What's new

Malware Filter / bad host IPSET

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

but its easy to fix all you have to do is delete the follwing parts

Code:
iptables-save | grep -q "Malware-Filter" ||
iptables-save | grep -q "Malware-Range-Filter" ||

and theoretically it should work
 
but its easy to fix all you have to do is delete the follwing parts

Code:
iptables-save | grep -q "Malware-Filter" ||
iptables-save | grep -q "Malware-Range-Filter" ||

and theoretically it should work
It would keep adding the iptables rule over and over again on each run of the script if you remove that part. Perhaps it would be better to substitute iptables-save with iptables -L on the dd-wrt router
 
yeah probly hard for me to know since i dont have a ddwrt router next good question is how to detect if it is a ddwrt then just make a case string
 
No, I mean that iptables-save can be replaced with iptables -L for all cases, it should work for dd-wrt as well.
If you want to check specifically for DD-WRT routers, you can look for some identifying text in (slash)proc(slash)version for example (forum is not allowing the / character with those words:eek:)
 
Last edited:
but i also see this comment
use tomato or dd-wrt versions of iptables.
so whats available on ddwrt ?
The suggested resolution will not work for dd-wrt because the version that comes with dd-wrt is also incomplete and is an older version when compared to what is on entware.
 
No, I mean that iptables-save can be replaced with iptables -L for all cases, it should work for dd-wrt as well.
If you want to check specifically for DD-WRT routers, you can look for some identifying text in (slash)proc(slash)version for example (forum is not allowing the / character with those words:eek:)

Here is the output of cat "slash"proc"slash"version
Code:
Linux version 4.4.12 (root@nmndev) (gcc version 5.3.0 (OpenWrt GCC 5.3.0 r48868) ) #883 SMP Fri Jun 3 13:48:18 CEST 2016

I got a security alert when trying to use a slash inside the code quote. That is a new one.
 
No, I mean that iptables-save can be replaced with iptables -L for all cases, it should work for dd-wrt as well.
If you want to check specifically for DD-WRT routers, you can look for some identifying text in (slash)proc(slash)version for example (forum is not allowing the / character with those words:eek:)
Replacing iptables-save with iptables -L worked! No errors.
 
so there is your resolution just change that line :) added it to the wiki so it may benefit others
 
so there is your resolution just change that line :) added it to the wiki so it may benefit others
That was the fix. Getting your scripts to work on DD-WRT has exposed some if it's issues and has made me appreciate ASUS Merlin Firmware that much more. The issues seem to be carried over into the entware iptables package as well. In addition to the iptables-save error, I get this error when running blockstats:

Code:
ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.

ipset is another utility not on DD-WRT. Even though I installed ipset from entware, I had to side load xp_set from a forum posting on DD-WRT forum to get it working. Then, I have to insmod /jffs/usr/lib/modules/xt_set.ko in the router start-up script. It was rewarding when I got it all to work though. I have found that crontab if flaky and access restrictions is broken. I have had to script work arounds as a result.

Whenever I see someone with an ASUS router who wants to flash to DD-WRT, I have to cringe.
 
Hi, Toast!
I d/led the new script and ran it and I got the following error, "Iptables V1.4.14: unknown option "-m".
What needs to be changed?
 
Hi, Toast!
I d/led the new script and ran it and I got the following error, "Iptables V1.4.14: unknown option "-m".
What needs to be changed?
Never mind the above error. I found the problem. It was from my copying the file, but I did get a msg., "Syntacs error: '241.10.143.81' is invalid as a number".
 
Malware-filter is running for me, but I have been reading this thread.
I can't find the wiki for this script.
Should I change the "Iptables-save" to "Iptables -L" on my Asus-Merlin?
 
I get this error when running blockstats
I am guessing that you use ipset v6. You can change the alias to be
Code:
alias blockstats='iptables -L -v | sed "2q;d"; iptables -L -v | grep "match-set"'
That would give stats on your ipv4 blocklists, there are a very few ipv6 blocklists and I don't think you are using any of those as you do not have ip6tables
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top