Re: [PLUG] Perspectives on Content Filtering: kernel or userspace?

Casey Bralla via plug on 2 Feb 2022 06:00:26 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Perspectives on Content Filtering: kernel or userspace?

From: Casey Bralla via plug <plug@lists.phillylinux.org>
To: <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Perspectives on Content Filtering: kernel or userspace?
Date: Wed, 2 Feb 2022 09:00:12 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendinblue.com; q=dns/txt; s=mail; bh=JiTeQ3zqHEuhoEhWjcpppuHe8l+kbw81cFbHH+duyCM=; h=from:subject:date:mime-version:content-type:in-reply-to:references:list-unsubscribe:x-csa-complaints:list-unsubscribe-post; b=YQRaNpYiG060jb9m1c5VY2fqD4KwIni+IRBIlP6PNw8eyh4qyuQ/OeFAdKFQxuO/LH43E105S7Da gXe624stmbBrWWLnhcFbIF0h2cvXqRSeqRJHdfmSfMOgFQABvW3j45eGuxKWKnHje75CbEswbyXd w5M+R+EI4+O4vX8o6q8=
Feedback-id: 77.32.148.24:2031218_-1:2031218:Sendinblue
Origin-messageid: <ad46ad93-5c84-7e14-7c96-2637e9f2ea6b@NerdWorld.org>
Reply-to: Casey Bralla <MailList@NerdWorld.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0

I've been using pihole for about a year and I like it for several reasons:

It is universal for my entire network. Pihole is my local DNS server, so very easy to setup and protect EVERYTHING on the network
No changes to the setups for multiple devices (such as android phones, Gentoo custom kernels (my desktop), & Debian stock kernel (my home sever)
It was easy to setup
It gives me good data about how it is working

I think you've already identified the pluses and minus of "in kernel". There may be some performance gains from being in the kernel, but replicating that across multiple devices would be pain in most cases.

On 2/2/22 8:48 AM, Eli Flanagan via plug wrote:

Hi folks,
I've been wondering about approaches to content filtering on GNU/Linux systems.
By content filtering I generally mean blocking TCP packets based on some kind of denylist from a user (DNSBL, pihole, etc).
 
I'm curious about whether you see any major advantages to designs that integrate directly with the kernel. 

I imagine a benefit is performance and reliability. A downside is lack of portability.
Userspace software has the advantage of portability (unbound, dnsmasq).

I feel like this is a topic for discussion since I do not believe in a One Right Answer to the problem.
Cheers,

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Perspectives on Content Filtering: kernel or userspace?
  - From: Eli Flanagan via plug <plug@lists.phillylinux.org>

References:
- [PLUG] Perspectives on Content Filtering: kernel or userspace?
  - From: Eli Flanagan via plug <plug@lists.phillylinux.org>

Prev by Date: [PLUG] Perspectives on Content Filtering: kernel or userspace?
Next by Date: Re: [PLUG] [plug-announce] Wed Feb 2 - PLUG Central - "General Linux Discussion" (7pm EST online)
Previous by thread: [PLUG] Perspectives on Content Filtering: kernel or userspace?
Next by thread: Re: [PLUG] Perspectives on Content Filtering: kernel or userspace?
Index(es):
- Date
- Thread