Restrictions - Hardly Working

[WizardTPG]

Hi Guys

I have been using Gargoyle for quite some time and am using the latest ispy build on an Linksys WRT1900AC v1.

I have found that the restrictions system in Gargoyle seems to be problematic at best.
Its great for total blocking of an ip range at certain times but anything more complex than that and it either does not block anything or it blocks too much.
More of a critical issue is it is very easy to enter settings into this area that will cause the router to freeze and cause an endless cycle of error-freeze-reboot.

Let me give a simple example.
Today I wanted to give a certain ip range ONLY access to port 80. That should be a simple thing to achieve but I was unable to do so. Configs I tried included:
- Setting a restriction to block all except remote port 80 - didnt work
- Setting a restriction to block all and a whitelist entry to allow only port 80 - didnt work.

Another two examples I wanted to try was to block http(video) protocol and even to block a domain containing the word "youtube"

I couldnt get any of these to work.

Anyone have any ideas?

[Lantis]

Do not attempt to block protocols. It is broken and is a guaranteed reboot loop.
You are going to struggle to block by URL containing due to SSL.

I'm working on the first issue.

[tapper]

Hi WizardTPG Hows things mate?

For 1 layer 7 rools are broke and it's a really complicated fix.
Btw the best builds for wrtxx routers are here: http://lantisproject.com/gargoyle_mvebu/newgui/

btw thanks to you I have bin learning to build openwrt/gargoyle and did my first pr on github the other day. I helped to bump the kernel to the latest 3.18.43

[WizardTPG]

Tapper

That is awesome mate.
So glad that router is treating you well.
How hot does that beast get though?

What about blocking and allowing by ports?
Or is that all part of the same thing?

Another sub-question that I havnt been able to find documentation on.
Are we able to enter multiple ports in the restrictions and if so, what is the format for this? eg. 80,443,25,110

Ill install the latest Lantis build today from that link.

ps. If there is any testing you guys want me to do in this regard I am happy to help. Im not too familiar with python but can handle myself with most programming languages

[tapper]

Tapper

That is awesome mate.
So glad that router is treating you well.
How hot does that beast get though?

What about blocking and allowing by ports?
Or is that all part of the same thing?

Another sub-question that I havnt been able to find documentation on.
Are we able to enter multiple ports in the restrictions and if so, what is the format for this? eg. 80,443,25,110

Ill install the latest Lantis build today from that link.

ps. If there is any testing you guys want me to do in this regard I am happy to help. Im not too familiar with python but can handle myself with most programming languages

Hi mate yeah it runs a bit hot but. due to the colder weather here in the UK CPU stays around 75 76 for me. Good thing is when it gets really cold over here i can warm my hands when i am at my desk.

To tell the truth I use OpenDNS for my blocking apart from turning all internet off at night so the kids get up for school in the morning.

I am going to have to defer q2 over to Lantis.
As I don't have much knowledge of that part of gargoyle. sorry

[WizardTPG]

The reason I want to block all ports except for a few is that my kids have set times when they are supposed to be doing homework and gaming is not allowed.
But, they do need web access for researching assignments and such so I cant block access completely.

So I figure, If I could allow only port 80 then they can web browse to their hearts content but online gaming would essentially be not possible.
(Would also be awesome to block streaming vid in this same rule)