Set Tomato to block certain News Groups?

Discussion in 'Tomato Firmware' started by MartinTupper, Nov 16, 2007.

  1. MartinTupper

    MartinTupper Network Guru Member

    Is there a way set up Tomato to block certain News Groups (e.g. adult and/or binaries groups)
  2. acidmelt

    acidmelt LI Guru Member

    Nope, you can block the nntp protocol entirely but since all newsgroups are found on the same particular server the router cannot differentiate whether the user is listing one group or another.

    Maybe some nntp clients have that ability though.
  3. MartinTupper

    MartinTupper Network Guru Member

    Oh well. Thanks for the answer.
  4. szfong

    szfong Network Guru Member

    You are 100% wrong, such rudimentary blocking is called ACCESS RESTRICTIONS. It is available in MOST 3rd part firmwares and I use it to block ads and certain sites. Not as pretty as AdBlock Plus but EVERY single computer on my network is kept from getting ads, cookies, popups, etc. without additional software. You can filter almost anything AND everything.

    Currently my needs has exceeded those offered by tomato alone, I use a small form factor computer w/ some nics as router and tomato as a wireless access point. It is a VPN, asterisk, ad blocker, firewall, router, load balancer/failover, webserver, file server, etc. It is fan less with 1ghz cpu/512MB memory (soon 1GB). It can handle thousands of connections without crashing. If I need more ports, I may simply add a giga switch.

    Please read the tomato faq 1st before giving new users false/incorrect information! Jon's excellent software can perform miracles.

    By the way, you can also do white list blocking. I mean only sites/newsgroups on your list is accessible, everything else is not accessible (unless a white listed site can proxy you to other sites). Very good if you've got kids. Simply do a search on Google. Remember, in terms of computers, nothing reasonable is impossible.

    Access Restrictions is nicely explained with examples in the Tomato faq.

  5. azeari

    azeari LI Guru Member

    although i haven't tried it, i doubt access restrictions will do anything to the newsgroup protocol.

    in the unlikely event that it triggers the restrictions, its more likely the whole nntp server will be blocked rather than a single newsgroup, since newsgroup clients essentially reuse the same connection.

    Also, since nntp is not http traffic, the router might not be able to differentiate and identify keywords in the first place. as for adblocking, cookies and stuff, all these fall under http traffic and should thus be blockable
  6. mraneri

    mraneri Network Guru Member

    Yeah, I'm with azeari. I also haven't tried it, but I don't think you will be successful selectively blocking newsgroups either.
  7. acidmelt

    acidmelt LI Guru Member

    You have boldly pointed out that I'm wrong, but yet you fail to provide specific steps needed in order to fullfil the blocking of specific newsgroups. Also, I believe youv'e mistaken the term "newsgroup" for a "website" or a "forum".
  8. szfong

    szfong Network Guru Member

    Firewall Builder Policies... It's quite complicated, but the gui interface should simplify things. Firestarter may also work.

    As stated earlier, I use a pc myself to perform deep packet filtering, restrictions, etc, etc.. because the router is no longer fast enough for me.
  9. mraneri

    mraneri Network Guru Member

    Ummm. You realize he's trying to do this in Tomato... That you are doing it with a PC isn't really relevant. To my knowledge, Tomato doesn't have "Firestarter", and doesn't have any GUI config for "Firewall Builder Policies", whatever, exactly, that means. I'm not particularly interested in doing this kind of filtering, so I'm not going to bother Googling it, but I suspect, these aren't available with the stock Tomato firmware, and may not even be possible with scripting.

    Unfortunately, your response does not help the majority of people reading this forum. If this IS possible with Tomato, without recompiling a custom version, then, please, enlighten us with more detail.
  10. FRiC

    FRiC LI Guru Member

    What the OP probably needs is an nttp proxy service. Access restrictions can block users from accessing particular news servers, but can't filter newsgroups.
  11. Maggard

    Maggard LI Guru Member

    Please demonstrate your assertions, to wit: Tomato can block access to specific newsgroups on an nntp server.
  12. szfong

    szfong Network Guru Member

    Tomato would require more effort to maintain the extensive list of blocked newsgroups. CEQURUX and others already make products for such a tasks based on similar principles of ACCESS RESTRICTIONS. Not worth my valuable time. They are MUCH easier to maintain.
  13. RonWessels

    RonWessels Network Guru Member

    So in other words, when you wrote
    you weren't referring to Tomato or any other 3rd party firmware for this class of router.

    Which means that when you disagreed with the posting that Tomato cannot block individual newsgroups, it was you that was "100% wrong".

    Thank you for your contribution. Perhaps your "valuable time" would be better spent posting in a forum on subjects with which you have some familiarity.
  14. Maggard

    Maggard LI Guru Member

    My assumption is szfong let his mouth (& attitude) get the better of him. Dollars to donuts he thought newsgroups were some sorta web-based service, and based his rather rude assertions on that.

    However NNTP & Usenet predate the web, and don't operate in any way similarly, and unfortunately when the rest of us doubted him he didn't have the social skills to acknowledge he'd made an ass of himself.

    So instead we get a bit of handwaving and assertions it somehow magically works for him, even though he can't actually say how, and then goes on to say he doesn't use Tomato for this anyhow.

    So OP, ignore the fella making a fool of himself. No, you can't use Tomato to filter access to specific newsgroups on an NNTP server.

    What you can do, as others have also helpfully pointed out, is run a proxy for NNTP set to limit newsgroups, or even run your own local NNTP server getting only specific newsgroups.
  15. szfong

    szfong Network Guru Member

    No, I had a contract many years ago (2003) to block CERTAIN NEWSGROUPS. This is what I used. And IT IS A SIMPLE FIREWALL. It is simply a set of scripts with a front end. It can be ported to other operating systems easily, such as Linux, but without the GUI front-end. I've actually ported it to Thibor 15c (on a wrt54gs), shortly after Thibor released 15c, for personal use, about June of last year. The scripts/code is copyrighted. You can license them code from Cequrux.

    Check the following link:

    I guess it is only impossible in the eyes of Maggard!!

    Now, have a nice day! haha

  16. acidmelt

    acidmelt LI Guru Member

    Great, you proved that blocking specific newsgroups can be done, I could tell you that by reading the RFC. Let me remind you that we're on a board titled "Tomato Firmware" linking to a commercial product providing a certain service is useless unless that product runs on the same hardware as tomato nor that product is opensource, cequrux firewall does not fall under either of these categories.

    In any case blocking of newsgroups on the router can be quite trivially bypassed by using SSL for communication with the newsserver (most providers provide SSL servers), I guess the only 100% proof way of doing it would be to setup your own server that only retrievs a whitelist of groups.
  17. azeari

    azeari LI Guru Member

    well when u bring SSL into the picture, unless you block all ports except 80, and do stateful packet filtering, you probably can't do much access restrictions at all, since the users can simply tunnel their way out via openvpn on port 443.
    and yeah, there are ssl news servers.

    anyway before we digress any further and get into a flame war.. lets just put it this way

    you can most definitely filter newsgroups, but
    1. it can't be done on stock tomato firmware
    2. its not totally effective (since SSL newsgroup servers are easily available)

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice