What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

am I missing something or not set up right? this is what I get when I run ya-malware-block.sh -Loaded sets YAMalwareBlock1IP (3142), YAMalwareBlock2IP (1) and YAMalwareBlockCIDR (1) in 3 seconds

does it create files somewhere ? as I see none and how can I tell if it is actually blocking things?
thanks
 
I have uploaded the updated script in github. Can you download and test?

Yes just tried it, it runned fast just like before

Code:
Chain PREROUTING (policy ACCEPT 41492 packets, 5635K bytes)
 pkts bytes target     prot opt in     out     source               destination
    3   303 DROP       all  --  any    any     anywhere             anywhere            set I-BlocklistTheOnionRouter src,dst
    0     0 DROP       all  --  any    any     anywhere             anywhere            set BluetackProxy src
  115  7821 DROP       all  --  any    any     anywhere             anywhere            set YAMalwareBlock1IP src
  227  9983 DROP       all  --  any    any     anywhere             anywhere            set YAMalwareBlock2IP src
   82 12054 DROP       all  --  any    any     anywhere             anywhere            set YAMalwareBlockCIDR src

The malware filter did take like 30 minutes to complete,I have not reboot the router, If you can tell me the command to delete them from this chain? I tried PREROUTING and did not work like the forward or input chain, that way Ill delete everything and test again
 
can tell me the command to delete them from this chain
You'd want to delete the old rules from both the INPUT and FORWARD chain on the filter table.
Do a iptables-save -t filter (or just iptables-save), find the offending rules, and then copy the whole line, and change -A to -D
so:
find the line with -A FORWARD <blah> <blah> and run iptables -D FORWARD <blah> <blah>

Also same for INPUT
 
You'd want to delete teh old rules from both the INPUT and FORWARD chain on the filter table.
Do a iptables-save -t filter (or just iptables-save), find the offending rules, and then copy the while line, and change -A to -D
so:
fine the line with -A FORWARD <blah> <blah> and run iptables -D FORWARD <blah> <blah>

Also same for INPUT

This script is running great , but the malware one is not, already 3 minutes and going... when this one took a few seconds Im going to download again from scrath, tell you the results
 
This new version locks me out of the UI, any ideas? RM'd all the old stuff, rebooted etc, router UI locks out as soon as the new version of this script loads. Reverted to old and no problems
 
I added some additional lists to the script. But many of the news sites I go to were blocked. I went back to the default list for now. I also use the blacklist-domains.txt. The news sites are working now. Do you know which list could be blocking the news sites?
 
@Jack Yaz Are you referring to this script or the ya-malware-block. Which one is causing the UI issues for you?

@Xentrk See post #90, you can whitelist the sites that you visit. It is very easy to add the sites on the local file. Just add the domain and rerun this script manually. You can test immediately afterwards.
 
@Jack Yaz Are you referring to this script or the ya-malware-block. Which one is causing the UI issues for you?

@Xentrk See post #90, you can whitelist the sites that you visit. It is very easy to add the sites on the local file. Just add the domain and rerun this script manually. You can test immediately afterwards.
I think it's this one, I since reimplemented ya-malware via service-start in place of firewall-start and it's up and running. Haven't tried the new version of this again just yet
 
@Jack Yaz Check your UI IP with the shell function I provided in the other thread and see which set is the culprit
Script updated and all OK. Seems to work a lot better in service start. I have this in firewall-start, is it now redundant? I notice it applies to forward chain rather than prerouting which this script now uses?

Code:
# Reinstate the ipset rules if they have been created already
[ "$(uname -m)" = "mips" ] && MATCH_SET='--set' || MATCH_SET='--match-set'
for ipSet in $(ipset -L | sed -n '/^Name:/s/^.* //p'); do
  case $ipSet in
    AcceptList) iptables-save | grep -q "$ipSet" || iptables -I INPUT -m set $MATCH_SET $ipSet src -j ACCEPT;;
    TorNodes|BlockedCountries|CustomBlock) iptables-save | grep -q "$ipSet" || iptables -I INPUT -m set $MATCH_SET $ipSet src -j DROP;;
    MicrosoftSpyServers) iptables-save | grep -q "$ipSet" || iptables -I FORWARD -m set $MATCH_SET $ipSet dst -j DROP;;
    *) iptables-save | grep -q "$ipSet" || iptables -I FORWARD -m set $MATCH_SET $ipSet src,dst -j DROP;;
  esac
done
 
Not at all. All you need is a github account. It would be a big help to me if you can update the wiki with updated info there. Please feel free to add any other useful stuff to the wiki yourself. If something does not look okay, somebody will correct it.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top