Beta 3 Release Schedule & New Iptables Module
Posted: Wed Oct 08, 2008 7:24 pm
First, I want to announce that I'm going to release Beta 3 of Gargoyle sometime in early November. I'm not going to specify a specific day, since last minute bugs may cause some brief, unexpected delays. However, if you don't see Beta 3 before Thanksgiving, feel free to consider me the worst sort of hypocrite for my criticism of the OpenWrt developers and their (slow) progress on the new version of Kamikaze.
I've mentioned in the forum and to a couple of you by email that I'm waiting until the next OpenWrt Kamikaze release to implement a number of features, as a lot has changed in this release, and I'd rather not implement something I'm going to have to completely re-work after a month. So, while the High Priests of OpenWrt continue to tinker, I've been working on implementing an Access Restriction utility for Gargoyle. This entails writing a scheduler for inserting/removing iptables rules at specified times. While the firewall code has changed significantly in the OpenWrt trunk (and therefore in the upcoming release) netfilter/iptables hasn't changed too much. Therefore a scheduler that interacts directly with iptables in Kamikaze 7.09 should work just as well in the new release which makes it a good project to work on right now.
As part of this new utility I have implemented a new iptables match module, for matching the URLs or recently visited web pages. Unlike other similar modules used by DD-WRT & Tomato this module is compatible with both 2.4 and 2.6 kernels (including those in the openwrt trunk) as well as both iptables versions 1.3.x and 1.4.x. Further this module can use either standard string matching or regular expressions to match URLs.
This will drop all outbound http requests to any URL containing "gargoyle" :
Have fun with the new iptables module while I continue to work on Beta 3.
I've mentioned in the forum and to a couple of you by email that I'm waiting until the next OpenWrt Kamikaze release to implement a number of features, as a lot has changed in this release, and I'd rather not implement something I'm going to have to completely re-work after a month. So, while the High Priests of OpenWrt continue to tinker, I've been working on implementing an Access Restriction utility for Gargoyle. This entails writing a scheduler for inserting/removing iptables rules at specified times. While the firewall code has changed significantly in the OpenWrt trunk (and therefore in the upcoming release) netfilter/iptables hasn't changed too much. Therefore a scheduler that interacts directly with iptables in Kamikaze 7.09 should work just as well in the new release which makes it a good project to work on right now.
As part of this new utility I have implemented a new iptables match module, for matching the URLs or recently visited web pages. Unlike other similar modules used by DD-WRT & Tomato this module is compatible with both 2.4 and 2.6 kernels (including those in the openwrt trunk) as well as both iptables versions 1.3.x and 1.4.x. Further this module can use either standard string matching or regular expressions to match URLs.
This will drop all outbound http requests to any URL containing "gargoyle" :
This will drop all outbound http requests to both gargoyle-router.com and google.com:iptables -I OUTPUT -m weburl --contains "gargoyle" -j DROP
The code for this new module can be found in the SVN and I've updated the packages in the repository to the latest svn revision (r70) so you can access already-built packages. You need both the kernel module package (kmod-ipt-weburl) and the iptables extension package (iptables-mod-weburl) to make this work. Also be sure that the necessary module is loaded (use insmod ipt_weburl to load the kernel module).iptables -I OUTPUT -m weburl --contains_regex "g.*le" -j DROP
Have fun with the new iptables module while I continue to work on Beta 3.