#!/bin/sh
# Author: Toast
# Contributers: Tomsk
# Revision 12
blocklist=/jffs/privacy-filter.list # Set your path here
retries=3 # Set number of tries here
failover=eth0 # Change only if WAN interface is not detected.
# Dont change this value
regexp_v4=`echo "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"`
local_v4=`echo "!/(^127\.)|(^10\.)|(^172\.1[6-9]\.)|(^172\.2[0-9]\.)|(^172\.3[0-1]\.)|(^192\.168\.)/"`
regexp_v6=`echo "^(([0-9a-f]){1,4}:)+(:)?(([0-9a-f]){1,4}:)+(:)?(([0-9a-f]){1,4})"`
local_v6=`echo "!(^(fc00::)"`
# Dont change this value
case $(ipset -v | grep -oE "ipset v[0-9]") in
*v6) # Value for ARM Routers
MATCH_SET='--match-set'
HASH='hash:ip'
SYNTAX='add'
SWAPPED='swap'
DESTROYED='destroy'
INET6='family inet6'
ipsetv=6
lsmod | grep "xt_set" > /dev/null 2>&1 || \
for module in ip_set ip_set_hash_net ip_set_hash_ip xt_set
do
insmod $module
done
;;
*v4) # Value for Mips Routers
MATCH_SET='--set'
HASH='iphash'
SYNTAX='-q -A'
SWAPPED='-W'
DESTROYED='--destroy'
IPV6=''
ipsetv=4
lsmod | grep "ipt_set" > /dev/null 2>&1 || \
for module in ip_set ip_set_nethash ip_set_iphash ipt_set
do
insmod $module
done
;;
esac
check_online () {
if [ -z "$(which nvram)" ]; then
iface=`grep "$failover" /proc/net/dev`
if [ -n "$iface" ]; then
if [ $(curl -s https://4.ifcfg.me/ | grep -oE "$regexp_v4") ]
then get_list; fi
else exit 1; fi
else iface=`nvram get wan0_ifname`
if [ -n "$iface" ]; then
if [ $(curl -s https://4.ifcfg.me/ | grep -oE "$regexp_v4") ]
then get_list; fi
else exit 1; fi
fi }
get_list () {
url=https://gitlab.com/swe_toast/privacy-filter/raw/master/privacy-filter.list
if [ ! -f $blocklist ]
then wget -q --tries=$retries --show-progress $url -O $blocklist; fi }
run_ipv4_block () {
if [ -f /tmp/privacy-filter_ipv4_sorted.part ]; then rm /tmp/privacy-filter_ipv4_sorted.part; fi
if [ -z "$(which hostip)" ]; then
if [ -z "$(which /opt/bin/xargs)" ]
then cat $blocklist | xargs -n 5 -I {} sh -c "traceroute -4 {} | head -1 >> "/tmp/privacy-filter_ipv4_raw.part""
else cat $blocklist | /opt/bin/xargs -P 10 -n 5 -I {} sh -c "traceroute -4 {} | head -1 >> "/tmp/privacy-filter_ipv4_raw.part""; fi
cat /tmp/privacy-filter_ipv4_raw.part | grep -oE "$regexp_v4" >> /tmp/privacy-filter_ipv4_presort.part
else if [ -z "$(which /opt/bin/xargs)" ]
then cat $blocklist | xargs -n 5 -I {} sh -c "hostip {} >> "/tmp/privacy-filter_ipv4.prelist""
else cat $blocklist | /opt/bin/xargs -P 10 -n 5 -I {} sh -c "hostip {} >> "/tmp/privacy-filter_ipv4.prelist""; fi
fi
if [ -f /tmp/privacy-filter_ipv4_presort.part ]; then
awk $local_v4 /tmp/privacy-filter_ipv4_presort.part > /tmp/privacy-filter_ipv4.prelist; fi
if [ -f /tmp/privacy-filter_ipv4.prelist ]; then sort -u /tmp/privacy-filter_ipv4.prelist > /tmp/privacy-filter_ipv4_sorted.part; fi
}
run_ipv6_block () {
if [ -f /tmp/privacy-filter_ipv6_sorted.part ]; then rm /tmp/privacy-filter_ipv6_sorted.part; fi
if [ -z "$(which hostip)" ]; then
if [ -z "$(which /opt/bin/xargs)" ]
then cat $blocklist | xargs -n 5 -I {} sh -c "traceroute -6 {} | head -1 >> "/tmp/privacy-filter_ipv6_raw.part""
else cat $blocklist | /opt/bin/xargs -P 10 -n 5 -I {} sh -c "traceroute -6 {} | head -1 >> "/tmp/privacy-filter_ipv6_raw.part""; fi
cat /tmp/privacy-filter_ipv6_raw.part | grep -oE "$regexp_v6" >> /tmp/privacy-filter_ipv6_presort.part
else if [ -z "$(which /opt/bin/xargs)" ]
then cat $blocklist | xargs -n 5 -I {} sh -c "hostip -6 {} >> "/tmp/privacy-filter_ipv6.prelist""
else cat $blocklist | /opt/bin/xargs -P 10 -n 5 -I {} sh -c "hostip -6 {} >> "/tmp/privacy-filter_ipv6.prelist""; fi
fi
if [ -f /tmp/privacy-filter_ipv6_presort.part ]; then
awk $local_v6 /tmp/privacy-filter_ipv6_presort.part > /tmp/privacy-filter_ipv6.prelist; fi
if [ -f /tmp/privacy-filter_ipv6.prelist ]; then sort -u /tmp/privacy-filter_ipv6.prelist > /tmp/privacy-filter_ipv6_sorted.part; fi
}
run_ipset_4 () {
ipset -L privacy-filter_ipv4 >/dev/null 2>&1
if [ $? -ne 0 ]; then
if [ "$(ipset --swap privacy-filter_ipv4 privacy-filter_ipv4 2>&1 | grep -E 'Unknown set|The set with the given name does not exist')" != "" ]; then
nice ipset -N privacy-filter_ipv4 $HASH
cat /tmp/privacy-filter_ipv4_sorted.part | xargs -I {} ipset $SYNTAX privacy-filter_ipv4 {}
fi
else
nice -n 2 ipset -N privacy-update_ipv4 $HASH
cat /tmp/privacy-filter_ipv4_sorted.part | xargs -I {} ipset $SYNTAX privacy-update_ipv4 {}
nice -n 2 ipset $SWAPPED privacy-update_ipv4 privacy-filter_ipv4
nice -n 2 ipset $DESTROYED privacy-update_ipv4
fi
iptables -L | grep privacy-filter_ipv4 > /dev/null 2>&1
if [ $? -ne 0 ]; then
nice -n 2 iptables -I FORWARD -m set $MATCH_SET privacy-filter_ipv4 src,dst -j REJECT
else
nice -n 2 iptables -D FORWARD -m set $MATCH_SET privacy-filter_ipv4 src,dst -j REJECT
nice -n 2 iptables -I FORWARD -m set $MATCH_SET privacy-filter_ipv4 src,dst -j REJECT
fi }
run_ipset_6 () {
ipset -L privacy-filter_ipv6 >/dev/null 2>&1
if [ $? -ne 0 ]; then
if [ "$(ipset --swap privacy-filter_ipv6 privacy-filter_ipv6 2>&1 | grep -E 'Unknown set|The set with the given name does not exist')" != "" ]; then
nice ipset -N privacy-filter_ipv6 $HASH $INET6
cat /tmp/privacy-filter_ipv6_sorted.part | xargs -I {} ipset $SYNTAX privacy-filter_ipv6 {}
fi
else
nice -n 2 ipset -N privacy-update_ipv6 $HASH $INET6
cat /tmp/privacy-filter_ipv6_sorted.part | xargs -I {} ipset $SYNTAX privacy-update_ipv6 {}
nice -n 2 ipset $SWAPPED privacy-update_ipv6 privacy-filter_ipv6
nice -n 2 ipset $DESTROYED privacy-update_ipv6
fi
iptables -L | grep privacy-filter_ipv6 > /dev/null 2>&1
if [ $? -ne 0 ]; then
nice -n 2 ip6tables -I FORWARD -m set $MATCH_SET privacy-filter_ipv6 src,dst -j REJECT
else
nice -n 2 ip6tables -D FORWARD -m set $MATCH_SET privacy-filter_ipv6 src,dst -j REJECT
nice -n 2 ip6tables -I FORWARD -m set $MATCH_SET privacy-filter_ipv6 src,dst -j REJECT
fi }
run_blocklists () {
run_ipv4_block
case $(ipset -v | grep -oE "ipset v[0-9]") in
*v6) if [ "$(cat /proc/net/if_inet6 | wc -l)" -gt "0" ]; then run_ipv6_block; fi ;;
esac }
run_ipset () {
run_ipset_4
case $(ipset -v | grep -oE "ipset v[0-9]") in
*v6) if [ "$(cat /proc/net/if_inet6 | wc -l)" -gt "0" ]; then run_ipset_6; fi ;;
esac }
cleanup () {
find /tmp -type f -name 'privacy-filter_ipv*.part' -delete
}
check_online
run_blocklists
run_ipset
cleanup
exit $?