Menu
What's new
By:
Filters Better Search

Malware Filter / bad host IPSET

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

elorimer said:
Thanks. Trying to VPN into the router from a hotspot and it is not going through. Over a cellular connection it goes through, and pinging the IP of the hotspot from the router times out. The IP of the hotspot is on at least two blacklists. I'll check when I'm back routerside.
Click to expand...
no evidence that malware-filter is the cause for this needs proper verification thru the method i gave before.
 
swetoast said:
exactly what i went for :) then i do the obligatory ping test to ensure that its working, although blocklists for ipv6 are rare still hunting

https://gitlab.com/swe_toast/malware-filter/blob/master/malware-filter#L41

also got pingtest only for non asus routers so im not bound to asuswrt only.
Click to expand...
I think, because you ping it it falsely thinks IPv6 is on. I noticed this on my router that suddenly domains were querying for IPv6 although the service is disabled everywhere in my LAN and routers.
My ISP STILL does not support IPv6.
You might want to check that before enabling it. On Merlin !disabled means IPv6 is on 100%. If it returns disabled, then it is set to off, 100%, no need to double check.
 
@swetoast my logs show this every 12 hours never any change in the values after boot. At boot the values are different which is good but at the 12 hour mark the logs show this again.
Code: 
Apr 27 12:00:37 system: Privacy Filter (ipv4) loaded 72 unique ip addresses that will be rejected from contacting your router.
Apr 27 12:35:09 system: Malware Filter (ipv4) loaded 0 unique ip addresses that will be rejected from contacting your router.
Apr 27 12:35:09 system: Malware Filter (ipv4) loaded 852 unique ip ranges that will be rejected from contacting your router.
Is this normal? Is the script protecting me? The 852 never changes its that way at boot and is still that way now. The values stay the same even privacy filter never changes.
I have latest version of all these scripts including ab-solutions new update. I would like a sleep command to be between the two calls for script to run (in firewall-start) but don't know the syntax to use. Can you advise me please?
 
swetoast said:
no evidence that malware-filter is the cause for this needs proper verification thru the method i gave before.
Click to expand...
Thanks. Whatever is going on, it isn't the IP or malware-filter. The IP in question isn't in the ipset list. I turned off both malware-filter and ab-solution, and while I have no problem making an OpenVPN connection from other public hotspots, I can't make it from the particular one in question. The connection attempt is logged in syslog, but the handshake fails.
 
skeal said:
@swetoast my logs show this every 12 hours never any change in the values after boot. At boot the values are different which is good but at the 12 hour mark the logs show this again.
Code: 
Apr 27 12:00:37 system: Privacy Filter (ipv4) loaded 72 unique ip addresses that will be rejected from contacting your router.
Apr 27 12:35:09 system: Malware Filter (ipv4) loaded 0 unique ip addresses that will be rejected from contacting your router.
Apr 27 12:35:09 system: Malware Filter (ipv4) loaded 852 unique ip ranges that will be rejected from contacting your router.
Is this normal? Is the script protecting me? The 852 never changes its that way at boot and is still that way now. The values stay the same even privacy filter never changes.
I have latest version of all these scripts including ab-solutions new update. I would like a sleep command to be between the two calls for script to run (in firewall-start) but don't know the syntax to use. Can you advise me please?
Click to expand...


lets start with malware-filter only again dont want to do crossthread support it gets messy for others to read and if they are seeking support they are likely to confuse facts, just see the whole ab-solution incident with malware-filter getting dragged into it.

now 0 on the whole block is not a good number so something is clearly wrong lets start by analyzing that can you run a manual run of malware-filter by typing

Code: 
rm /jffs/malware-filter.list && /jffs/scripts/malware-filter
and then please run in the debug script so we can see whats going on and to verify that everything is correct

Code: 
wget --no-check-certificate https://gitlab.com/swe_toast/debugtool/raw/master/debugtool.sh && sh debugtool.sh && rm debugtool.sh

i know @Xentrk had some low numbers but that was due to too many scripts loading at the same time and if you have the same issue what you need to do is space em out using the sleep command
 
Last edited:
elorimer said:
Thanks. Whatever is going on, it isn't the IP or malware-filter. The IP in question isn't in the ipset list. I turned off both malware-filter and ab-solution, and while I have no problem making an OpenVPN connection from other public hotspots, I can't make it from the particular one in question. The connection attempt is logged in syslog, but the handshake fails.
Click to expand...


seems like there is something wrong with the openvpn configuration nothing i can do about that, start a new thread for support.
 
swetoast said:
lets start with malware-filter only again dont want to do crossthread support it gets messy for others to read and if they are seeking support they are likely to confuse facts, just see the whole ab-solution incident with malware-filter getting dragged into it.

now 0 on the whole block is not a good number so something is clearly wrong lets start by analyzing that can you run a manual run of malware-filter by typing

Code: 
rm /jffs/malware-filter.list && /jffs/scripts/malware-filter
and then please run in the debug script so we can see whats going on and to verify that everything is correct

Code: 
wget https://gitlab.com/swe_toast/debugtool/raw/master/debugtool.sh && sh debugtool.sh && rm debugtool.sh

i know @Xentrk had some low numbers but that was due to too many scripts loading at the same time and if you have the same issue what you need to do is space em out using the sleep command
Click to expand...

I ran this command as you asked the output is as follows:
Code: 
Using username.


ASUSWRT-Merlin RT-AC68U 380.65-4 Wed Mar 29 04:40:14 UTC 2017
:/tmp/home/root# rm /jffs/malware-filter.list && /j
ffs/scripts/malware-filter
system: Malware Filter (ipv4) loaded 0 unique ip addresses that will be rejected from contacting your router.
system: Malware Filter (ipv4) loaded 0 unique ip ranges that will be rejected from contacting your router.
:/tmp/home/root#

The debug tool wouldn't run gave me this:
Code: 
:/tmp/home/root# wget https://gitlab.com/swe_toast/
debugtool/raw/master/debugtool.sh && sh debugtool.sh && rm debugtool.sh
--2017-04-28 08:26:40--  https://gitlab.com/swe_toast/debugtool/raw/master/debugtool.sh
Resolving gitlab.com... 52.167.219.168
Connecting to gitlab.com|52.167.219.168|:443... connected.
ERROR: cannot verify gitlab.com's certificate, issued by 'CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB':
  Unable to locally verify the issuer's authority.
To connect to gitlab.com insecurely, use `--no-check-certificate'.
:/tmp/home/root# wget https://gitlab.com/swe_toast/
debugtool/raw/master/debugtool.sh && sh debugtool.sh && rm debugtool.sh --no-che
ck-certificate
--2017-04-28 08:28:01--  https://gitlab.com/swe_toast/debugtool/raw/master/debugtool.sh
Resolving gitlab.com... 52.167.219.168
Connecting to gitlab.com|52.167.219.168|:443... connected.
ERROR: cannot verify gitlab.com's certificate, issued by 'CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB':
  Unable to locally verify the issuer's authority.
To connect to gitlab.com insecurely, use `--no-check-certificate'.
Am I doing something wrong?
 
Code: 
wget --no-check-certificate https://gitlab.com/swe_toast/debugtool/raw/master/debugtool.sh && sh debugtool.sh && rm debugtool.sh
 
ASUSWRT-Merlin RT-AC87U 380.66-beta1-g7b22cbf Fri Apr 21 18:45:56 UTC 2017
...@RT-AC87U:/tmp/home/root# cat /jffs/malware-filter.list
...@RT-AC87U:/tmp/home/root#
 
OK. But why is this file not created? What should I do?
 
You must log in or register to reply here.

Similar threads

N
Skynet SkyNet/Firewall blocking all ping requests, including outbound
Replies
6
Views
911
nearlyheadlessarvie
N
A
Policy-based port routing to bypass NordVPN client
Replies
10
Views
2K
Don->
D
cyruz
Reversing the web node reboot feature
Replies
0
Views
665
cyruz
cyruz
cyruz
cfgmnt-sender - Send decoded event to the cfg_server
Replies
0
Views
524
cyruz
cyruz
commodoro
DDNS Custom check External IP and refresh if necessary
Replies
0
Views
658
commodoro
commodoro
Similar threads
Thread starter Title Forum Replies Date
TheLyppardMan MAC Filter Options Asuswrt-Merlin 29
M Wireless Mac filter defaulting to whitelist. Asuswrt-Merlin 5
R Wireless MAC (Band filter filtering out Guest network) Asuswrt-Merlin 2
G Feature request: firewall url filter log Asuswrt-Merlin 0
TanyaC cannot add domain to router URL filter Asuswrt-Merlin 15
C How to filter out foreign countries Asuswrt-Merlin 3
N (Solved - Bad router) RT-AX88U node causes network instability (3004.388.7) Asuswrt-Merlin 2
K Need help with a bad DHCP issue!!!! Asuswrt-Merlin 6

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 754 (members: 23, guests: 731)
Top