Community discussions

 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1192
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Blacklist Filter (Development Topic)

Wed Jul 11, 2018 3:15 am

Hey guys, I wanted to have this a little more open of a discussion, so I made a new thread.

So I'm starting to plan out the new system and I'm going SQL based. The old system used a boat load of regex, awk, grep, etc. It was pretty dirty, but it worked. The lists generated were stored in a flat file. The new system is going to be way more flexible.

My thoughts are this...
- SQL based realtime list generation
- Subscriber managed private black/white lists (configured per device)
- Subscriber selectable list size (for 32M, 64M, 256M, 512M, 1G+ device)
- Subscriber selectable country blocking (for devices that have enough memory)
Moving to SQL will give this functionality, it will also allow the server to update the blacklists in realtime without blocking downloads. I haven't yet found a way to do non-blocking updates on the client side. (Sorry, no BGP - too complicated to manage, this needs to be fully automated)

So, this is all still only on paper, so if anyone has more ideas, lets hear it.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
msatter
Forum Veteran
Forum Veteran
Posts: 775
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Blacklist Filter (Development Topic)

Wed Jul 11, 2018 10:20 am

I was charmed by your previous implementation of using DNS to determine which version of the list and partial update (add's) should be provided.
RB760iGS (hEX S) with the SFP being cooled.
Running:
RouterOS 6.43RC44 / Winbox 3.16 / MikroTik APP 0.69
Cooling a SFP module: viewtopic.php?f=3&t=132258&p=671105#p671105
 
hhgttg42
just joined
Posts: 5
Joined: Wed Oct 12, 2016 4:48 am

Re: Blacklist Filter (Development Topic)

Wed Jul 11, 2018 4:17 pm

[...]
- SQL based realtime list generation
[...]
How would this translate into update frequency for the clients?
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1192
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Wed Jul 11, 2018 7:41 pm

I do plan on continuing to use DNS for versioning. Ultimate goal will be to have the client send the last update date and time, then request the just the changes from that point.

The effect on the client side would be that the client determines it's own update schedule.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA

Who is online

Users browsing this forum: No registered users and 4 guests