Privacy Filter (Another IPSET Script)

[Xentrk]

ok @Xentrk , lets focus on the router you dont get good results on, cause the other ones are getting the expected numbers.

if you dont want the debuglog in open send in pm, ive limited this too my scrips only and how they start.

Mind telling whats too revealing with that debuglog perhaps that can be changed.

Thanks in advance for the help. The debug tool output directory listings of my SMB drive, where I have backups of the scripts. It also has my name and desktop/laptop name.

Here are the contents of firewall-start

#!/bin/sh
sh /jffs/scripts/create-ipset-lists.sh
/jffs/scripts/privacy-filter
/jffs/scripts/IPSET_Block.sh init nolog

 

[swetoast]

yepp saw will limit search to /jffs with the debugtool

and as for all those script might wanna space em out a bit so they dont run all at once that might be a bit heavy.

just use sleep 30 && script

 

[Xentrk]

yepp saw will limit search to /jffs with the debugtool

and as for all those script might wanna space em out a bit so they dont run all at once that might be a bit heavy.

just use sleep 30 && script

I moved start of privacy-filter to wan-start as follows:

sleep 30 && /jffs/scripts/privacy-filter

I am getting 104 now unique ip address now:

Apr 26 19:21:00 system: Privacy Filter (ipv4) loaded 104 unique ip addresses that will be rejected from contacting your router.

This is much closer to the 121 and 113 I got on the other routers.

I changed firewall-start to add 300 minutes before they run to spread things out. Otherwise, both cores run all out during boot up:

#!/bin/sh
sleep 300 && sh /jffs/scripts/create-ipset-lists.sh
sleep 300 && /jffs/scripts/IPSET_Block.sh init nolog

The updates you made to the debug tool worked. You can see the results here: https://clbin.com/sY1ML

 

[swetoast]

over 100 is ok so we narrowed it down to the router being overworked with alot of scripts running at the same time and again it will get different results pending on what servers are up at the moment of the scan so im glad that it worked out, and im glad that the debugtool doesnt scan your hdd anymore

but you need to change that last line

sleep 300 && /jffs/scripts/IPSET_Block.sh init nolog

my daily updates of the filter pends from 101-121 depending on days so over a 100 or close to 100 is ok.

 

[Xentrk]

over 100 is ok so we narrowed it down to the router being overworked with alot of scripts running at the same time and again it will get different results pending on what servers are up at the moment of the scan so im glad that it worked out, and im glad that the debugtool doesnt scan your hdd anymore

but you need to change that last line

sleep 300 && /jffs/scripts/IPSET_Block.sh init nolog

my daily updates of the filter pends from 101-121 depending on days so over a 100 or close to 100 is ok.

Thanks so very much!! Glad we got it fixed. Grateful as always.

 

[eclp]

Hi ... IPv6 does not seem to work - or do I see the wrong?

ASUSWRT-Merlin RT-AC87U 380.66-beta1-g7b22cbf Fri Apr 21 18:45:56 UTC 2017
...@RT-AC87U:/tmp/home/root# iptables -L -v | grep "privacy-filter_ipv4" | awk '{print "Privacy Filter (ipv4) Blocked: " $1 " packets",
$2 " is the size of the transmission"}'
Privacy Filter (ipv4) Blocked: 267 packets 15444 is the size of the transmission
Privacy Filter (ipv4) Blocked: 0 packets 0 is the size of the transmission
miju@RT-AC87U:/tmp/home/root# iptables -L -v | grep "privacy-filter_ipv6" | awk '{print "Privacy Filter (ipv6) Blocked: " $1 " packets",
$2 " is the size of the transmission"}'
...@RT-AC87U:/tmp/home/root#

https://clbin.com/MDy5b

 

[swetoast]

debuglog please makes my work so much easier

wget https://gitlab.com/swe_toast/debugtool/raw/master/debugtool.sh && sh debugtool.sh && rm debugtool.sh

then post the link that log generates.

 

[eclp]

ERROR: cannot verify gitlab.com's certificate ... https://clbin.com/MDy5b
https://clbin.com/MDy5b

 

[swetoast]

ipset -L privacy-filter_ipv6

are there any entries when running this command ?

and mind trying this instead

ip6tables -L -v | grep "privacy-filter_ipv6" | awk '{print "Privacy Filter (ipv6) Blocked: " $1 " packets", $2 " is the size of the transmission"}'

 

[eclp]

Thanks for the constant help!

ASUSWRT-Merlin RT-AC87U 380.66-beta1-g7b22cbf Fri Apr 21 18:45:56 UTC 2017
...@RT-AC87U:/tmp/home/root# ipset -L privacy-filter_ipv6
Name: privacy-filter_ipv6
Type: hash:ip
Revision: 0
Header: family inet6 hashsize 1024 maxelem 65536
Size in memory: 8760
References: 9
Members:
2a01:111:f303:1791::b01
2400:cb00:2048:1::6810:345d
2a00:1450:4016:807::2006
2a00:1450:4016:802::2006
2606:2800:234:2294:b59:11e7:560:10db
2a01:111:f307:1794::a01
2604:a880:800:10::99:7001
2a01:111:200b:2::bcc1
miju@RT-AC87U:/tmp/home/root#

ASUSWRT-Merlin RT-AC87U 380.66-beta1-g7b22cbf Fri Apr 21 18:45:56 UTC 2017
...@RT-AC87U:/tmp/home/root# ip6tables -L -v | grep "privacy-filter_ipv6" | awk '{print "Privacy Filter (ipv6) Blocked: " $1 " packets", $2 " is the size of
 the transmission"}'
Privacy Filter (ipv6) Blocked: 0 packets 0 is the size of the transmission
Privacy Filter (ipv6) Blocked: 0 packets 0 is the size of the transmission
Privacy Filter (ipv6) Blocked: 0 packets 0 is the size of the transmission
Privacy Filter (ipv6) Blocked: 0 packets 0 is the size of the transmission
Privacy Filter (ipv6) Blocked: 0 packets 0 is the size of the transmission
Privacy Filter (ipv6) Blocked: 0 packets 0 is the size of the transmission
Privacy Filter (ipv6) Blocked: 0 packets 0 is the size of the transmission
Privacy Filter (ipv6) Blocked: 0 packets 0 is the size of the transmission
Privacy Filter (ipv6) Blocked: 0 packets 0 is the size of the transmission
...@RT-AC87U:/tmp/home/root#

 

[swetoast]

did the other command work for ya ?

 

[eclp]

I have it inserted above.

 

[swetoast]

nice, updated OP tnx for the assistance.

 

[bayern1975]

is possible skype not working with privacy-filter active?

 

[PeterR]

is possible skype not working with privacy-filter active?

Try deleting s.gateway.messenger.live.com in privacy-filter.list

 

[mrchow]

Is it somehow possible to find list entries which are responsible that some sites do not load? E.g.: skysports.com


Sent from my iPhone using Tapatalk

 

[swetoast]

nslookup skysports.com
ipset -L privacy-filter_ipv4 | grep "the_ip_adress_of_sky_sports"

enjoy, my guess is no

# nslookup skysports.com
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      skysports.com
Address 1: 90.216.129.62
# ipset -L privacy-filter_ipv4 | grep 90.216.129.62

returned nothing for me on my router if you suspect something check what else your running..

 

[mrchow]

Yeah those were the steps I already took... I'm just running your scripts (uBlockr, Privacy Filter & Malware Filter).. skysports used to work when I didn't whitelist privacy-filter/malware-filter entries in uBlockr. Guess I'll just live with it for now.

 

[swetoast]

try whitelisting skysports in ublockr thats worth testing thats the only one that has a broad filter.

 

[mrchow]

That didn't work. As soon as I disable privacy filter the site works. Seems strange to me.


Sent from my iPhone using Tapatalk