From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 95501138CA3 for ; Wed, 4 Mar 2015 20:37:18 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CDADEE09A1; Wed, 4 Mar 2015 20:37:12 +0000 (UTC) Received: from mail-pd0-f169.google.com (mail-pd0-f169.google.com [209.85.192.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A04F4E0978 for ; Wed, 4 Mar 2015 20:37:11 +0000 (UTC) Received: by pdbfl12 with SMTP id fl12so29027636pdb.9 for ; Wed, 04 Mar 2015 12:37:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=user-agent:in-reply-to:references:mime-version :content-transfer-encoding:content-type:subject:from:date:to :message-id; bh=POAIu53xIeObupUVgnFz2qOTgRqTZycyDLdAfqd9Z/0=; b=dSi9Msk4Dj3UbdXBJg4fCp3dUysyNXC9h75vmag3BwUXuj2yDoMf7n6SkaPs9KNrvF b337n6q5DpoheE5tRehofe+aME5BG1vchCTPnieQ9g2EIggCYKYRVbkQDix9w8aQDlUI p3FXPGO1jq2PReXoJzqk/B3KTrtl/k6a8S/923b3sGrADmkIfgMa8Uqi97ASDJ+eN7PE k7ygvddfQOY3t4pPBCtzVuYZ0QZ8+tjxMh1XGZMfUOiRHk64QpUQvv1NxoNU7JnRyYOW 49a/H6ZYFIz6dF+X09gt2X5DgsmWMVl5YORr5MweNpmITxtrA/mseKItJs8fpbJmHo1M 7y4g== X-Received: by 10.69.1.7 with SMTP id bc7mr9462871pbd.121.1425501430736; Wed, 04 Mar 2015 12:37:10 -0800 (PST) Received: from [192.168.1.80] (16.86.70.115.static.exetel.com.au. [115.70.86.16]) by mx.google.com with ESMTPSA id qv9sm4900402pab.27.2015.03.04.12.37.08 (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 04 Mar 2015 12:37:10 -0800 (PST) User-Agent: K-9 Mail for Android In-Reply-To: References: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=UTF-8 Subject: Re: [gentoo-user] new linux router From: Bruce Schultz Date: Thu, 05 Mar 2015 06:37:10 +1000 To: gentoo-user@lists.gentoo.org,James Message-ID: <0C1911BB-D14A-4030-84E9-BD9AB5E33087@gmail.com> X-Archives-Salt: 4721b0cc-9f9a-4d31-8afc-56654c481089 X-Archives-Hash: 5e6bdebdb0904ba066c14e072f961647 On 5 March 2015 1:10:40 AM AEST, James wrote: >Hello, > >It's time to build a new router. Surely, I would just like to >purchase hardware and run a minimized or embedded gentoo on it >along with iptables and a few other packages. But, I got to reading >and well it seems much has changed. Dansguardian is deprecated? >If I add protection above layer 3, what is the best route (pun >intended) >to protect some winblows systems? And I need the ability to dynamically >block some gaming sites (kids playing too many hours of video)..... > >Then I read about NFtables....... [1] >And there is more. So, being a bit busy what would folks recommend >for purchase (I really do not need another project at this time)? >I've used routers with ebtables in the past too. > > >I'd like to be able to download some open source linux to the router >hardware if updates and pathces are not maintained by the vendor? >That way I do not purchase something that is to be abandoned in >a few years by the vendor. > >It's just a small home/office so 3x100Mb E would be fine, but GigE >ports would be better. I'm flexible on the CPU/arch of the hardware, >so all discussion and suggestions are welcome. In an idealized world >I'd pay extra for a gentoo_derivative based router; but all I find >is the WRT, devil_linux and such, nothing really cool and interesting. Maybe this would meet your needs? https://www.ubnt.com/edgemax/edgerouter-lite/ There's also this link if you want to run gentoo, although you lose the networking performance of the original firmware http://wiki.gentoo.org/wiki/MIPS/ERLite-3 > >Anyone used lilblue or pentoo as the basis for a firewalled_router? > >A purchase is what I really want, but some hacking, if absolutely >necessary, would be ok too. Ideas? > >curiously, >James > >[1] http://netfilter.org/projects/nftables/ -- :b