What's new

:: ipBLOCKer :: Category blocking using iptables and ipsets

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Take a look at what you have in chron. I would suspect that after all of the moving around you've done, you didn't change that path used there.

Try running:
Code:
cru l

Then look at /jffs/scripts/firewall-start.



And post the result (or just make sure path used there is correct!
 
In your case:

Code:
./ipBLOCKer uninstall all

Once that is done, follow the installation procedure - you should be fine.
yk101 said:
I think you should use ./ipBLOCKer.sh

Code:
cd ipBLOCKer

./ipBLOCKer uninstall all

# This will uninstall custom and white-list categories
# as well as remove firewall-start entries
# this will also delete the refresh and filters folders

# NOW you will have a CLEAN system

# Start ipBLOCKer by the below commands

./ipBLOCKer setup

# Select all the categories
# from command prompt run the below command

./ipBLOCKer refresh custom

./ipBLOCKer refresh all

I see that I have been quick on the fingers.
Updated earlier post to include the sh extension
 
Take a look at what you have in chron. I would suspect that after all of the moving around you've done, you didn't change that path used there.

it is all fine until router reboot....after reboot not working and can`t access to ipBLOCKer with all commands....i have no idea why script not runing after reboot?

ipBLOCKer updates the /jffs/scripts/firewall-start during
installation
(saves a backup copy with date and time it has changed) and
after uninstall (removes all its related entries).

So path should not be an issue,
unless a manual change is made to the firewall-start script.

After a router reboot or firewall is restarted,
if a saved state of iptables and ipsets are available in the
user's refresh folder, ipBLOCKer restores them.

Even after the frequent manual router restarts,
I see that the program files are still present in the folder.

Can you tell us how do you login to the router and
run the ipBLOCKer commands ?

Do you telnet/ssh ?
 
Take a look at what you have in chron. I would suspect that after all of the moving around you've done, you didn't change that path used there.

Try running:
Code:
cru l

Then look at /jffs/scripts/firewall-start.



And post the result (or just make sure path used there is correct!

this i got with cru 1
Code:
admin@RT-AC3200-7180:/tmp/mnt/sda1/ipBLOCKer# cru l
00 2 * * Thu /tmp/mnt/sda1/adblocking/addon/update-hosts.add cronjob #UpdateHosts#
0 8 * * * . /tmp/mnt/sda1/ipBLOCKer/.ipBLOCKer.config; /tmp/mnt/sda1/ipBLOCKer/ipBLOCKer.sh refresh adware #ipBLOCKer-refresh-adware#
0 12 * * 3 . /tmp/mnt/sda1/ipBLOCKer/.ipBLOCKer.config; /tmp/mnt/sda1/ipBLOCKer/ipBLOCKer.sh refresh country #ipBLOCKer-refresh-country#
45 */8 * * * . /tmp/mnt/sda1/ipBLOCKer/.ipBLOCKer.config; /tmp/mnt/sda1/ipBLOCKer/ipBLOCKer.sh refresh etf #ipBLOCKer-refresh-etf#
0 9 * * * . /tmp/mnt/sda1/ipBLOCKer/.ipBLOCKer.config; /tmp/mnt/sda1/ipBLOCKer/ipBLOCKer.sh refresh malware #ipBLOCKer-refresh-malware#
30 9 * * * . /tmp/mnt/sda1/ipBLOCKer/.ipBLOCKer.config; /tmp/mnt/sda1/ipBLOCKer/ipBLOCKer.sh refresh shalla #ipBLOCKer-refresh-shalla#
0 10 * * * . /tmp/mnt/sda1/ipBLOCKer/.ipBLOCKer.config; /tmp/mnt/sda1/ipBLOCKer/ipBLOCKer.sh refresh spam #ipBLOCKer-refresh-spam#
30 10 * * * . /tmp/mnt/sda1/ipBLOCKer/.ipBLOCKer.config; /tmp/mnt/sda1/ipBLOCKer/ipBLOCKer.sh refresh tor-exits #ipBLOCKer-refresh-tor-exits#
admin@RT-AC3200-7180:/tmp/mnt/sda1/ipBLOCKer#

firewall-start script is created by ipBLOCKer....
Code:
#!/bin/sh
# ipBLOCKer: Restore ipset from backup. DO NOT CHANGE MANUALLY
[ -f /tmp/mnt/sda1/ipBLOCKer/refresh/ipset.save ]    && \
{ logger ipBLOCKer Restoring ipsets...; nice -n4    ipset restore    < /tmp/mnt/sda1/ipBLOCKer/refresh/ipset.save    2> /dev/null & }

# ipBLOCKer: Restore iptables from backup. DO NOT CHANGE MANUALLY
[ -f /tmp/mnt/sda1/ipBLOCKer/refresh/iptables.save ] && \
{ logger ipBLOCKer Restoring iptables...; nice -n4 iptables-restore -c < /tmp/mnt/sda1/ipBLOCKer/refresh/iptables.save 2> /dev/null & }

i am using putty over ssh 22 port for installing or removing....problem is when router rebooted then ipBLOCKer not start and using ipset.save and iptables.save files....
 
This looks correct. However, is it possible that firewall-start is called before sda1 is actually mounted?
 
i do not know...how to see, check that?
from syslog, i see ipBLOCKer starting twice?
https://pastebin.com/xa56Kvzk

It looks to me like your firewall_start is called twice, but the script seems to be running both times. I may be completely wrong, but I would try adding the call with run parameter at the end of firewall-start script.
 
script runing but didn`t import nothing to router from /tmp/mnt/sda1/ipBLOCKer/refresh/iptables.save and ipset.save.......
yesterday i have way better results as today with same files?
Code:
May 15 22:39:31 ipBLOCKer: Install: /tmp/mnt/sda1/ipBLOCKer
May 15 22:39:31 ipBLOCKer: Filters: /tmp/mnt/sda1/ipBLOCKer/filters
May 15 22:39:31 ipBLOCKer: Refresh: /tmp/mnt/sda1/ipBLOCKer/refresh
May 15 22:39:31 ipBLOCKer: Backup : /tmp/mnt/sda1/ipBLOCKer/backup
May 15 22:39:31 ipBLOCKer: Log    : /tmp/syslog.log
May 15 22:39:31 ipBLOCKer:
May 15 22:39:31 ipBLOCKer: Space Usage: 13.3M              IPSet Version: ipset v6
May 15 22:39:31 ipBLOCKer: ______________________________________________________________________
May 15 22:39:32 ipBLOCKer:                          Total                  Total
May 15 22:39:32 ipBLOCKer: categories           IP         Hits       CIDR       Hits    
May 15 22:39:32 ipBLOCKer: ______________________________________________________________________
May 15 22:39:36 ipBLOCKer: adware               26636      39         0          0        
May 15 22:39:41 ipBLOCKer: country              0          0          20116      171      
May 15 22:39:45 ipBLOCKer: etf                  22965      0          112        0        
May 15 22:39:52 ipBLOCKer: malware              103105     0          0          0        
May 15 22:39:56 ipBLOCKer: shalla               5739       0          0          0        
May 15 22:40:00 ipBLOCKer: spam                 26380      0          953        0        
May 15 22:40:03 ipBLOCKer: tor-exits            7050       0          0          0        
May 15 22:40:06 ipBLOCKer: custom               27         0          0          0        
May 15 22:40:10 ipBLOCKer: white-list           35         0          0          0        
May 15 22:40:10 ipBLOCKer: ______________________________________________________________________
May 15 22:40:10 ipBLOCKer: Grand Totals:        191937     39         21181      171      
May 15 22:40:10 ipBLOCKer: ######################################################################
today:
Code:
May 16 17:04:57 ipBLOCKer: Install: /tmp/mnt/sda1/ipBLOCKer
May 16 17:04:57 ipBLOCKer: Filters: /tmp/mnt/sda1/ipBLOCKer/filters
May 16 17:04:57 ipBLOCKer: Refresh: /tmp/mnt/sda1/ipBLOCKer/refresh
May 16 17:04:57 ipBLOCKer: Backup : /tmp/mnt/sda1/ipBLOCKer/backup
May 16 17:04:57 ipBLOCKer: Log    : /tmp/syslog.log
May 16 17:04:57 ipBLOCKer: 
May 16 17:04:57 ipBLOCKer: Space Usage: 13.2M              IPSet Version: ipset v6
May 16 17:04:57 ipBLOCKer: ______________________________________________________________________
May 16 17:04:57 ipBLOCKer:                          Total                  Total
May 16 17:04:57 ipBLOCKer: categories           IP         Hits       CIDR       Hits     
May 16 17:04:57 ipBLOCKer: ______________________________________________________________________
May 16 17:05:01 ipBLOCKer: adware               26636      0          0          0         
May 16 17:05:05 ipBLOCKer: country              0          0          20120      0         
May 16 17:05:08 ipBLOCKer: etf                  23659      0          113        0         
May 16 17:05:12 ipBLOCKer: malware              46547      0          0          0         
May 16 17:05:14 ipBLOCKer: shalla               0          0          0          0         
May 16 17:05:16 ipBLOCKer: spam                 1          0          0          0         
May 16 17:05:19 ipBLOCKer: tor-exits            0          0          0          0         
May 16 17:05:21 ipBLOCKer: custom               27         0          0          0         
May 16 17:05:23 ipBLOCKer: white-list           35         0          0          0         
May 16 17:05:23 ipBLOCKer: ______________________________________________________________________
May 16 17:05:23 ipBLOCKer: Grand Totals:        96905      0          20233      0         
May 16 17:05:23 ipBLOCKer: ######################################################################
 
Last edited:
script runing but didn`t import nothing to router from /tmp/mnt/sda1/ipBLOCKer/refresh/iptables.save and ipset.save.......

The firewall-start and cron jobs are fine.

Code:
The following files were saved after all categories
were removed except custom and white-list,
as the info is mentioned in the FAQ section

refresh/iptables.save
refresh/ipset.save

So whenever the firewall-starts it sees that
the user has a saved state and is re-instating them.

But in our current situation they ONLY contain
custom and white-list info as the rest of the categories refresh is not available as they were either uninstalled or unselected from setup menu during multiple installs

Do the below

cd ipBLOCKer
./ipBLOCKer.sh refresh all

when it completes, run the below commands post the values here in the forum

./ipBLOCKer status

and

wc -l refresh/*.save


Please restrain from doing any of this for a day
DO NOT RESTART      the router
DO NOT DELETE        anything from any folders
DO NOT UNINSTALL any category
DO NOT UNSELECT   any category from setup menu

See if the next day the system is still running without anything getting deleted.

I can help you NEXT DAY in simulating a router restart and 
we can see if any values are getting lost whenever you 
reboot your router
 
cd ipBLOCKer command not working for me....working just ./ipBLOCKer.sh

EDIT: output for ./ipBLOCKer.sh refresh all
https://pastebin.com/TyTzvNP4

Code:
admin@RT-AC3200-7180:/tmp/mnt/sda1/ipBLOCKer# ./ipBLOCKer.sh status
Option: status                                                   ipBLOCKer:     ipBLOCKer: ######################################################################
ipBLOCKer: Date: Tue May 16 17:23:05 DST 2017    Device: RT-AC3200-7180
ipBLOCKer:
ipBLOCKer:                                ipBLOCKer
ipBLOCKer:                             (Version: 1.0)
ipBLOCKer:
ipBLOCKer: Memory Status: 77.53M/249.58M         Swap Status: 0.00M/0.00M
ipBLOCKer:
ipBLOCKer: Install: /tmp/mnt/sda1/ipBLOCKer
ipBLOCKer: Filters: /tmp/mnt/sda1/ipBLOCKer/filters
ipBLOCKer: Refresh: /tmp/mnt/sda1/ipBLOCKer/refresh
ipBLOCKer: Backup : /tmp/mnt/sda1/ipBLOCKer/backup
ipBLOCKer: Log    : /tmp/syslog.log
ipBLOCKer:
ipBLOCKer: Space Usage: 7.4M                     IPSet Version: ipset v6
ipBLOCKer: ______________________________________________________________________
ipBLOCKer:                          Total                  Total
ipBLOCKer: categories           IP         Hits       CIDR       Hits
ipBLOCKer: ______________________________________________________________________
ipBLOCKer: adware               26636      0          0          0
ipBLOCKer: country              0          0          20120      0
ipBLOCKer: etf                  23659      0          113        0
ipBLOCKer: malware              46712      0          0          0
ipBLOCKer: shalla               0          0          0          0
ipBLOCKer: spam                 1          0          0          0
ipBLOCKer: tor-exits            0          0          0          0
ipBLOCKer: custom               27         0          0          0
ipBLOCKer: white-list           35         0          0          0
ipBLOCKer: ______________________________________________________________________
ipBLOCKer: Grand Totals:        97070      0          20233      0
ipBLOCKer: ######################################################################
ipBLOCKer:


Option: status  .... Done
admin@RT-AC3200-7180:/tmp/mnt/sda1/ipBLOCKer# wc -l refresh/*.save
   117312 refresh/ipset.save
      103 refresh/iptables.save
   117415 total
admin@RT-AC3200-7180:/tmp/mnt/sda1/ipBLOCKer#

Code:
admin@RT-AC3200-7180:/tmp/mnt/sda1/ipBLOCKer# ./ipBLOCKer.sh synch
Option: synch                                                     ipBLOCKer: Synch & Restore ipBLOCKer FireWall State


Option: synch  .... Done
admin@RT-AC3200-7180:/tmp/mnt/sda1/ipBLOCKer#

Code:
May 16 17:25:32 ipBLOCKer: Synch & Restore ^[[39mip^[[31mBLOCK^[[0m^[[39mer^[[0m FireWall State
May 16 17:25:39 ipBLOCKer: ABORT: Creating Bucket: ipBLOCKer-shallaa type: IP
 
Last edited:
The firewall starts,
then after ab-solution and pixel-serv changes
is restarted again perhaps on their request.

The multiple restart and restore are not the issue.
 
cd ipBLOCKer command not working for me....working just ./ipBLOCKer.sh

EDIT: output for ./ipBLOCKer.sh refresh all
https://pastebin.com/TyTzvNP4

Code:
admin@RT-AC3200-7180:/tmp/mnt/sda1/ipBLOCKer# ./ipBLOCKer.sh status
Option: status                                                   ipBLOCKer:     ipBLOCKer: ######################################################################
ipBLOCKer: Date: Tue May 16 17:23:05 DST 2017    Device: RT-AC3200-7180
ipBLOCKer:
ipBLOCKer:                                ipBLOCKer
ipBLOCKer:                             (Version: 1.0)
ipBLOCKer:
ipBLOCKer: Memory Status: 77.53M/249.58M         Swap Status: 0.00M/0.00M
ipBLOCKer:
ipBLOCKer: Install: /tmp/mnt/sda1/ipBLOCKer
ipBLOCKer: Filters: /tmp/mnt/sda1/ipBLOCKer/filters
ipBLOCKer: Refresh: /tmp/mnt/sda1/ipBLOCKer/refresh
ipBLOCKer: Backup : /tmp/mnt/sda1/ipBLOCKer/backup
ipBLOCKer: Log    : /tmp/syslog.log
ipBLOCKer:
ipBLOCKer: Space Usage: 7.4M                     IPSet Version: ipset v6
ipBLOCKer: ______________________________________________________________________
ipBLOCKer:                          Total                  Total
ipBLOCKer: categories           IP         Hits       CIDR       Hits
ipBLOCKer: ______________________________________________________________________
ipBLOCKer: adware               26636      0          0          0
ipBLOCKer: country              0          0          20120      0
ipBLOCKer: etf                  23659      0          113        0
ipBLOCKer: malware              46712      0          0          0
ipBLOCKer: shalla               0          0          0          0
ipBLOCKer: spam                 1          0          0          0
ipBLOCKer: tor-exits            0          0          0          0
ipBLOCKer: custom               27         0          0          0
ipBLOCKer: white-list           35         0          0          0
ipBLOCKer: ______________________________________________________________________
ipBLOCKer: Grand Totals:        97070      0          20233      0
ipBLOCKer: ######################################################################
ipBLOCKer:


Option: status  .... Done
admin@RT-AC3200-7180:/tmp/mnt/sda1/ipBLOCKer# wc -l refresh/*.save
   117312 refresh/ipset.save
      103 refresh/iptables.save
   117415 total
admin@RT-AC3200-7180:/tmp/mnt/sda1/ipBLOCKer#


Nice leave the system running without any restarts.

Also run the below, so that nothing gets accidentally deleted
./ipBLOCKer backup
 
Nice leave the system running without any restarts
but i got 100.000 IP`s worse results as yesterday....system was runing fine about 16 hours.....then i rebooted and stoping working.....so ipBLOCKer will run normal until router reboot....
https://www.snbforums.com/threads/i...-iptables-and-ipsets.39131/page-3#post-325090

EDIT: i deleted all files and scripts in router and USB....format jffs router, format USB.....then install just entware with ipBLOCKer.....it is the same problem exist....no errors with creating folder and installing script....after reboot router script didn`t pick up iptables and ipset from refresh save files.....i have no idea....i think something must missing in firewall-start script to pick up files.....
 
Last edited:
:)

Même je fais un redémarrage sans fil programmé tous les jours
Sans problème.

Nous pourrions avoir un problème de communication

Notez toutes les étapes que vous faites
1. Lorsque vous redémarrez la machine et
2. après que la machine a démarré les étapes que vous faites

Expliquez en détail ce que vous entendez par
Les fichiers ne sont pas restaurés.
Quelles mesures vous avez-vous prises pour vérifier
 
:)

Même je fais un redémarrage sans fil programmé tous les jours
Sans problème.

Nous pourrions avoir un problème de communication

Notez toutes les étapes que vous faites
1. Lorsque vous redémarrez la machine et
2. après que la machine a démarré les étapes que vous faites

Expliquez en détail ce que vous entendez par
Les fichiers ne sont pas restaurés.
Quelles mesures vous avez-vous prises pour vérifier
Nice to see some french here, untainted by the influences of ordinateur language used by the rest of the world.
Stay strong, we swiss have french, italian, roman and english words fully integrated in our talking and writings.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top