Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. Builder71

    Yet another malware block script using ipset (v4 and v6)

    @VZ3 Thx! Working perfectly.
  2. Builder71

    Yet another malware block script using ipset (v4 and v6)

    This doesn't help. :( https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset All give...
  3. Builder71

    [Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

    Hmmm, had to reboot my router. DNS wasn't working. Clients could not do anything. At first I thought it was my YAMalware script, but that seems not the case. No clues from syslog, only NTP could not update many times. (Also relies on DNS, so that could be logical.) Weird is that when I logged...
  4. Builder71

    Yet another malware block script using ipset (v4 and v6)

    @VZ3 OK, I could not resist to fix that. :) # Delete old YAMalwareBlock rules. logger -t Firewall "Delete old YAMalwareBlock rules." echo Delete old YAMalwareBlock rules. iptables -t raw -L --line-numbers | grep YAMalwareBlock | cut -d' ' -f1 | sed '1!G;h;$!d' | while read number; do iptables...
  5. Builder71

    Yet another malware block script using ipset (v4 and v6)

    Thx. Correct, but removing the iptables rules are enough preventing "false positives". The ipset named set is rewritten anyway when used again. But true, it's cleaner to remove that from memory as well. (Although it is never used without iptables rule.)
  6. Builder71

    Yet another malware block script using ipset (v4 and v6)

    @redhat27 @VZ3 A co-worker helped me making it a one liner. :) Works well on my RT-N66U. (ipset v4) Maybe the only "downside" of deleting the old block rules is that the blockstats counter also resets to zero. (With 'blockstats' command you can see how well your blocklists are doing.) #...
  7. Builder71

    [Fork] Asuswrt-Merlin 374.43 LTS releases (Archive)

    26E4->27E5 on my RT-N66U. So far so good, thx! :) (Port forward description now works for the first time.) :D
  8. Builder71

    Yet another malware block script using ipset (v4 and v6)

    I added below code block in between "esac" and "startTS" command to the ya-malware-block.sh script. It seems to work well, but I'm horrible at scripting. So please shoot at it to make it better. :D # Delete existing YAMalwareBlock3IP rule. number=`iptables -t raw -L --line-numbers | grep...
  9. Builder71

    Yet another malware block script using ipset (v4 and v6)

    Sure thing. :D I think redhat27 will fix it when he feels like it. :)
  10. Builder71

    [Fork] 374.43 LTS Beta including new rev AC68U routers (V27BI)

    That's a relief! :) SDK6 WiFi drivers are a big pile of cr@p on the RT-N66U. :eek: :D
  11. Builder71

    [Fork] 374.43 LTS Beta including new rev AC68U routers (V27BI)

    So the RT-N66U will stay on the old WiFi drivers? (V27 and onwards.)
  12. Builder71

    Yet another malware block script using ipset (v4 and v6)

    That indeed was my mistake. Your comment in post #410, is this only "cosmetic" or could it mean we have a possiblity to get false positives?
  13. Builder71

    Yet another malware block script using ipset (v4 and v6)

    admin@RT-N66U:/jffs/scripts# curl -sk #https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level4.netset curl: no URL specified! curl: try 'curl --help' for more information admin@RT-N66U:/jffs/scripts# Ahh, thanks for explaining, I didn't know that. When I add the extra...
  14. Builder71

    Yet another malware block script using ipset (v4 and v6)

    Fixed it! If I add a space after the # sign in the ya-malware-block.urls file it works. :D So it should look like this: admin@RT-N66U:/jffs/ipset_lists# cat ya-malware-block.urls https://raw.githubusercontent.com/shounak-de/misc-scripts/master/telemetry_and_scanners.txt...
  15. Builder71

    Yet another malware block script using ipset (v4 and v6)

    No problem, I start all over. First run is with all urls active. (No # sign before any line.) This seems to work better only no log if telemetry_and_scanners.txt became active? After that I only put a # sign before the last url. This is the default situation with level4 not active. Now you see...
  16. Builder71

    Yet another malware block script using ipset (v4 and v6)

    Yes, I know I should not comment out the sources .urls file. This was only my example to show the file seems to be ignored. Whatever I do with it, only YAMalwareBlockCIDR and YAMalwareBlock1IP are active. With a default .urls file (only level4 commented out), this is what the logging shows...
  17. Builder71

    Yet another malware block script using ipset (v4 and v6)

    Looking at it, it seems like "ya-malware-block.urls" is not used. It always goes for YAMalwareBlock1IP and YAMalwareBlockCIDR, no matter what. What am I missing? pastebin
  18. Builder71

    Yet another malware block script using ipset (v4 and v6)

    I'm using the default ya-malware-block.urls So this uses firehol_level1, 2, 3 and telemetry_and_scanners.txt When I try, admin@RT-N66U:/jffs# MatchIP 8.8.8.8 8.8.8.8 not found in YAMalwareBlockCIDR 8.8.8.8 not found in YAMalwareBlock1IP the output gives me the impression not all lists from...
  19. Builder71

    iblocklist.com generic ipset loader for ipset v6 and v4

    Awesome! Totally missed the wiki. :oops: Great for troubleshooting to see if IP is blocked. admin@RT-N66U:/jffs# MatchIP 8.8.8.8 8.8.8.8 not found in YAMalwareBlockCIDR 8.8.8.8 not found in YAMalwareBlock1IP
  20. Builder71

    [Fork] 374.43 LTS Beta including new rev AC68U routers (V27BI)

    On 26E4 they are also there on my RT-N66U.
Top