on nfblock, which is now pgld. So all future development on moblock or nfblock will most probably go to pgld instead.

The code is in the git repository of http://sourceforge.net/projects/peerguardian/develop

Get it with
git clone git://peerguardian.git.sourceforge.net/gitroot/peerguardian/peerguardian
__________________
Code:
Please post your logfiles and output of commands wrapped in
[ CODE ] tags. You find them in the advanced editing mode: #
Maintainer of http://moblock-deb.sourceforge.net: MoBlock, mobloquer, blockcontrol and NFBlock Debian packages.
Author of blockcontrol, previously moblock-control.
jre is offline   Reply With Quote

 
Old 10-19-2009, 12:45 PM   #3
Cader

Member
Join Date: May 2008
Country: United States
Posts: 10
Default Re: That router question again
The major problem is the list files.
Level1 is 12MB alone.

I would love to run this on a linksys as well but that is the issue for me - the lists are too big. Same with squidguard - the lists and .db files are too big.

If you have a router with a usb connection that you could put a thumb drive on and get more space to save files then it should work.

Also pgld (the new daemon based on nfblockd) has a much smaller memory usage than moblock.
Cader is offline   Reply With Quote

 
Old 10-20-2009, 03:08 PM   #4
jre

Senior Member
Join Date: Sep 2005
Posts: 588
Default Re: That router question again
It should be somewhere here in the forum: either iplist or nfblock can be compiled in a memory-save mode: there it only reads the IP ranges, but not the corresponding descriptions. This should give a big memory gain.

Further one might save memory by using only one chain, instead of three separate chains for input, output and forward traffic. So that would be place in the chains INPUT, OUTPUT and FORWARD one rule with the target PGL. In that PGL chain you could do the whitelisting and of course place a rule with target NFQUEUE. But I donīt know if the memory savings of this approach are really relevant.
__________________
Code:
Please post your logfiles and output of commands wrapped in
[ CODE ] tags. You find them in the advanced editing mode: #
Maintainer of http://moblock-deb.sourceforge.net: MoBlock, mobloquer, blockcontrol and NFBlock Debian packages.
Author of blockcontrol, previously moblock-control.
jre is offline   Reply With Quote

 
Old 10-30-2009, 02:33 PM   #5
jre

Senior Member
Join Date: Sep 2005
Posts: 588
Default Re: That router question again
update: pgld's Makefile:

Code:
# LOWMEM disables storing of textual range descriptions in RAM.
# Set to yes if you are building a version for embedded devices
# like router or NAS box.

LOWMEM ?= yes
We are currently working on a few feature changes in pgl. After that I will start Debian packaging pgl, where I will offer special lowmem versions. You are very welcome to play with the current code, test it, report it, improve it.
Also, if you do any porting work: send us patches, and if applicable we will implement it directly in the source. This makes life easier for all of us, and we will all profit of this.
__________________
Code:
Please post your logfiles and output of commands wrapped in
[ CODE ] tags. You find them in the advanced editing mode: #
Maintainer of http://moblock-deb.sourceforge.net: MoBlock, mobloquer, blockcontrol and NFBlock Debian packages.
Author of blockcontrol, previously moblock-control.
jre is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 04:25 AM.

Contact Us - Phoenix Labs - Archive - Top

  

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
© Phoenix Labs Staff