Forums
| BadPhorm - When good ISPs go bad! :: Forums :: Privacy in an Electronic Age :: Privacy & Encryption |
|
<< Previous thread | Next thread >> |
| Tracking blocklist for Firestarter | ||
| Go to page >> | |
|
Moderators: Jim Murray, narcosis, felixcatuk, Sammy, revrob
|
| Author | Post | ||
| PingusPeriratus |
| ||
 Registered Member #657 Joined: Fri May 01 2009, 06:32PMPosts: 1226 | This list is based on Lardycake's list as used with his blocking script. The only thing I've done to it is add some more ip's that werent on the original list and then add a comma to the end of each line so that the ip's show up in the policy window of Firestarter. To use , Download deny-to.zip extract the file 'deny-to' and as 'root' place it in the folder /etc/Firestarter/outbound to replace the 'deny-to' file already in there. These are instructions for debian based distro's but if you know where Firestarter folder is located on your system it should be ok. http://www.pingus-periratus.webspace.virginmedia.com/deny-to.zip [ Edited Mon Dec 12 2011, 01:20AM ] | ||
| Back to top | | ||
| PingusPeriratus |
| ||
| Registered Member #657 Joined: Fri May 01 2009, 06:32PMPosts: 1226 | Sorry Guys and Gals, found a couple of syntax errors in the zip file I uploaded. Have replaced the file and checked it again on my own system. Seems to be ok now. apologies to all. If you are getting an error about not being able to find the system log on startup of Firestarter here's a link to the solution. | ||
| Back to top | | ||
| Gordon |
| ||
 Registered Member #287 Joined: Thu Apr 03 2008, 09:06PMPosts: 445 | Thanks - I hadn't actually done anything with the first one yet, been busy with other things so I'd just downloaded it to deal with later, so no harm done. I'll bin it, save the replacement and give it a bash at the weekend probably. | ||
| Back to top | | ||
| Gordon |
| ||
| Registered Member #287 Joined: Thu Apr 03 2008, 09:06PMPosts: 445 | ...but instead of leaving it until the weekend, I did it this afternoon, because I wanted to look at something before (possibly) tinkering with someone else's machine at the weekend. Now, as far as my main PC is concerned - absolutely fine, all as advertised, no refund application being submitted. ;) However... The main PC has a 2.66Ghz Pentum and 1GB memory - fairly respectable. To get a more realistic simulation of what might happen on a lower spec machine (because I'd noticed that even on mine it slowed down the initial start-up slightly) I did the same on the spare PC, which previously just had Firestarter, not the blocking script. This machine has a 1Ghz Pentium 3 and only 512MB memory. It took forever and a day to load. On rebooting a few times to actually time how long "forever and a day" was, and see if it was consistent - four and a half minutes *if* nothing got upset. Sometimes, Firestarter got fed up with waiting and tried to start itself up before iptables had finished doing its work - the result was a naff message telling me that my kernel didn't support iptables, Firestarter then had to be started manually, and it then took *another* three and a half minutes for Firestarter to load it all into itself. Somehow, I think this may not be acceptable to my lady friend and her computer, "Noah", with a 500Mhz Celeron and only 384MB memory! Any bright ideas as to how one can (if it's even possible) somehow tell the thing to save the set-up as a permanent part of things so that it doesn't need to reload every time the PC is started up or rebooted would be most welcome! | ||
| Back to top | | ||
| lardycake |
| ||
 Registered Member #141 Joined: Sun Mar 09 2008, 06:17PMPosts: 183 | If the old machine has a bios that will support S1 or S3 standby, I guess you could set it up to suspend or hibernate. | ||
| Back to top | | ||
| Gordon |
| ||
| Registered Member #287 Joined: Thu Apr 03 2008, 09:06PMPosts: 445 | Hmmm... that might work on my spare one if I enabled all the "Power Mangagement" stuff that is currently disabled and threw in the various packages that would make it work - I haven't actually investigated the situation in the BIOS as yet (because it's not really my spare one that I'm concerned about), but I seem to remember seeing a few relevant bits last time I prodded around in it. It wouldn't do for Noah's keeper though - she's the sort who only puts the PC on for a couple of hours in the evening, and won't leave *anything* switched on permanently, the whole lot gets the plug pulled on it when she goes to bed, she won't even waste a bit of electricity leaving the router switched on to avoid BT thinking there's a line problem and dropping her speed a bit, let alone the PC. Actually, thinking about it, the same thing would apply to my spare one even - it gets used about once a fortnight (because my A3 scanner won't run on any modern OS - the spare one has a small W98SE partition which does the job) and I wouldn't leave it on standby the rest of the time, "off" means "off" for that one. Nice idea, thanks, it would probably do the job for most people, but not really practical in the circumstances, unfortunately. | ||
| Back to top | | ||
| lardycake |
| ||
| Registered Member #141 Joined: Sun Mar 09 2008, 06:17PMPosts: 183 | Okay, my next suggestion (I'm not sure I have any more after this!): instead of letting the system start iptables & firestarter, start a "boot_hook" script from /etc/rc.local which will start iptables at a very low priority (it will obviously take longer to load but may allow the rest of the system to be useable) and then when iptables is running the script would start firestarter. Requires a fair bit of linux know how and may not solve your problem. I've just thought of another possibility: depending on the router, it may be possible to setup firewall rules to block the same IPs. Even if possible this would I expect be time consuming to setup. | ||
| Back to top | | ||
| Gordon |
| ||
| Registered Member #287 Joined: Thu Apr 03 2008, 09:06PMPosts: 445 | "Requires a fair bit of linux know how..." Pass! I will investigate that idea over the next few weeks though, see if I can find any instructions that I can understand. The router here is a pretty basic Zyxel P-660R-D1, and hers is an older model of roughly the same thing (P-660R-C from memory), both freebies from ISP, pretty reliable but very simple, not an awful lot in the way of options. I don't see anything in mine that allows me to do the job, so I'd assume the same applies to hers. Shame, because the fact that it might be time-consuming to set up wouldn't bother me in the slightest, I'd go for that idea if it could be done. I'm quite happy to play around with things for hours - and quite often do when I've fouled something up, which isn't exactly unusual, it's not unknown for me to find that I've seriously goofed, the darned thing doesn't want to know at all, and I have to use the spare one to get online and find the solution! | ||
| Back to top | | ||
| lardycake |
| ||
| Registered Member #141 Joined: Sun Mar 09 2008, 06:17PMPosts: 183 | Hi Gordon, Just a thought on the router front - often routers will have a CLI accessible thru telnet that will allow you to do more than the web interface. | ||
| Back to top | | ||
| Gordon |
| ||
| Registered Member #287 Joined: Thu Apr 03 2008, 09:06PMPosts: 445 | Mmmm... good thinking - yes, there is indeed a command-line thingy that you can telnet into, I used it in the dim and distant past for some reason (can't remember why!), and on prodding it now, I reckon it might be worth further investigation. There is a *lot* in it that I don't understand in the least, and the user manual for this thing is decidedly naff in this respect, in that (a) it evidently refers to a different version, their stuff about a menu with numbers doesn't match what I'm seeing at all and (b) it basically just tells you how to get into it, which I already knew, doesn't actually tell you anything about which commands should be used to perform a certain action. It's worth further investigation though. | ||
| Back to top | | ||
| Go to page >> | |
Powered by e107 Forum System