What's new

Malware Filter / bad host IPSET

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Nothing to worry about that message its just saying that file was loaded already.. that can happen on privacy-filter also so again its nothing to worry about.

sure i can think about a redundancy file if no other is available so great idea if nothing better is available it has an backup to load from and if it updates then i backs up that current copy.
 
Have an OT for you please; is there any way to free up port 443 on ublockr; perhaps give pixelserve a different port?

I presently use 443/tcp on the router for OpenVPN server - some WAP hotspots allow only browsers - and 80/443 are tied up by pixelserve.

Maybe give pixelserver a different port(s) and tell dnsmasq to look there!?
 
@mike37 use ublockr threads for support please and you can set whatever ports you want for pixelserv just check the pixelserv thread here on snbforum for support on how to do that, i can not guarantee that it will work as inteneded but i leave support question for kvic in the pixelserv thread, dont wanna cross threads support cause it gets confusing for users and for myself.

as for the rest of ya rev 26 is up
  • fixes for ipv6 detection (nice catch @unknownz)
https://gitlab.com/swe_toast/malware-filter/raw/master/malware-filter
 
Last edited:
I have installed as per the github instructions and cannot see any mention of it in my log when I reboot the router.

cru l shows an entry there for the malware filter too.

I can run the script standalone and it gives me the appropriate status messages on the command line.

I am not sure what i am doing wrong.

I have ran the debug script and have a url if its of any use :)

Thanks in advance
 
does it print messages in the syslog in your router ?

and mind giving me the printout of cru l
 
nothing that I can see in the log, no.

00 2 * * Fri /tmp/mnt/A/adblocking/addon/update-hosts.add cronjob #UpdateHosts#
20 5 * * * /tmp/mnt/A/adblocking/addon/rotate-logs.add #RotateLogs#
30 1 * * Fri /tmp/mnt/A/adblocking/scripts/weekly-log-stats.sh #WeeklyStats#
0 */12 * * * /jffs/scripts/malware-filter #malware-filter#
 
well the good news is that its loaded and it should run on noon and midnight

now for the obligatory debug log :) is your paths correct ?

and i do want to say that malware-filter takes along time to complete so dont rush it, its a whole other beast for an older router.
 
Debug log url is this

https://clbin.com/mnkFX

The location of the script is as specified and I have just checked the locations again and they seem fine.
 
yepp nothing wrong there

you can run it by typing

/jffs/scripts/malware-filter

then just waiting for awhile its not gonna go fast cause this script is heavy

once it completes it will show up in the syslog on your router

if you pasted from windows you can make sure that the endings are right by typing

dos2unix /jffs/scripts/malware-filter
 
Thats the weird thing, as when i run it from the command line it take a few minutes to complete, so I expected it to be the same on reboot.

Is there any other way of checking it is working at all?
 
so if u want it to be running on reboot add

/jffs/scripts/malware-filter

to /jffs/scripts/wan-start

content should look like this
Code:
#!/bin/sh
/jffs/scripts/malware-filter

you can add privacy-filter also to that file to run it once wan is detected.
 
Nice :) thanks very much

Apr 24 19:41:45 kernel: net/ipv4/netfilter/ip_set_nethash.c: nethash_retry: rehashing of set malware-filter_ipv4_range triggered: hashsize grows from 1024 to 1536
Apr 24 19:41:46 kernel: net/ipv4/netfilter/ip_set_nethash.c: nethash_retry: rehashing of set malware-filter_ipv4_range triggered: hashsize grows from 1536 to 2304
Apr 24 19:41:47 kernel: net/ipv4/netfilter/ip_set_nethash.c: nethash_retry: rehashing of set malware-filter_ipv4_range triggered: hashsize grows from 2304 to 3456
Apr 24 19:41:48 system: Malware Filter (ipv4) loaded 33606 unique ip addresses that will be rejected from contacting your router.
Apr 24 19:41:48 system: Malware Filter (ipv4) loaded 851 unique ip ranges that will be rejected from contacting your router.
 
np, happy your enjoying the scripts :) fyi ive updated how to use the debugtool so check the wiki for future actions using that script cause im adding relevant info based on stuff i need to ask over and over so its important to keep the debug tool fresh

Code:
 wget https://gitlab.com/swe_toast/debugtool/raw/master/debugtool.sh && sh debugtool.sh && rm debugtool.sh

basically the way to use it and what it does is
  1. downloads a fresh copy
  2. makes the debug log
  3. deletes the tool
that way i get reverent data for the project
 
@mike37 use ublockr threads for support please and you can set whatever ports you want for pixelserv just check the pixelserv thread here on snbforum for support on how to do that, i can not guarantee that it will work as inteneded but i leave support question for kvic in the pixelserv thread, dont wanna cross threads support cause it gets confusing for users and for myself.

as for the rest of ya rev 26 is up
  • fixes for ipv6 detection (nice catch @unknownz)
https://gitlab.com/swe_toast/malware-filter/raw/master/malware-filter

thumbs up for the quick fix, tested and verified that it's working fine
 
Is there a whitelist option for this? I have a single IP that seems to be being blocked.
 
i could add that for future revisions. but are you sure that it is malware-filter causing that ?
Code:
ipset -L  malware-filter_ipv4 | grep "your_ip_address"

replace your_ip_address with the that you think its blocked, if you get a hit then sure ill add a whitelist.
 
i could add that for future revisions. but are you sure that it is malware-filter causing that ?
Code:
ipset -L  malware-filter_ipv4 | grep "your_ip_address"

replace your_ip_address with the that you think its blocked, if you get a hit then sure ill add a whitelist.
Thanks. Trying to VPN into the router from a hotspot and it is not going through. Over a cellular connection it goes through, and pinging the IP of the hotspot from the router times out. The IP of the hotspot is on at least two blacklists. I'll check when I'm back routerside.
 
Thanks. Trying to VPN into the router from a hotspot and it is not going through. Over a cellular connection it goes through, and pinging the IP of the hotspot from the router times out. The IP of the hotspot is on at least two blacklists. I'll check when I'm back routerside.
The hotspot might block that port?
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top