Menu
What's new
By:
Filters Better Search

Aegis Aegis (simple yet effective protection)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

kamoj said:
The trap in net-wan didn't trig...
So now I suspect udhcpc. It's loaded at boot and not easy to debug.
I'll keep debugging going on, and post here if I make any progress.
(Also pppd may get involved, but not in my system).

FYI:
For next addon release:
Just added auto-loading of aegis "private" lists from USB device at start of aegis.
Viva Aegis!!!
Thank you @HELLO_wORLD, for your fantastic aegis!
Click to expand...
Ah udhcpc would make sense, if you have a lease of 5:15h, ½ lease would be your 9450 seconds.
You could easily check that with tcpdump on wan for dhcp frames (udp ports 67 & 68).
 
I can confirm it is udhcpc that issues this.
And it does not care about the nvram parameter dhcpc_lease_time.
I don't know if we have source code for this.
But the output can be patched to something else, since it may be missleading.
 
kamoj said:
I can confirm it is udhcpc that issues this.
And it does not care about the nvram parameter dhcpc_lease_time.
I don't know if we have source code for this.
But the output can be patched to something else, since it may be missleading.
Click to expand...
With Entware, you can install other DHCP clients. The one on the firmware is not great and I had problems with it (thanks to Netgear…) as the client was renewing at the end of the lease (and not ½ time as it should, and my lease is only 5 minutes) thus creating a micro-cut [that might be your case], so I used a third party one, then I coded my own mini DHCP client tailored to my needs (as I have a static IP, but still through DHCP, I had my setup as static, but my custom client was making the ISP's server happy).

The lease_time not being respected may be normal. Your client is telling your ISP's server its wished lease time, but at the end, it is the server/relay that has the final word and can impose its own lease time (since it is the one granting the lease).
In any case, whatever the lease_time is, a DHCP client is supposed to renew the lease at ½ the lease_time or by any means before the lease ends (to prevent cuts).

In your case, I would first check the lease time and if udhcpc is renewing at the end (bad) or earlier (good), and go with an alternate DHCP client from Entware if needed ;)
 
HELLO_wORLD said:
With Entware, you can install other DHCP clients. The one on the firmware is not great and I had problems with it (thanks to Netgear…) as the client was renewing at the end of the lease (and not ½ time as it should, and my lease is only 5 minutes) thus creating a micro-cut [that might be your case], so I used a third party one, then I coded my own mini DHCP client tailored to my needs (as I have a static IP, but still through DHCP, I had my setup as static, but my custom client was making the ISP's server happy).

The lease_time not being respected may be normal. Your client is telling your ISP's server its wished lease time, but at the end, it is the server/relay that has the final word and can impose its own lease time (since it is the one granting the lease).
In any case, whatever the lease_time is, a DHCP client is supposed to renew the lease at ½ the lease_time or by any means before the lease ends (to prevent cuts).

In your case, I would first check the lease time and if udhcpc is renewing at the end (bad) or earlier (good), and go with an alternate DHCP client from Entware if needed ;)
Click to expand...
Thank you very much for all information and tips!
My lease time is 3 h, so I'm not in any trouble with the renewing.
My connection never (micro-)cuts, it's just an annoying log, that should say renewing instead of connecting!
I've to think about this to see what/if to do with the addon with this.
 
kamoj said:
(…) it's just an annoying log, that should say renewing instead of connecting!
I've to think about this to see what/if to do with the addon with this.
Click to expand...
Maybe something like this on udhcpc to intercept the output and correct it before sending it back to the log?
etbe.coker.com.au

Redirecting Output from a Running Process

Someone asked on a mailing list how to redirect output from a running process. They had a program which had been running for a long period of time without having stdout redirected to a file. They w…
etbe.coker.com.au etbe.coker.com.au
 
Jake77 said:
I would like to use this
Selective Parental Control in my build of firmware

Together with Aegis, how should I add the lines in firewall-start.sh file?
Should they be added before or after this line, or some other way?

# Bolemo aegis
[ -x /opt/bolemo/scripts/aegis ] && /opt/bolemo/scripts/aegis _fws

Thanks
Click to expand...

Hello @Jake77

Thank you for using Aegis :)

Looking at the code for Selective Parental Control, it should not matter if it is put before or after Aegis.

However, in general and/or in doubt, it is advised to put any custom code before the line # Bolemo aegis.
 
You must log in or register to reply here.

Similar threads

HELLO_wORLD
Aegis Aegis 1.7.x
8 9 10
Replies
192
Views
27K
DeuX
DeuX
HELLO_wORLD
Aegis aegis: a firewall blocklist
7 8 9
Replies
177
Views
20K
HELLO_wORLD
HELLO_wORLD
HELLO_wORLD
Aegis Aegis 1.7.0 beta
2
Replies
29
Views
4K
HELLO_wORLD
HELLO_wORLD
HELLO_wORLD
[R7800, R9000 & probably others] Blocklist based Firewall addon
5 6 7
Replies
133
Views
14K
HELLO_wORLD
HELLO_wORLD
M
Firewall doesen't block custom rules, neighter Skynet
Replies
0
Views
1K
MamaLing
M

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 820 (members: 12, guests: 808)
Top