my idea was to check if there is a .add file check if that add file has a entry for privacy filter then if it hasnt add it, in addition i wanted the script if it has a .add file check if the conf has loaded the privacy filter if not add it
think this is a secure way of doing it.
if [ ! -f $dnsmasq_cfg ]; then if grep -Fxq "#privacy-filter" $dnsmasq_cfg then logger -s -t privacy-filter is present in $dnsmasq_cfg
well yeah
https://github.com/RMerl/asuswrt-merlin/wiki/Entware
you need to install entware in order to use this particular script so begin with that.
And if you need support on that start a new thread after you installed entware you just place that script at /jffs/script/firewall-start and another script at where ever you want preferable /opt/var/cache/privacy-filter/privacy-filter.list and then make /jffs/script/firewall-start executable
this all takes basic linux knowledge and the wiki is always a good place for info along with this forum.
googleadservices.com
www.google-analytics.com
google-analytics.com
ssl.google-analytics.com
for i in `cat $path/privacy-filter.list`; do nslookup $i | tail -3 | grep -oE "$regexp" >> $path/privacy_block.pre; done
for i in `cat $path/privacy-filter.list`; do traceroute $i | head -1 | grep -oE "$regexp" >> $path/privacy_block.pre; done
#!/bin/sh
# Author: Toast
# Contributers: Tomsk
# Revision 5
path=/jffs/scripts/privacy-filter.list # Set your path here
regexp=`echo "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"` # Dont change this value
if [ -z "$(which opkg)" ]; then logger -s -t system "no package manager found"; exit 0; else
if [ -z "$(opkg list-installed | grep hostip)" ]; then opkg install hostip; fi fi
if [ -f $path/privacy_block.list ]; then rm $path/privacy_block.list; fi
for i in `cat $path/privacy-filter.list`; do hostip $i >>$path/privacy_block.pre; done
sort -u $path/privacy_block.pre > $path/privacy_block.list
if [ -f $path/privacy_block.pre ]; then rm $path/privacy_block.pre; fi
case $(ipset -v | grep -oE "ipset v[0-9]") in
*v6) # Value for ARM Routers
MATCH_SET='--match-set'
HASH='hash:ip'
SYNTAX='add'
SWAPPED='swap'
DESTROYED='destroy'
ipsetv=6
lsmod | grep "xt_set" > /dev/null 2>&1 || \
for module in ip_set ip_set_hash_net ip_set_hash_ip xt_set
do
insmod $module
done
;;
*v4) # Value for Mips Routers
MATCH_SET='--set'
HASH='iphash'
SYNTAX='-q -A'
SWAPPED='-W'
DESTROYED='--destroy'
ipsetv=4
lsmod | grep "ipt_set" > /dev/null 2>&1 || \
for module in ip_set ip_set_nethash ip_set_iphash ipt_set
do
insmod $module
done
;;
esac
run_ipset () {
ipset -L privacy-filter >/dev/null 2>&1
if [ $? -ne 0 ]; then
if [ "$(ipset --swap privacy-filter privacy-filter 2>&1 | grep -E 'Unknown set|The set with the given name does not exist')" != "" ]; then
nice ipset -N privacy-filter $HASH
for i in `cat $path/privacy_block.list`; do nice -n 2 ipset $SYNTAX privacy-filter $i ; done
fi
else
nice -n 2 ipset -N privacy-update $HASH
for i in `cat $path/privacy_block.list`; do nice -n 2 ipset $SYNTAX privacy-update $i ; done
nice -n 2 ipset $SWAPPED privacy-update privacy-filter
nice -n 2 ipset $DESTROYED privacy-update
fi
iptables -L | grep privacy-filter > /dev/null 2>&1
if [ $? -ne 0 ]; then
nice -n 2 iptables -I FORWARD -m set $MATCH_SET privacy-filter src,dst -j REJECT
else
nice -n 2 iptables -D FORWARD -m set $MATCH_SET privacy-filter src,dst -j REJECT
nice -n 2 iptables -I FORWARD -m set $MATCH_SET privacy-filter src,dst -j REJECT
fi
}
run_ipset
exit $?
}
run_ipset
exit $?
bing.com
a.ads1.msn.com
a.ads2.msads.net
a.ads2.msn.com
a.rad.msn.com
a-0001.a-msedge.net
a-0002.a-msedge.net
a-0003.a-msedge.net
a-0004.a-msedge.net
a-0005.a-msedge.net
a-0006.a-msedge.net
a-0007.a-msedge.net
a-0008.a-msedge.net
a-0009.a-msedge.net
ac3.msn.com
ad.doubleclick.net
adnexus.net
adnxs.com
ads.msn.com
ads1.msads.net
ads1.msn.com
aidps.atdmt.com
aka-cdn-ns.adtech.de
a-msedge.net
apps.skype.com
az361816.vo.msecnd.net
az512334.vo.msecnd.net
b.ads1.msn.com
b.ads2.msads.net
b.rad.msn.com
bs.serving-sys.com
c.atdmt.com
c.msn.com
cdn.atdmt.com
cds26.ams9.msecn.net
choice.microsoft.com
choice.microsoft.com.nsatc.net
compatexchange.cloudapp.net
corp.sts.microsoft.com
corpext.msitadfs.glbdns2.microsoft.com
cs1.wpc.v0cdn.net
db3aqu.atdmt.com
df.telemetry.microsoft.com
diagnostics.support.microsoft.com
ec.atdmt.com
fe2.update.microsoft.com.akadns.net
feedback.microsoft-hohm.com
feedback.search.microsoft.com
feedback.windows.com
flex.msn.com
g.msn.com
h1.msn.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net
lb1.www.ms.akadns.net
live.rads.msn.com
m.adnxs.com
m.hotmail.com
msedge.net
msftncsi.com
msnbot-65-55-108-23.search.msn.com
msntest.serving-sys.com
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
pre.footprintpredict.com
preview.msn.com
pricelist.skype.com
rad.live.com
rad.msn.com
redir.metaservices.microsoft.com
reports.wes.df.telemetry.microsoft.com
s.gateway.messenger.live.com
s0.2mdn.net
schemas.microsoft.akadns.net
secure.adnxs.com
secure.flashtalking.com
services.wes.df.telemetry.microsoft.com
settings-sandbox.data.microsoft.com
settings-win.data.microsoft.com
sls.update.microsoft.com.akadns.net
sqm.df.telemetry.microsoft.com
sqm.telemetry.microsoft.com
sqm.telemetry.microsoft.com.nsatc.net
static.2mdn.net
statsfe1.ws.microsoft.com
statsfe2.update.microsoft.com.akadns.net
statsfe2.ws.microsoft.com
survey.watson.microsoft.com
telecommand.telemetry.microsoft.com
telecommand.telemetry.microsoft.com.nsatc.net
telemetry.appex.bing.net
telemetry.microsoft.com
telemetry.urs.microsoft.com
view.atdmt.com
vortex.data.microsoft.com
vortex-bn2.metron.live.com.nsatc.net
vortex-cy2.metron.live.com.nsatc.net
vortex-sandbox.data.microsoft.com
vortex-win.data.microsoft.com
watson.live.com
watson.microsoft.com
watson.ppe.telemetry.microsoft.com
watson.telemetry.microsoft.com
watson.telemetry.microsoft.com.nsatc.net
wes.df.telemetry.microsoft.com
www.msftncsi.com
www.msftncsi.org
nametests.com
oyag.lhzbdvm.com
oyag.prugskh.net
oyag.prugskh.com
census1.shodan.io
census2.shodan.io
census3.shodan.io
census4.shodan.io
census5.shodan.io
census6.shodan.io
census7.shodan.io
census8.shodan.io
census9.shodan.io
census10.shodan.io
census11.shodan.io
census12.shodan.io
atlantic.census.shodan.io
pacific.census.shodan.io
rim.census.shodan.io
pirate.census.shodan.io
ninja.census.shodan.io
border.census.shodan.io
burger.census.shodan.io
atlantic.dns.shodan.io
hello.data.shodan.io
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set privacy-filter src,dst reject-with icmp-port-unreachable
87 40309 ACCEPT all -- tun11 * 0.0.0.0/0 0.0.0.0/0
534 44761 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP all -- !br0 eth0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0
141 23435 NSFW all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT
141 23435 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
watch iptables -vnL FORWARD | grep privacy
1513 71592 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set privacy-filter src,dst reject-with icmp-port-unreachable
1516 71736 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set privacy-filter src,dst reject-with icmp-port-unreachable
1517 71776 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set privacy-filter src,dst reject-with icmp-port-unreachable
1520 71928 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set privacy-filter src,dst reject-with icmp-port-unreachable
1523 72072 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set privacy-filter src,dst reject-with icmp-port-unreachable
1526 72212 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 match-set privacy-filter src,dst reject-with icmp-port-unreachable
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!