Menu
What's new
By:
Filters Better Search

Location to store ipset blocklist?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

J

john8791

New Around Here
I currently run DD-WRT (Kongac 26190M) on a Netgear AC1450. I have had good luck with my setup, except DD-WRT iptables does not support ipset even with Entware installed. I use a script to block all TOR nodes from my kids which cuts my internet speed by 1/3. I tuned iptables to make the TOR rule only apply to their devices but I want a better solution.

I am considering buying a used Asus RT-AC68U and running Merlin. I found this article describing how to use a script to block TOR exit nodes with ipset, but it says to download the list to "/jffs/ipset_lists". As this list is quite large, and needs to be updated daily or weekly to keep up, wouldn't that wear out the flash memory? I could put it on a USB stick, but this script would execute before the USB was available on boot. Any ideas?
 
john8791 said:
Any ideas?
Click to expand...
You could write a "smart update to jffs" feature. You will probably need to diff two sorted files, since there's no timestamp on the downloaded file. Here's a sample code from my "ipset-save" script. I backup my ipset every hour to jffs only if there's been a change. And I prevent backup of empty ipset.
Code: 
if [ -f "$IPSET_BACKUP" ]; then
  diff -a "$IPSET_BACKUP_TMP" "$IPSET_BACKUP" > /dev/null 2>&1
  if [ $? -eq 0 ] || [ $(wc -c $IPSET_BACKUP_TMP|cut -f1 -d' ') -le 1 ]; then
    # same file, or new file is empty
    rm -f "$IPSET_BACKUP_TMP"
  else
    # different file
    mv -f "$IPSET_BACKUP_TMP" "$IPSET_BACKUP"
  fi
else
  # new file
  mv -f "$IPSET_BACKUP_TMP" "$IPSET_BACKUP"
fi
 
Last edited:
ASAT said:
You could write a "smart update to jffs" feature. You will probably need to diff two sorted files, since there's no timestamp on the downloaded file. Here's a sample code from my "ipset-save" script. I backup my ipset every hour to jffs only if there's been a change. And I prevent backup of empty ipset.
Code: 
if [ -f "$IPSET_BACKUP" ]; then
  diff -a "$IPSET_BACKUP_TMP" "$IPSET_BACKUP" > /dev/null 2>&1
  if [ $? -eq 0 ] || [ $(wc -c $IPSET_BACKUP_TMP|cut -f1 -d' ') -le 1 ]; then
    # same file, or new file is empty
    rm -f "$IPSET_BACKUP_TMP"
  else
    # different file
    mv -f "$IPSET_BACKUP_TMP" "$IPSET_BACKUP"
  fi
else
  # new file
  mv -f "$IPSET_BACKUP_TMP" "$IPSET_BACKUP"
fi
Click to expand...

I think I understand. So you set a cron job to copy $IPSET_BACKUP to /jffs? How often is "too often" when writing to a modern router like the RT-AC68U?
 
john8791 said:
How often is "too often" when writing to a modern router like the RT-AC68U?
Click to expand...
On the Cron interval, you download the file to /tmp. You can do it as often as you like because it's RAM. Then, do a diff on the /tmp file versus the /jffs file. Be sure to sort the file after downloading, to give it a consistent form, prior to diff'ing. Then, update /jffs only when a change is detected.

Example: download, sort and save to /tmp
Code: 
wget -O - http://website.com/blocked-ips.txt | sort -n > /tmp/blocked-ips.txt
 
ASAT said:
On the Cron interval, you download the file to /tmp. You can do it as often as you like because it's RAM. Then, do a diff on the /tmp file versus the /jffs file. Be sure to sort the file after downloading, to give it a consistent form, prior to diff'ing. Then, update /jffs only when a change is detected.

Example: download, sort and save to /tmp
Code: 
wget -O - http://website.com/blocked-ips.txt | sort -n > /tmp/blocked-ips.txt
Click to expand...
That makes perfect sense now. I didn't think about using the /tmp RAM space. Thanks!
 
Alternatively, when a file is generated locally (i.e. not downloaded) you may compare the timestamps of the files to know when there is change. Diff'ing takes more resources and the files must be sorted. So, this technique here is much more efficient for when a file is generated locally. In this case here, an updated timestamp is the change.

Example: Copy /tmp file to /jffs only when there is timestamp change
Code: 
# save ntp drift file to jffs
NTPDRIFT_TMP=/tmp/etc/ntp/ntp.drift
NTPDRIFT_JFFS=/jffs/ntp/ntp.drift
if [ -f "$NTPDRIFT_TMP" ]; then
  if [ ! -f "$NTPDRIFT_JFFS" ] || [ $(date -r "$NTPDRIFT_TMP" +%s) -gt $(date -r "$NTPDRIFT_JFFS" +%s) ];  then
    cp -p "$NTPDRIFT_TMP" "$NTPDRIFT_JFFS"
  fi
fi
 
Last edited:
You must log in or register to reply here.

Similar threads

R
Script to detect backup wan and disable certain devices from internet access
Replies
0
Views
707
RandomUser777
R
Viktor Jaep
BACKUPMON BACKUPMON v1.8.22 -Nov 28, 2024- Backup/Restore your Router: JFFS + NVRAM + External USB Drive! CIFS/SMB/NFS! (Now available in AMTM!)
Replies
14
Views
269
Viktor Jaep
Viktor Jaep
Viktor Jaep
BACKUPMON BACKUPMON v1.8.20 -Oct 12, 2024- Backup/Restore your Router: JFFS + NVRAM + External USB Drive! CIFS/SMB/NFS! (Thread Closed!)
23 24 25
Replies
499
Views
62K
archiel
A
T
New AiMesh user with a few node management/access questions
Replies
6
Views
1K
TheScotsman
T
Viktor Jaep
BACKUPMON BACKUPMON v1.5.10 -Mar 1, 2024- Backup/Restore your Router: JFFS + NVRAM + External USB Drive! (**Thread closed due to age**)
48 49 50
Replies
987
Views
135K
Viktor Jaep
Viktor Jaep
Similar threads
Thread starter Title Forum Replies Date
RMerlin PSA: The location of the Onedrive download folders have moved Asuswrt-Merlin 8
C Does default dnsmasq configuration store LAN names? Asuswrt-Merlin 6

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 591 (members: 20, guests: 571)
Top