What's new

Malware Filter / bad host IPSET

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

25 actually sry for the confusion its due to a revert i did

changed all around so it says 25 tnx for the heads up
 
Just ran version 25 at the school I support. Works great:

Code:
system: Malware Filter (ipv4) loaded 36115 unique ip addresses that will be rejected from contacting your router.
system: Malware Filter (ipv4) loaded 852 unique ip ranges that will be rejected from contacting your router.

I will now load the new version on the other routers. Thank you for the update!
 
I also confirmed that version 25 works on DD-WRT as well. Woot!
 
Nice :) should support Padavan Firmware out of the box too the only change on that firmware is that of where the malware-filter.list is stored and the actual script basically change jffs to opt.
 
Thanks again @swetoast for maintaining these scripts. pfSense does not have ipset. But it has a package called pfBlockerNG for blocking sites and advertisements. I was able to use the list of malware-filer & privacy-filter.list domains in pfBlockerNG to implement the tool on pfSense.
 
Last edited:
Encountered the following error on RT-N66U running John's fork
Code:
admin@rt-n66u:/tmp/mnt/sda1/entware/bin# time malware-filter
ip6tables v1.3.8: Couldn't load match `set':File not found

Try `ip6tables -h' or 'ip6tables --help' for more information.
system: Malware Filter (ipv4) loaded 47301 unique ip addresses that will be rejected from contacting your router.
system: Malware Filter (ipv4) loaded 850 unique ip ranges that will be rejected from contacting your router.
ipset v4.5: Unknown set
system: Malware Filter (ipv6) loaded -7 unique ip addresses that will be rejected from contacting your router.

Running the debug tool, encountered an error as well
Code:
admin@rt-n66u:/tmp/mnt/sda1/entware/bin# sh debugtool.sh
cat: read error: Is a directory
Do you want to review the debug log and send it (y/n)?y

Link to the debug tool output: https://clbin.com/o7Aal
 
seems that for some reason it tried to use ipv6 on your router, do you have ipv6 enabled ?

the good news is that its blocking on ipv4 so you are protected but it tries also on ipv6 and there is no default blocklist availble there yet but i also see an error that needs fixing
 
Last edited:
@unknownz mind printing out

ip6tables -h

and pasting it here


here u go
Code:
admin@rt-n66u:/tmp/home/root# ip6tables -h
ip6tables v1.3.8

Usage: ip6tables -[AD] chain rule-specification [options]
       ip6tables -[RI] chain rulenum rule-specification [options]
       ip6tables -D chain rulenum [options]
       ip6tables -[LFZ] [chain] [options]
       ip6tables -[NX] chain
       ip6tables -E old-chain-name new-chain-name
       ip6tables -P chain target [options]
       ip6tables -h (print this help information)

Commands:
Either long or short options are allowed.
  --append  -A chain        Append to chain
  --delete  -D chain        Delete matching rule from chain
  --delete  -D chain rulenum
                Delete rule rulenum (1 = first) from chain
  --insert  -I chain [rulenum]
                Insert in chain as rulenum (default 1=first)
  --replace -R chain rulenum
                Replace rule rulenum (1 = first) in chain
  --list    -L [chain]        List the rules in a chain or all chains
  --flush   -F [chain]        Delete all rules in  chain or all chains
  --zero    -Z [chain]        Zero counters in chain or all chains
  --new     -N chain        Create a new user-defined chain
  --delete-chain
            -X [chain]        Delete a user-defined chain
  --policy  -P chain target
                Change policy on chain to target
  --rename-chain
            -E old-chain new-chain
                Change chain name, (moving any references)
Options:
  --proto    -p [!] proto    protocol: by number or name, eg. `tcp'
  --source    -s [!] address[/mask]
                source specification
  --destination -d [!] address[/mask]
                destination specification
  --in-interface -i [!] input name[+]
                network interface name ([+] for wildcard)
  --jump    -j target
                target for rule (may load target extension)
  --match    -m match
                extended match (may load extension)
  --numeric    -n        numeric output of addresses and ports
  --out-interface -o [!] output name[+]
                network interface name ([+] for wildcard)
  --table    -t table    table to manipulate (default: `filter')
  --verbose    -v        verbose mode
  --line-numbers        print line numbers when listing
  --exact    -x        expand numbers (display exact values)
  --modprobe=<command>        try to insert modules using this command
  --set-counters PKTS BYTES    set the counter during insert/append
[!] --version    -V        print package version.

and to answer your previous question, yes my ISP do provide ipv6 and so i have it enabled as well
 
Greets Swetoast!
FYI, I ran malware-filter this morning and got the following:

"insmod: can't insert '/lib/modules/2.6.36.4brcmarm/kernel/net/netfilter/ipset/ip_set.ko': File exists"

The script completed and ipset list indicated lots of addresses blocked :)

I then ran privacy-filter and it completed successfully, but there was no such message.

Also, IIUC, the scripts go out to the net to get the latest addresses and load them directly into the iptables. ISTM this would be a problem if one booted up off line.
Perhaps the block addresses should be loaded into a file somewhere, and when booting off line with fresh addresses unavailable, that file would be loaded into iptables instead..... older addresses would be better than none.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top