What's new

Privacy Filter (Another IPSET Script)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

well it actually is within / / if you look at the regexp

and it still doesnt explain why it works for the rest of us when we are running the same software

system: Privacy Filter (ipv4) loaded 119 unique ip addresses that will be rejected from contacting your router.
 
Last edited:
well it actually is within / / if you look at the regexp

and it still doesnt explain why it works for the rest of us when we are running the same software

system: Privacy Filter (ipv4) loaded 119 unique ip addresses that will be rejected from contacting your router.

Explicitly enclose the awk 'program' with single quotes

Code:
awk '$local_v4' .............

or provide the OP with a diagnostic version of the script that adds the debug directives around the statement that is causing the syntax error.
 
OK
Thank you very much! The syntax error is history ... but why are no IPv6 addresses loaded?

Code:
ASUSWRT-Merlin RT-AC87U 380.65-4 Wed Mar 29 04:40:59 UTC 2017
...@RT-AC87U:/tmp/home/root# /jffs/scripts/privacy-filter
system: Privacy Filter (ipv4) loaded 81 unique ip addresses that will be rejected from contacting your router.
system: Privacy Filter (ipv6) loaded 0 unique ip addresses that will be rejected  from contacting your router.
 
could try and install hostip via entware

opkg install hostip

if ipv6 loads addresses then i got a bug present
 
OK
Thank you very much! The syntax error is history ... but why are no IPv6 addresses loaded?

Code:
ASUSWRT-Merlin RT-AC87U 380.65-4 Wed Mar 29 04:40:59 UTC 2017
...@RT-AC87U:/tmp/home/root# /jffs/scripts/privacy-filter
system: Privacy Filter (ipv4) loaded 81 unique ip addresses that will be rejected from contacting your router.
system: Privacy Filter (ipv6) loaded 0 unique ip addresses that will be rejected  from contacting your router.

It only loads the specific lists if you use the protocols in question.


Sent from my iPhone using Tapatalk
 
is IPv6 enabled in your router ? and is the firewall for ipv6 enabled ?
yes and yes

Code:
ASUSWRT-Merlin RT-AC87U 380.65-4 Wed Mar 29 04:40:59 UTC 2017
...@RT-AC87U:/tmp/home/root# /jffs/scripts/privacy-filter
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
[no records in the reply]
system: Privacy Filter (ipv4) loaded 152 unique ip addresses that will be rejected from contacting your router.
system: Privacy Filter (ipv6) loaded 12 unique ip addresses that will be rejected from contacting your router.
 
Code:
cat /jffs/privacy-filter.list | xargs -n 5 -I {} sh -c "nslookup {}" | grep -i "Address" | awk '{print $3}'

this might be simpler to maintain less crap to deal with :)
 
@jayten there is a command for showing how much is blocked in the thread

but here it is again :)

iptables -L -v | grep "privacy-filter_ipv"

the numbers in the row indicate how much was blocked

Code:
 pkts bytes target     prot opt in     out     source               destination      
  158  8232 REJECT     all  --  any    any     anywhere             anywhere             match-set privacy-filter_ipv4 dst reject-with icmp-port-unreachable

Dont remember if windows 7 updates was able to remove telemetry rarely run older OS anywhere
Yes, for the given URLs, it definitely works :) I'm thinking a bit more broadly, i.e. tracking if Microsoft is implementing updates that are changing URLs and IP addresses on a regular basis which would require making changes to the filter list constantly. It's not something specific to the privacy-filter script.
 
so i found a reliable way to get ip addresses and sort em accordingly, also gonna implement CIDR ranges and whitelisting for some services incase the CIDR blocks too much.

https://gitlab.com/swe_toast/privacy-filter/issues/3
https://gitlab.com/swe_toast/privacy-filter/issues/4

will update in due time cause im working alot this week so i acknowledge that there is a bug in IPv6 blocking and that it doesnt block ipv6 addresses without hostip installed.

But i got a roadmap and a solution for these issues and a new version is in the works just need to find some time to implement em.
 
Last edited:
Rev 20:
Code:
ASUSWRT-Merlin RT-AC87U 380.65-4 Wed Mar 29 04:40:59 UTC 2017
...@RT-AC87U:/tmp/home/root# /jffs/scripts/privacy-filter
nslookup: can't resolve 'oyag.prugskh.net'
nslookup: can't resolve 'oyag.prugskh.com'
ipset v6.29: Element cannot be added to the set: it's already added
ipset v6.29: Element cannot be added to the set: it's already added
ipset v6.29: Element cannot be added to the set: it's already added
ipset v6.29: Element cannot be added to the set: it's already added
ipset v6.29: Element cannot be added to the set: it's already added
ipset v6.29: Element cannot be added to the set: it's already added
ipset v6.29: Element cannot be added to the set: it's already added
system: Privacy Filter (ipv4) loaded 76 unique ip addresses that will be rejected from contacting your router.
system: Privacy Filter (ipv6) loaded 6 unique ip addresses that will be rejected from contacting your router.
 
seems that you updated twice there considering the already added message, and for the no resolve there thats nothing to worry about.

btw are you running AB-Solution also ?
 
Last edited:
wow no takers ? or is there nothing to report on this version if so ill bump it officially

Something not right from my testing...

If I run the new version of the privacy-filter script. Since it is already active, I get errors:
Code:
nslookup: can't resolve 's.gateway.messenger.live.com'
ipset v6.29: Element cannot be added to the set: it's already added
ipset v6.29: Element cannot be added to the set: it's already added
ipset v6.29: Element cannot be added to the set: it's already added...
So, I rebooted to get a clean run and get the following in System Log:
Code:
system: Privacy Filter (ipv4) loaded 0 unique ip addresses that will be rejected from contacting your router.
We had a power outage last night. When I powered the router back on this morning, the prior version in the log reports:
Code:
system: Privacy Filter (ipv4) loaded 57 unique ip addresses that will be rejected from contacting your router.
I then ran the prior version from the command line:
Code:
nslookup: can't resolve 's.gateway.messenger.live.com'

system: Privacy Filter (ipv4) loaded 49 unique ip addresses that will be rejected from contacting your router.

I suspect if I reboot, it will load 57 instead of the 49.
 
i updated the test build again added sort -u to the script to sort out duplicate the low numbers are due to ab-solutions large blocklists mine is getting around 117-120 blocks
 
i updated the test build again added sort -u to the script to sort out duplicate the low numbers are due to ab-solutions large blocklists mine is getting around 117-120 blocks

That is good to know! That makes sense. I ran the updated version and it appears to work.
Code:
nslookup: can't resolve 's.gateway.messenger.live.com'

system: Privacy Filter (ipv4) loaded 49 unique ip addresses that will be rejected from contacting your router.
I suspect if I reboot and run it will load more.

Is s.gateway.messenger.live.com being blocked because privacy-filer or malware-filter was already active when I ran the script?
Code:
admin@RT-AC88U:/tmp/home/root# nslookup s.gateway.messenger.live.com
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top