Hi, I got this error on the ssh interface with rev 24Rev 24 is out on Gitlab
- Total Rewrite (tnx redhat27)
- no more storing files beside the link list
- CIDR support and IP Support
- removed xargs for the moment (slower script)
/tmp/mnt/sda1/malware-filter# ./malware-block
Please wait while this script is running, this will take awhile..
ipset v4.5: Out of range cidr `198.20.69.0/241.161.228.232' specified
Try `ipset -H' or 'ipset --help' for more information.
system: Malware Filter Adding ipset rules to firewall...
Apr 5 09:53:37 kernel: net/ipv4/netfilter/ip_set_iphash.c: iphash_retry: rehashing of set Malware-Update-Filter triggered: hashsize grows from 1024 to 1536
Apr 5 09:53:39 kernel: net/ipv4/netfilter/ip_set_iphash.c: iphash_retry: rehashing of set Malware-Update-Filter triggered: hashsize grows from 1536 to 2304
Apr 5 09:53:40 kernel: net/ipv4/netfilter/ip_set_iphash.c: iphash_retry: rehashing of set Malware-Update-Filter triggered: hashsize grows from 2304 to 3456
Apr 5 09:53:48 kernel: net/ipv4/netfilter/ip_set_iphash.c: iphash_retry: rehashing of set Malware-Update-Filter triggered: hashsize grows from 3456 to 5184
Apr 5 09:53:51 kernel: net/ipv4/netfilter/ip_set_iphash.c: iphash_retry: rehashing of set Malware-Update-Filter triggered: hashsize grows from 5184 to 7776
Apr 5 09:54:04 kernel: net/ipv4/netfilter/ip_set_iphash.c: iphash_retry: rehashing of set Malware-Update-Filter triggered: hashsize grows from 7776 to 11664
Apr 5 09:54:19 kernel: net/ipv4/netfilter/ip_set_iphash.c: iphash_retry: rehashing of set Malware-Update-Filter triggered: hashsize grows from 11664 to 17496
Apr 5 09:54:37 kernel: net/ipv4/netfilter/ip_set_iphash.c: iphash_retry: rehashing of set Malware-Update-Filter triggered: hashsize grows from 17496 to 26244
Apr 5 09:55:13 kernel: net/ipv4/netfilter/ip_set_iphash.c: iphash_retry: rehashing of set Malware-Update-Filter triggered: hashsize grows from 26244 to 39366
Apr 5 09:55:16 kernel: net/ipv4/netfilter/ip_set_nethash.c: nethash_retry: rehashing of set Malware-Range-Update triggered: hashsize grows from 1024 to 1536
Apr 5 09:55:16 kernel: net/ipv4/netfilter/ip_set_nethash.c: nethash_retry: rehashing of set Malware-Range-Update triggered: hashsize grows from 1024 to 2304
Apr 5 09:55:16 kernel: net/ipv4/netfilter/ip_set_nethash.c: nethash_retry: rehashing of set Malware-Range-Update triggered: hashsize grows from 2304 to 3456
Apr 5 09:55:43 kernel: net/ipv4/netfilter/ip_set_iphash.c: iphash_retry: rehashing of set Malware-Update-Filter triggered: hashsize grows from 39366 to 59049
Apr 5 09:56:04 kernel: net/ipv4/netfilter/ip_set_iphash.c: iphash_retry: rehashing of set Malware-Update-Filter triggered: hashsize grows from 59049 to 88573
Apr 5 09:57:28 system: Malware-Filter loaded 25478 unique ip addresses that will be rejected from contacting your router.
Apr 5 09:57:28 system: Malware-Filter loaded 850 unique ip ranges that will be rejected from contacting your router.
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 set Malware-Range-Filter src,dst
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 set Malware-Filter src,dst
5 836 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 set malware-filter src,dst
:/tmp/mnt/sda1/malware-filter# ipset -L Malware-Range-Filterseems to have written something to the sets, mind printing some of the output of Malware-Range-Filter
Code:ipset -L Malware-Range-Filter
ipset v4.5: Out of range cidr `198.20.69.0/241.161.228.232' specified
rm /jffs/malware-filter.list
Something did not work, its giving me ipset v4.5: Unknown set errorif you remove the list on your router the malware-filter downloads em automatically again no need to put em there
btw found your issue, kinda remembered that ipset version 4 is chatty so i readded --quiet again will make it not spam the logs.
its updated at gitlab
thanks, I saw that message and will give it a try. I'll let you know the results.lol wtf, yeah that is a valid ip adress dunno what happened there.
btw @Xentrk this version should work on DDWRT
Perhaps a reminder may be needed for users to update the /jffs/malware-filter.list file on the wiki or forum posting. The updated wiki appears to be missing the instructions on the /jffs/malware-filter.list that used to be there. For first time users, no problems since it will get created automatically. But as we see in my example, I had a prior installation.each time would be a bad idea /jffs/ is cold storage since it not good to continually write to that storage
Yes it doubled the count!if you deleted the old list it should block alot more now
Apr 5 11:00:54 system: Malware-Filter loaded 45292 unique ip addresses that will be rejected from contacting your router.
Apr 5 11:00:54 system: Malware-Filter loaded 850 unique ip ranges that will be rejected from contacting your router.
Can't find library for target `TRIGGER'
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!