What's new

Malware Filter / bad host IPSET

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Thanks. Trying to VPN into the router from a hotspot and it is not going through. Over a cellular connection it goes through, and pinging the IP of the hotspot from the router times out. The IP of the hotspot is on at least two blacklists. I'll check when I'm back routerside.
no evidence that malware-filter is the cause for this needs proper verification thru the method i gave before.
 
exactly what i went for :) then i do the obligatory ping test to ensure that its working, although blocklists for ipv6 are rare still hunting

https://gitlab.com/swe_toast/malware-filter/blob/master/malware-filter#L41

also got pingtest only for non asus routers so im not bound to asuswrt only.
I think, because you ping it it falsely thinks IPv6 is on. I noticed this on my router that suddenly domains were querying for IPv6 although the service is disabled everywhere in my LAN and routers.
My ISP STILL does not support IPv6.
You might want to check that before enabling it. On Merlin !disabled means IPv6 is on 100%. If it returns disabled, then it is set to off, 100%, no need to double check.
 
@swetoast my logs show this every 12 hours never any change in the values after boot. At boot the values are different which is good but at the 12 hour mark the logs show this again.
Code:
Apr 27 12:00:37 system: Privacy Filter (ipv4) loaded 72 unique ip addresses that will be rejected from contacting your router.
Apr 27 12:35:09 system: Malware Filter (ipv4) loaded 0 unique ip addresses that will be rejected from contacting your router.
Apr 27 12:35:09 system: Malware Filter (ipv4) loaded 852 unique ip ranges that will be rejected from contacting your router.
Is this normal? Is the script protecting me? The 852 never changes its that way at boot and is still that way now. The values stay the same even privacy filter never changes.
I have latest version of all these scripts including ab-solutions new update. I would like a sleep command to be between the two calls for script to run (in firewall-start) but don't know the syntax to use. Can you advise me please?
 
no evidence that malware-filter is the cause for this needs proper verification thru the method i gave before.
Thanks. Whatever is going on, it isn't the IP or malware-filter. The IP in question isn't in the ipset list. I turned off both malware-filter and ab-solution, and while I have no problem making an OpenVPN connection from other public hotspots, I can't make it from the particular one in question. The connection attempt is logged in syslog, but the handshake fails.
 
@swetoast my logs show this every 12 hours never any change in the values after boot. At boot the values are different which is good but at the 12 hour mark the logs show this again.
Code:
Apr 27 12:00:37 system: Privacy Filter (ipv4) loaded 72 unique ip addresses that will be rejected from contacting your router.
Apr 27 12:35:09 system: Malware Filter (ipv4) loaded 0 unique ip addresses that will be rejected from contacting your router.
Apr 27 12:35:09 system: Malware Filter (ipv4) loaded 852 unique ip ranges that will be rejected from contacting your router.
Is this normal? Is the script protecting me? The 852 never changes its that way at boot and is still that way now. The values stay the same even privacy filter never changes.
I have latest version of all these scripts including ab-solutions new update. I would like a sleep command to be between the two calls for script to run (in firewall-start) but don't know the syntax to use. Can you advise me please?


lets start with malware-filter only again dont want to do crossthread support it gets messy for others to read and if they are seeking support they are likely to confuse facts, just see the whole ab-solution incident with malware-filter getting dragged into it.

now 0 on the whole block is not a good number so something is clearly wrong lets start by analyzing that can you run a manual run of malware-filter by typing

Code:
rm /jffs/malware-filter.list && /jffs/scripts/malware-filter
and then please run in the debug script so we can see whats going on and to verify that everything is correct

Code:
wget --no-check-certificate https://gitlab.com/swe_toast/debugtool/raw/master/debugtool.sh && sh debugtool.sh && rm debugtool.sh

i know @Xentrk had some low numbers but that was due to too many scripts loading at the same time and if you have the same issue what you need to do is space em out using the sleep command
 
Last edited:
Thanks. Whatever is going on, it isn't the IP or malware-filter. The IP in question isn't in the ipset list. I turned off both malware-filter and ab-solution, and while I have no problem making an OpenVPN connection from other public hotspots, I can't make it from the particular one in question. The connection attempt is logged in syslog, but the handshake fails.


seems like there is something wrong with the openvpn configuration nothing i can do about that, start a new thread for support.
 
lets start with malware-filter only again dont want to do crossthread support it gets messy for others to read and if they are seeking support they are likely to confuse facts, just see the whole ab-solution incident with malware-filter getting dragged into it.

now 0 on the whole block is not a good number so something is clearly wrong lets start by analyzing that can you run a manual run of malware-filter by typing

Code:
rm /jffs/malware-filter.list && /jffs/scripts/malware-filter
and then please run in the debug script so we can see whats going on and to verify that everything is correct

Code:
wget https://gitlab.com/swe_toast/debugtool/raw/master/debugtool.sh && sh debugtool.sh && rm debugtool.sh

i know @Xentrk had some low numbers but that was due to too many scripts loading at the same time and if you have the same issue what you need to do is space em out using the sleep command

I ran this command as you asked the output is as follows:
Code:
Using username.


ASUSWRT-Merlin RT-AC68U 380.65-4 Wed Mar 29 04:40:14 UTC 2017
:/tmp/home/root# rm /jffs/malware-filter.list && /j
ffs/scripts/malware-filter
system: Malware Filter (ipv4) loaded 0 unique ip addresses that will be rejected from contacting your router.
system: Malware Filter (ipv4) loaded 0 unique ip ranges that will be rejected from contacting your router.
:/tmp/home/root#

The debug tool wouldn't run gave me this:
Code:
:/tmp/home/root# wget https://gitlab.com/swe_toast/
debugtool/raw/master/debugtool.sh && sh debugtool.sh && rm debugtool.sh
--2017-04-28 08:26:40--  https://gitlab.com/swe_toast/debugtool/raw/master/debugtool.sh
Resolving gitlab.com... 52.167.219.168
Connecting to gitlab.com|52.167.219.168|:443... connected.
ERROR: cannot verify gitlab.com's certificate, issued by 'CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB':
  Unable to locally verify the issuer's authority.
To connect to gitlab.com insecurely, use `--no-check-certificate'.
:/tmp/home/root# wget https://gitlab.com/swe_toast/
debugtool/raw/master/debugtool.sh && sh debugtool.sh && rm debugtool.sh --no-che
ck-certificate
--2017-04-28 08:28:01--  https://gitlab.com/swe_toast/debugtool/raw/master/debugtool.sh
Resolving gitlab.com... 52.167.219.168
Connecting to gitlab.com|52.167.219.168|:443... connected.
ERROR: cannot verify gitlab.com's certificate, issued by 'CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB':
  Unable to locally verify the issuer's authority.
To connect to gitlab.com insecurely, use `--no-check-certificate'.
Am I doing something wrong?
 
Code:
wget --no-check-certificate https://gitlab.com/swe_toast/debugtool/raw/master/debugtool.sh && sh debugtool.sh && rm debugtool.sh
 
ASUSWRT-Merlin RT-AC87U 380.66-beta1-g7b22cbf Fri Apr 21 18:45:56 UTC 2017
...@RT-AC87U:/tmp/home/root# cat /jffs/malware-filter.list
...@RT-AC87U:/tmp/home/root#
 
OK. But why is this file not created? What should I do?
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top