Discussion in 'Tomato Firmware' started by MartinTupper, Nov 16, 2007.
Is there a way set up Tomato to block certain News Groups (e.g. adult and/or binaries groups)
Nope, you can block the nntp protocol entirely but since all newsgroups are found on the same particular server the router cannot differentiate whether the user is listing one group or another.
Maybe some nntp clients have that ability though.
Oh well. Thanks for the answer.
You are 100% wrong, such rudimentary blocking is called ACCESS RESTRICTIONS. It is available in MOST 3rd part firmwares and I use it to block ads and certain sites. Not as pretty as AdBlock Plus but EVERY single computer on my network is kept from getting ads, cookies, popups, etc. without additional software. You can filter almost anything AND everything.
Currently my needs has exceeded those offered by tomato alone, I use a small form factor computer w/ some nics as router and tomato as a wireless access point. It is a VPN, asterisk, ad blocker, firewall, router, load balancer/failover, webserver, file server, etc. It is fan less with 1ghz cpu/512MB memory (soon 1GB). It can handle thousands of connections without crashing. If I need more ports, I may simply add a giga switch.
Please read the tomato faq 1st before giving new users false/incorrect information! Jon's excellent software can perform miracles.
By the way, you can also do white list blocking. I mean only sites/newsgroups on your list is accessible, everything else is not accessible (unless a white listed site can proxy you to other sites). Very good if you've got kids. Simply do a search on Google. Remember, in terms of computers, nothing reasonable is impossible.
Access Restrictions is nicely explained with examples in the Tomato faq.
although i haven't tried it, i doubt access restrictions will do anything to the newsgroup protocol.
in the unlikely event that it triggers the restrictions, its more likely the whole nntp server will be blocked rather than a single newsgroup, since newsgroup clients essentially reuse the same connection.
Also, since nntp is not http traffic, the router might not be able to differentiate and identify keywords in the first place. as for adblocking, cookies and stuff, all these fall under http traffic and should thus be blockable
Yeah, I'm with azeari. I also haven't tried it, but I don't think you will be successful selectively blocking newsgroups either.
You have boldly pointed out that I'm wrong, but yet you fail to provide specific steps needed in order to fullfil the blocking of specific newsgroups. Also, I believe youv'e mistaken the term "newsgroup" for a "website" or a "forum".
Firewall Builder Policies... It's quite complicated, but the gui interface should simplify things. Firestarter may also work.
As stated earlier, I use a pc myself to perform deep packet filtering, restrictions, etc, etc.. because the router is no longer fast enough for me.
Ummm. You realize he's trying to do this in Tomato... That you are doing it with a PC isn't really relevant. To my knowledge, Tomato doesn't have "Firestarter", and doesn't have any GUI config for "Firewall Builder Policies", whatever, exactly, that means. I'm not particularly interested in doing this kind of filtering, so I'm not going to bother Googling it, but I suspect, these aren't available with the stock Tomato firmware, and may not even be possible with scripting.
Unfortunately, your response does not help the majority of people reading this forum. If this IS possible with Tomato, without recompiling a custom version, then, please, enlighten us with more detail.
What the OP probably needs is an nttp proxy service. Access restrictions can block users from accessing particular news servers, but can't filter newsgroups.
Please demonstrate your assertions, to wit: Tomato can block access to specific newsgroups on an nntp server.
Tomato would require more effort to maintain the extensive list of blocked newsgroups. CEQURUX and others already make products for such a tasks based on similar principles of ACCESS RESTRICTIONS. Not worth my valuable time. They are MUCH easier to maintain.
So in other words, when you wrote
you weren't referring to Tomato or any other 3rd party firmware for this class of router.
Which means that when you disagreed with the posting that Tomato cannot block individual newsgroups, it was you that was "100% wrong".
Thank you for your contribution. Perhaps your "valuable time" would be better spent posting in a forum on subjects with which you have some familiarity.
My assumption is szfong let his mouth (& attitude) get the better of him. Dollars to donuts he thought newsgroups were some sorta web-based service, and based his rather rude assertions on that.
However NNTP & Usenet predate the web, and don't operate in any way similarly, and unfortunately when the rest of us doubted him he didn't have the social skills to acknowledge he'd made an ass of himself.
So instead we get a bit of handwaving and assertions it somehow magically works for him, even though he can't actually say how, and then goes on to say he doesn't use Tomato for this anyhow.
So OP, ignore the fella making a fool of himself. No, you can't use Tomato to filter access to specific newsgroups on an NNTP server.
What you can do, as others have also helpfully pointed out, is run a proxy for NNTP set to limit newsgroups, or even run your own local NNTP server getting only specific newsgroups.
No, I had a contract many years ago (2003) to block CERTAIN NEWSGROUPS. This is what I used. And IT IS A SIMPLE FIREWALL. It is simply a set of scripts with a front end. It can be ported to other operating systems easily, such as Linux, but without the GUI front-end. I've actually ported it to Thibor 15c (on a wrt54gs), shortly after Thibor released 15c, for personal use, about June of last year. The scripts/code is copyrighted. You can license them code from Cequrux.
Check the following link:
I guess it is only impossible in the eyes of Maggard!!
Now, have a nice day! haha
Great, you proved that blocking specific newsgroups can be done, I could tell you that by reading the RFC. Let me remind you that we're on a board titled "Tomato Firmware" linking to a commercial product providing a certain service is useless unless that product runs on the same hardware as tomato nor that product is opensource, cequrux firewall does not fall under either of these categories.
In any case blocking of newsgroups on the router can be quite trivially bypassed by using SSL for communication with the newsserver (most providers provide SSL servers), I guess the only 100% proof way of doing it would be to setup your own server that only retrievs a whitelist of groups.
well when u bring SSL into the picture, unless you block all ports except 80, and do stateful packet filtering, you probably can't do much access restrictions at all, since the users can simply tunnel their way out via openvpn on port 443.
and yeah, there are ssl news servers.
anyway before we digress any further and get into a flame war.. lets just put it this way
you can most definitely filter newsgroups, but
1. it can't be done on stock tomato firmware
2. its not totally effective (since SSL newsgroup servers are easily available)