iblocklist.com generic ipset loader for ipset v6 and v4

[shooter40sw]

I have some time to test so if you need help testing let me know

 

[redhat27]

Thank you for the offer. I will upload the new iblocklist-loader script shortly and let you know

 

[jack901]

am I missing something or not set up right? this is what I get when I run ya-malware-block.sh -Loaded sets YAMalwareBlock1IP (3142), YAMalwareBlock2IP (1) and YAMalwareBlockCIDR (1) in 3 seconds

does it create files somewhere ? as I see none and how can I tell if it is actually blocking things?
thanks

 

[redhat27]

@jack901 Posted reply in the correct thread.

 

[redhat27]

I have some time to test so if you need help testing let me know

I have uploaded the updated script in github. Can you download and test?

 

[shooter40sw]

I have uploaded the updated script in github. Can you download and test?

Yes just tried it, it runned fast just like before

Chain PREROUTING (policy ACCEPT 41492 packets, 5635K bytes)
 pkts bytes target     prot opt in     out     source               destination
    3   303 DROP       all  --  any    any     anywhere             anywhere            set I-BlocklistTheOnionRouter src,dst
    0     0 DROP       all  --  any    any     anywhere             anywhere            set BluetackProxy src
  115  7821 DROP       all  --  any    any     anywhere             anywhere            set YAMalwareBlock1IP src
  227  9983 DROP       all  --  any    any     anywhere             anywhere            set YAMalwareBlock2IP src
   82 12054 DROP       all  --  any    any     anywhere             anywhere            set YAMalwareBlockCIDR src

The malware filter did take like 30 minutes to complete,I have not reboot the router, If you can tell me the command to delete them from this chain? I tried PREROUTING and did not work like the forward or input chain, that way Ill delete everything and test again

 

[redhat27]

can tell me the command to delete them from this chain

You'd want to delete the old rules from both the INPUT and FORWARD chain on the filter table.
Do a iptables-save -t filter (or just iptables-save), find the offending rules, and then copy the whole line, and change -A to -D
so:
find the line with -A FORWARD <blah> <blah> and run iptables -D FORWARD <blah> <blah>

Also same for INPUT

 

[shooter40sw]

You'd want to delete teh old rules from both the INPUT and FORWARD chain on the filter table.
Do a iptables-save -t filter (or just iptables-save), find the offending rules, and then copy the while line, and change -A to -D
so:
fine the line with -A FORWARD <blah> <blah> and run iptables -D FORWARD <blah> <blah>

Also same for INPUT

This script is running great , but the malware one is not, already 3 minutes and going... when this one took a few seconds Im going to download again from scrath, tell you the results

 

[Jack Yaz]

This new version locks me out of the UI, any ideas? RM'd all the old stuff, rebooted etc, router UI locks out as soon as the new version of this script loads. Reverted to old and no problems

 

[Xentrk]

I added some additional lists to the script. But many of the news sites I go to were blocked. I went back to the default list for now. I also use the blacklist-domains.txt. The news sites are working now. Do you know which list could be blocking the news sites?

 

[redhat27]

@Jack Yaz Are you referring to this script or the ya-malware-block. Which one is causing the UI issues for you?

@Xentrk See post #90, you can whitelist the sites that you visit. It is very easy to add the sites on the local file. Just add the domain and rerun this script manually. You can test immediately afterwards.

 

[Jack Yaz]

@Jack Yaz Are you referring to this script or the ya-malware-block. Which one is causing the UI issues for you?

@Xentrk See post #90, you can whitelist the sites that you visit. It is very easy to add the sites on the local file. Just add the domain and rerun this script manually. You can test immediately afterwards.

I think it's this one, I since reimplemented ya-malware via service-start in place of firewall-start and it's up and running. Haven't tried the new version of this again just yet

 

[redhat27]

@Jack Yaz Check your UI IP with the shell function I provided in the other thread and see which set is the culprit

 

[Jack Yaz]

@Jack Yaz Check your UI IP with the shell function I provided in the other thread and see which set is the culprit

Script updated and all OK. Seems to work a lot better in service start. I have this in firewall-start, is it now redundant? I notice it applies to forward chain rather than prerouting which this script now uses?

# Reinstate the ipset rules if they have been created already
[ "$(uname -m)" = "mips" ] && MATCH_SET='--set' || MATCH_SET='--match-set'
for ipSet in $(ipset -L | sed -n '/^Name:/s/^.* //p'); do
  case $ipSet in
    AcceptList) iptables-save | grep -q "$ipSet" || iptables -I INPUT -m set $MATCH_SET $ipSet src -j ACCEPT;;
    TorNodes|BlockedCountries|CustomBlock) iptables-save | grep -q "$ipSet" || iptables -I INPUT -m set $MATCH_SET $ipSet src -j DROP;;
    MicrosoftSpyServers) iptables-save | grep -q "$ipSet" || iptables -I FORWARD -m set $MATCH_SET $ipSet dst -j DROP;;
    *) iptables-save | grep -q "$ipSet" || iptables -I FORWARD -m set $MATCH_SET $ipSet src,dst -j DROP;;
  esac
done

 

[redhat27]

Its not. But the defaults section needs to be updated. I'll update the wiki when I get some time

 

[Jack Yaz]

Ok no worries, I updated the blockstats bit, can I edit wiki or do I need to be approved?

 

[redhat27]

Not at all. All you need is a github account. It would be a big help to me if you can update the wiki with updated info there. Please feel free to add any other useful stuff to the wiki yourself. If something does not look okay, somebody will correct it.

 

[redhat27]

Do you know which list could be blocking the news sites?

Try lookup of the your news sites's IP with the shell function in the other thread..

@Jack Yaz Can you put the function (both v4 and v6 versions) in the wiki?

 

[Jack Yaz]

Try lookup of the your news sites's IP with the shell function in the other thread..

@Jack Yaz Can you put the function (both v4 and v6 versions) in the wiki?

Quickly thrown it in here: https://github.com/RMerl/asuswrt-me...ion-instructions#search-ipset-lists-for-an-ip

Will work on formatting and better explanation in a bit

 

[redhat27]

Quickly thrown it in here: https://github.com/RMerl/asuswrt-me...ion-instructions#search-ipset-lists-for-an-ip

Will work on formatting and better explanation in a bit

Thanks for the wiki entry write-up