What's new

Privacy Filter (Another IPSET Script)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

It does not work. Please help ... :(

Code:
ASUSWRT-Merlin RT-AC87U 380.65-4 Wed Mar 29 04:40:59 UTC 2017
...@RT-AC87U:/tmp/home/root# /jffs/scripts/privacy-filter
awk: cmd. line:1: Unexpected token
system: Privacy Filter (ipv4) loaded 0 unique ip addresses that will be rejected from contacting your router.
system: Privacy Filter (ipv6) loaded 0 unique ip addresses that will be rejected from contacting your router.
 
Last edited:
Thanks for the answer ...

Code:
...@RT-AC87U:/tmp/home/root# rm /jffs/scripts/privacy-filter
...@RT-AC87U:/tmp/home/root# wget https://gitlab.com/swe_toast/privacy-filter/raw/master/privacy-filter -O /jffs/scrip
ts/privacy-filter
--2017-04-14 20:03:57--  https://gitlab.com/swe_toast/privacy-filter/raw/master/privacy-filter
Resolving gitlab.com... 52.167.219.168
Connecting to gitlab.com|52.167.219.168|:443... connected.
ERROR: cannot verify gitlab.com's certificate, issued by 'CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB':
  Unable to locally verify the issuer's authority.
To connect to gitlab.com insecurely, use `--no-check-certificate'.
 
First, appears to be working great for me!

Couple of questions:
1) Has anyone tested how much of the telemetry calls are blocked? I was thinking of running a test, but need to set up a proxy server. My assumption is that Microsoft tries to change URLs quite a bit, and I'm curious to see how often.
2) (Slightly off topic): My understanding is that Windows 7, if several updates are removed, doesn't have the same privacy issues. Is this true? If not, does the privacy-filter block list block the relevant sites for Windows 7?

Thanks!
 
Thanks for the answer ...

Code:
...@RT-AC87U:/tmp/home/root# rm /jffs/scripts/privacy-filter
...@RT-AC87U:/tmp/home/root# wget https://gitlab.com/swe_toast/privacy-filter/raw/master/privacy-filter -O /jffs/scrip
ts/privacy-filter
--2017-04-14 20:03:57--  https://gitlab.com/swe_toast/privacy-filter/raw/master/privacy-filter
Resolving gitlab.com... 52.167.219.168
Connecting to gitlab.com|52.167.219.168|:443... connected.
ERROR: cannot verify gitlab.com's certificate, issued by 'CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB':
  Unable to locally verify the issuer's authority.
To connect to gitlab.com insecurely, use `--no-check-certificate'.

Code:
wget --no-check-certificate https://gitlab.com/swe_toast/privacy-filter/raw/master/privacy-filter -O /jffs/scrip
ts/privacy-filter
 
@jayten there is a command for showing how much is blocked in the thread

but here it is again :)

iptables -L -v | grep "privacy-filter_ipv"

the numbers in the row indicate how much was blocked

Code:
 pkts bytes target     prot opt in     out     source               destination        
  158  8232 REJECT     all  --  any    any     anywhere             anywhere             match-set privacy-filter_ipv4 dst reject-with icmp-port-unreachable

Dont remember if windows 7 updates was able to remove telemetry rarely run older OS anywhere
 
here's another output - i did all the steps you described but am still getting these errors:

Unable to locally verify the issuer's authority.
and
awk: cmd. line:1: Unexpected token

I am also using your malware script w/o any issues, i have AB-solutions installed as well. Any suggestions?

Code:
...@RT-AC87U:/tmp/home/root# wget --no-check-certificate https://gitlab.com/swe_toast/privacy-filter/raw/master/privacy-filter -O /jffs/scripts/privacy-filter
Will not apply HSTS. The HSTS database must be a regular and non-world-writable file.
ERROR: could not open HSTS store at '/root/.wget-hsts'. HSTS will be disabled.
--2017-04-15 07:57:31--  https://gitlab.com/swe_toast/privacy-filter/raw/master/privacy-filter
Resolving gitlab.com... 52.167.219.168
Connecting to gitlab.com|52.167.219.168|:443... connected.
WARNING: cannot verify gitlab.com's certificate, issued by 'CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB':
  Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: 6939 (6.8K) [text/plain]
Saving to: '/jffs/scripts/privacy-filter'

/jffs/scripts/privacy-filter  100%[==============================================>]   6.78K  --.-KB/s    in 0.003s

2017-04-15 07:57:31 (2.04 MB/s) - '/jffs/scripts/privacy-filter' saved [6939/6939]

...@RT-AC87U:/tmp/home/root# dos2unix /jffs/scripts/privacy-filter
...@RT-AC87U:/tmp/home/root# /jffs/scripts/privacy-filter
awk: cmd. line:1: Unexpected token
system: Privacy Filter (ipv4) loaded 0 unique ip addresses that will be rejected from contacting your router.
system: Privacy Filter (ipv6) loaded 0 unique ip addresses that will be rejected from contacting your router.
...@RT-AC87U:/tmp/home/root#

Code:
Apr 15 09:58:25 system: Privacy Filter (ipv4) loaded 0 unique ip addresses that will be rejected from contacting your router.
Apr 15 09:58:25 system: Privacy Filter (ipv6) loaded 0 unique ip addresses that will be rejected from contacting your router.
 
Last edited:
here's another output - i did all the steps you described but am still getting these errors:

Unable to locally verify the issuer's authority.
and
awk: cmd. line:1: Unexpected token

I am also using your malware script w/o any issues, i have AB-solutions installed as well. Any suggestions?

Code:
...@RT-AC87U:/tmp/home/root# wget --no-check-certificate https://gitlab.com/swe_toast/privacy-filter/raw/master/privacy-filter -O /jffs/scripts/privacy-filter
Will not apply HSTS. The HSTS database must be a regular and non-world-writable file.
ERROR: could not open HSTS store at '/root/.wget-hsts'. HSTS will be disabled.
--2017-04-15 07:57:31--  https://gitlab.com/swe_toast/privacy-filter/raw/master/privacy-filter
Resolving gitlab.com... 52.167.219.168
Connecting to gitlab.com|52.167.219.168|:443... connected.
WARNING: cannot verify gitlab.com's certificate, issued by 'CN=COMODO RSA Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB':
  Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: 6939 (6.8K) [text/plain]
Saving to: '/jffs/scripts/privacy-filter'

/jffs/scripts/privacy-filter  100%[==============================================>]   6.78K  --.-KB/s    in 0.003s

2017-04-15 07:57:31 (2.04 MB/s) - '/jffs/scripts/privacy-filter' saved [6939/6939]

...@RT-AC87U:/tmp/home/root# dos2unix /jffs/scripts/privacy-filter
...@RT-AC87U:/tmp/home/root# /jffs/scripts/privacy-filter
awk: cmd. line:1: Unexpected token
system: Privacy Filter (ipv4) loaded 0 unique ip addresses that will be rejected from contacting your router.
system: Privacy Filter (ipv6) loaded 0 unique ip addresses that will be rejected from contacting your router.
...@RT-AC87U:/tmp/home/root#

Code:
Apr 15 09:58:25 system: Privacy Filter (ipv4) loaded 0 unique ip addresses that will be rejected from contacting your router.
Apr 15 09:58:25 system: Privacy Filter (ipv6) loaded 0 unique ip addresses that will be rejected from contacting your router.

I ran the same wget with no errors. Please post the output of wget version:
Code:
 wget -V | grep built
GNU Wget 1.16 built on linux-gnu.
 
Last edited:
@Xentrk
Code:
GNU Wget 1.18 built on linux-gnu.

@swetoast
Code:
...@RT-AC87U:/tmp/home/root# /jffs/scripts/debugtool.sh
grep not installedca-certificates not installedcoreutils-stat not installedDo you want to review the debug log and send it (y/n)?y

Router Model:

ASUSWRT-Merlin RT-AC87U 380.65-4 Wed Mar 29 04:40:59 UTC 2017

Checking for Entware:
Entware is present

Entware packages:
wget - 1.18-2
pixelserv-tls - V35.HZ12.Ki-1

Locating uBlockr Paths

Locating Malware-Filter Paths
/jffs/scripts/malware-filter
/jffs/malware-filter.list

Detecting Ipset version on router
ipset v6.29, protocol version: 6

Locating Malware-Filter Paths
/jffs/scripts/privacy-filter
/jffs/privacy-filter.list
/tmp/privacy-filter_ipv6.prelist
/tmp/privacy-filter_ipv4.prelist

Detecting Ipset version on router
ipset v6.29, protocol version: 6
Press any key to continue... or press CTRL+C to cancel

https://clbin.com/z94dd
 
@Xentrk
Code:
GNU Wget 1.18 built on linux-gnu.

https://clbin.com/z94dd

I see that you have wget installed from entware and it appears to be a different version from the kernel . If you type /usr/sbin/wget -V | grep built, does it list version 1.16? If so, you may want to edit privacy-filter references for wget and change it to /usr/sbin/wget and test it to see if that makes it work. Something may be different in 1.18-2 that is causing the error.
 
Thank you for your efforts, sir.
Unfortunately, the change has no effect. :(
Code:
...@RT-AC87U:/tmp/home/root#
...@RT-AC87U:/tmp/home/root# dos2unix /jffs/scripts/privacy-filter
...@RT-AC87U:/tmp/home/root# /jffs/scripts/privacy-filter
awk: cmd. line:1: Unexpected token
system: Privacy Filter (ipv4) loaded 0 unique ip addresses that will be rejected from contacting your router.
system: Privacy Filter (ipv6) loaded 0 unique ip addresses that will be rejected from contacting your router.
 
Thank you for your efforts, sir.
Unfortunately, the change has no effect. :(
Code:
...@RT-AC87U:/tmp/home/root#
...@RT-AC87U:/tmp/home/root# dos2unix /jffs/scripts/privacy-filter
...@RT-AC87U:/tmp/home/root# /jffs/scripts/privacy-filter
awk: cmd. line:1: Unexpected token
system: Privacy Filter (ipv4) loaded 0 unique ip addresses that will be rejected from contacting your router.
system: Privacy Filter (ipv6) loaded 0 unique ip addresses that will be rejected from contacting your router.
What about the contents of /jffs/privacy-filter.list? Is it there or have DOS characters in it?
 
that shouldnt matter since the script uses dos2unix on it too its in the script got tired of all malformed list so i added it to the script. But im gonna check on it today once i had my coffee and see what i can see the thing im most curious about is what version of awk is causing this issue

so awk --version would be nice and which awk
 
Last edited:
Excuse me, sir. And thank you for your time ...
Code:
ASUSWRT-Merlin RT-AC87U 380.65-4 Wed Mar 29 04:40:59 UTC 2017
...@RT-AC87U:/tmp/home/root# awk --version
awk: unrecognized option `--version'
BusyBox v1.25.1 (2017-03-29 00:40:57 EDT) multi-call binary.

Usage: awk [OPTIONS] [AWK_PROGRAM] [FILE]...
 
# which awk
/usr/bin/awk

forgot that awk didnt have version but it looks like its the busybox version shipped with merlin, freaking wierd since it works for everyone else running the same script

cause this lines should not cause problems
https://gitlab.com/swe_toast/privacy-filter/blob/master/privacy-filter#L61
https://gitlab.com/swe_toast/privacy-filter/blob/master/privacy-filter#L78

$local_v4 is blank i.e. null string.

Normally the correct search syntax is

e.g.
Code:
 awk /$string/ /file_name

but if the $string variable is blank then it matches all lines in the file which is probably in most cases undesirable.

Try

Code:
awk /tmp/syslog.log

awk kernel /tmp/syslog.log

awk /kernel/ /tmp/syslog.log
 
Last edited:

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top