Country block failing (probably due to missing ipt_set.ko)

Finalcut62 · Dec 31, 2016

Hi there,

I'm on 380.64 and I've been spending the past few days getting this project going using ipset as the basis for blocking incoming connections. However, the script on the GitHub page fails and when I do a manual step by step of the script, it turns out

Code:

insmod ipt_set

fails with a

Code:

insmod: 'ipt_set.ko': module not found

error. I assume that's the reason why the iptable commands in the script all fail with an error of the sets being looked for are not found.

Can I manually install that ipt_set.ko mod?

Best,

Paul

octopus · Dec 31, 2016

If you use ARM router you need to start new modules. You don't say if you are on ARM/MIPS

For arm routers:

Code:

lsmod | grep "xt_set" > /dev/null 2>&1 || \
for module in ip_set ip_set_hash_net ip_set_hash_ip xt_set
    do
    insmod $module
done

This work with both arm/mips

Code:

ipset -v | grep -i "v4" > /dev/null 2>&1                                    
if [ $? -eq 0 ]; then                                                                  
       # old ipset                                                          
   ipsetv=4                                                            
   lsmod | grep "ipt_set" > /dev/null 2>&1 || \                        
   for module in ip_set ip_set_nethash ip_set_iphash ipt_set            
   do                                                                  
       insmod $module                                              
   done                                                                
    else                                                                        
 
    # new ipset                                                
   ipsetv=6                                                    
   lsmod | grep "xt_set" > /dev/null 2>&1 || \                
   for module in ip_set ip_set_hash_net ip_set_hash_ip xt_set  
   do                                                          
       insmod $module                                      
   done                                                        
fi

And if you are on arm you need to change this to:

Code:

if [ "$(ipset --swap malware-filter malware-filter 2>&1 | grep -E 'Unknown set|The set with the given name does not exist')" != "" ]; then

Finalcut62 · Dec 31, 2016

That was it! I'm on a AC68U so ARM indeed. Thanks so much!

Thread starter	Title	Forum	Replies	Date
V	Does DNS director block port 53 and/or 853 outgoing?	Asuswrt-Merlin	3	Dec 1, 2024
K	Solved "Block internet access" does nothing	Asuswrt-Merlin	7	Nov 7, 2024
R	Addition of Block Internet Access	Asuswrt-Merlin	5	Oct 21, 2024
K	How to block LAN access for a wired device on ASUS Merlin (Firmware 3004.388.8_2)?	Asuswrt-Merlin	12	Oct 7, 2024
M	URL block List	Asuswrt-Merlin	5	Aug 29, 2024
N	IPv6 6RD tunnel block/allow by mac/IP	Asuswrt-Merlin	3	Aug 28, 2024
	RT-AX88U Pro - Block YouTube on Smart TV	Asuswrt-Merlin	13	Jul 25, 2024
L	"Block internet access" toggle in Client Status GUI doesn't stick	Asuswrt-Merlin	3	Jul 2, 2024
C	Is there any easy solution in Merlin for a VPN server that is hard to block/detect?	Asuswrt-Merlin	15	Jun 11, 2024
C	isp block dns over tls and poison any unencrypted dns resolution	Asuswrt-Merlin	14	May 27, 2024

Search

Search

Country block failing (probably due to missing ipt_set.ko)

Finalcut62

New Around Here

octopus

Part of the Furniture

Finalcut62

New Around Here

Similar threads

Similar threads

Latest threads

Support SNBForums w/ Amazon

Sign Up For SNBForums Daily Digest

Staff online

Members online