Hello, will a beta image be available for the slate7 or Brume2?
They will not participating in testing at the moment. Sorry. Please wait for standard firmware v4.9 (or 5.0).
Hello,
May I know did you want to quick toggle these "default" groups (adult, gambling, and malicious websites) in GUI?
Good suggestion, we will evaluate it.
I installed the beta on my Flint 2 a few hours ago and have reason to believe that the detection logic for CyberGhost isn’t correct.
Traffic through the TP Link RE505X (set up as a repeater) is being categorised as CyberGhost.
HSHAH-HP is the laptop I’m currently using and it’s only a few metres from the Flint 2 so it wouldn’t be connecting via the TP Link device.
Hello,
Thanks for your feedback.
Please check your TP-Link router and the LAN client connected to this router, is the WG/OpenVPN enabled and connected to this VPN provider?
Looks like the data is currently stored in:
/etc/netifyd/traffic_data.db
(can be viewed using DB Browser for SQLite)
@bruce j2zero has raised a good point. Do you have any documentation on data storage, retention, deletion etc? Are these statistics only stored locally or also sent to your servers? Are there any downsides/risks around constantly writing to that .db?
I have nothing configured or enabled under VPN on the Flint 2. The TP Link is simply extending the Flint 2’s WiFi - SSID is the same for both 2.4GHz and 5GHz as well as the same for both Flint 2 and TP Link.
There are no VPNs involved. If there were, it would be NordVPN. Definitely not CyberGhost.
Yes, that's a good question, and I'll clarify it here:
For the current version:
- Data statistics feature, all data is stored locally.
- DPI is detecting on router locally and does not rely on any cloud servers.
If we later update with more functions, and if requires relying on glinet (maybe GoodCloud) cloud servers, we will carefully consider user privacy and provide relevant privacy protection.
2 Likes
A time limit has been set to save for up to eight days in this test version.
I checked my Flint3, yesterday's records took up 1.8MB. I think personal use should not completely occupy the emmc space in current test version.
root@GL-BE9300:~# ls -lh /etc/netifyd/traffic_data.db
-rw-r--r-- 1 root root 1.8M Nov 12 10:25 /etc/netifyd/traffic_data.db
I installed the beta just under 4 hours ago:
root@GL-MT6000:~# ls -l -h /etc/netifyd/traffic_data.db
-rw-r--r-- 1 root root 2.1M Nov 12 03:01 /etc/netifyd/traffic_data.dbHow often does data get saved to /tmp/traffic_data.db and /etc/netifyd/traffic_data.db? Would a graceful restart persist data to /etc/netifyd/traffic_data.db first? What would happen (in terms of data loss/retention) if I was to unplug the router right now?
Traffic statistics are saved to RAM every 15 seconds, and written in flash every hour. Flash will not be written frequently.
The power lose or firmware upgrade with keep settings, the statistics of the before 1h (up to) may be lost.
The graceful restart will not be lost.
1 Like
yes it is
1 Like
A feature to add custom applications to the qos by port range would be nice.
1 Like
Yes, that approach would be better suited. Currently the Content Protection can only be “enabled” with the inclusion of your blocklist which isn't ideal. We should be able to have full control of the Content Protection and be able to use the block apps functions without being forced to have a “family block” running at the same time.
Let's says you change this and make each default list a toggle like you suggested, is there a way we can view the blocked domains in your created lists, see a log? also is there a way we could potentially whitelist a blocked domain like in adguard?
With these new features getting adding to the core of the glient products, will there be a need for adguard home? If we can get the inclusion of blocklists then we pretty much have a similar product.
Also I would like to expand on the Content Protection. If we take the adguard approach, I can create clients and then assign them their own blocklist rules and quick toggle list of apps, I do this for kids devices. Would it be possible to get some way of only applying the rules to certain Mac address / devices therefore not restricting all devices on the router? I know this is more involved with logic etc but it would be something to consider
Can we have an option to purge/clear statistics?
I asked earlier in the thread but I think it got missed.
Does this "port range" refer to interfaces like br-lan, wan1, and wan2? It's not referring to network firewall port, right?
Thanks for your reply.
These lists may be displayed in the form of groups instead of list each APP, domain, or IP, because spread is a huge risk. Like say, originally some people did not know what apps are gambling or adults, but then they will know when they look at list on GUI and use them secretly in other way. This is not good.
So will be displayed only as group, such as malicious website group, gambling group, etc. Individual ticks (block) or allow cannot be customized.
If there are any missing ones (not blocked), you can submit the APP name, domain, or IP to us, will update the DPI signature DB.
We will evaluate it, but ADGuard is still useful. DNS-based filtering will consume less CPU resources and pressure than DPI-based filtering. For example, I think on some travel routers, ADGuard works better.
Good suggestion, kind of like DPI based parental controls, it's worth considering, I'll collect it first.
I haven't ignored it, instead of collected it, thank you for your suggestions!
Is this version will be also available for OpenWRT 24?
Sorry, what do you mean by that?
But not knowing what apps (websites) your gambling group blocks could be a problem.
Currently the content protection lets us toggle each individual app inside the groups, therefore we know exactly what we have blocked.
Your approach puts a blanket on gambling for example, who's to say it doesn't block an innocent arcade game site for example? How would we then allow that to be accessible without having to turn the gambling rule off.
Your blanket rules for gambling are different to the current logic setup. I believe the blanket rules for gambling, adult etc are not really “apps” but more of blocklist approach which is why I suggested that should have some form of whitelisting.
Exactly. Going back to the age appropriate blocks, not every device should be restricted. One reason why pfblocker and pi-hole didn't meet my needs in the past was because every device had the same rules, finding out adguard home could have client based rules was a game changer.
After the future standard version is released, yes, will be.
1 Like