Not seeing the blacklist file @ /jffs/ipset_lists/ya-malware-block.blacks
You mention this is optional. Do we add this file manually?
Nice script btw.
Yes, you have to create it manually.
Not seeing the blacklist file @ /jffs/ipset_lists/ya-malware-block.blacks
You mention this is optional. Do we add this file manually?
Nice script btw.
If you remove your changes to whites and re-run, what happens?Hi, everyone!
I ran the newest version of this script.
The first run seemed to go normal(65xxx blocks added to firewall etc.).
I then made some changes to the whites file to be sure I did not get locked out of my router and some pet urls I use.
Then I ran the script again and this is what I got:
Firewall: ./ya-malware-block.sh: Adding ya-malware-block rules to firewall...
Jun 5 08:10:20 Firewall: ./ya-malware-block.sh: Loaded sets YAMalwareBlock1IP (0) and YAMalwareBlockCIDR (0) in 4 seconds
Jun 5 08:10:27 kernel
It seems to not be reloading firewall blocks.
Yep!If you remove your changes to whites and re-run, what happens?
I used the editor in Mobaxterm command line, but running dos2unix did not fix it.What tool did you use to add them?
It would be worth running the whites file through dos2unix to ensure any line endings are of the right format, which can cause scripts to not run correctly.
Are you able to show us the IPs you added?I used the editor in Mobaxterm command line, but running dos2unix did not fix it.
Here is a backup file(I will delete some of the personal ip's for privacy purposes):Are you able to show us the IPs you added?
I think your 192.168. addresses can be removed, as the regex at the top will include all of them. I don't know if that would cause the script to fail however, so try removing those. I would also advise leaving a blank line at the end, as I've seen some scripts not play nice.Here is a backup file(I will delete some of the personal ip's for privacy purposes):
^0\.
^10\.
^127\.
^169\.254\.
^172\.1[6-9]\.
^172\.2[0-9]\.
^172\.3[0-1]\.
^192\.168\.
213.230.210.230
192.124.249.10
192.168.1.4
192.168.1.8
192.168.1.14
192.168.1.17
192.168.1.19
192.168.1.11
192.168.1.13
192.168.1.12
192.168.1.20
192.168.1.22
98.xx.xxx.xxx
xxx.xx.xx.xx
xxx.xx.xx.xx
8.8.4.4
8.8.8.8
98.136.0.0
68.67.73.31
68.67.73.1
Ok!I think your 192.168. addresses can be removed, as the regex at the top will include all of them. I don't know if that would cause the script to fail however, so try removing those. I would also advise leaving a blank line at the end, as I've seen some scripts not play nice.
Just checking in: This thread's been quiet lately. Work kept me busy as well.
Does anyone have any issues with the new version 2.2?
It no longer uses wget, and uses curl. @HRearden does it work smoothly on tomato firmware?
Was the timing display (for terminal run) useful at all?
root@unknown:/jffs/scripts# curl -k https://raw.githubusercontent.com/shounak-de/misc-scripts/master/jffs/ipset_lists/ya-malware-block.urls -o /jffs/ipset_lists/ya-malware-block.urls
curl: (1) Protocol "https" not supported or disabled in libcurl
root@unknown:/jffs/scripts# which curl
/usr/sbin/curl
root@unknown:/jffs/scripts#
Like @drg mentioned, yes, but only if you'd need to add to the default blacklist already provided by the default lists.You mention this is optional. Do we add this file manually?
I think what @Jack Yaz said about dos crlf characters is spot on.What's up with that?
Again, absolutely correctI think your 192.168. addresses can be removed, as the regex at the top will include all of them.
Okay. You mentioned wget without --no-check-certificate flag works good with https, right @HRearden ?I am still having trouble on tomato by shibby.
This script (current or prior versions) does not change any inbound logging.Hi Guys,
Is there any way to limit the syslog to show only Inbound Accepted Traffic ? I know the original version was in this way
Thank you!
I am still having trouble on tomato by shibby. It is loading 0 sets. The problem is now with curl. The version does not do https.
I am running it both on merlin and tomato by shibby. On merlin it seems fine, although I have not updated to the latest version.
Code:root@unknown:/jffs/scripts# curl -k https://raw.githubusercontent.com/shounak-de/misc-scripts/master/jffs/ipset_lists/ya-malware-block.urls -o /jffs/ipset_lists/ya-malware-block.urls curl: (1) Protocol "https" not supported or disabled in libcurl root@unknown:/jffs/scripts# which curl /usr/sbin/curl root@unknown:/jffs/scripts#
wget -O /jffs/scripts/ya-malware-block.sh https://raw.githubusercontent.com/shounak-de/misc-scripts/master/ya-malware-block-tomato.sh
Try this:I can't seem to enter anything into the "Whites" file.
echo "1.2.3.4" >> /jffs/ipset_lists/ya-malware-block.whites
I don't have Entware installed.Try this:
Where you'd replace 1.2.3.4 with the IP you are trying to add to whitelist fileCode:echo "1.2.3.4" >> /jffs/ipset_lists/ya-malware-block.whites
Does the "echo" go inside the "Whites" file?
Cause when I ran it from the command line. It did not produce any output.
Also, is the IP you're trying to add found on the MatchIP shell function?
ipset test YAMalwareBlock1IP 1.2.3.4
ipset test YAMalwareBlock2IP 1.2.3.4
ipset test YAMalwareBlock3IP 1.2.3.4 (you may not have a YAMalwareBlock3IP unless you are using Level4 FireHOL list)
Ok!The IP you are trying to add to the whites file should only be added if it is blocked by the YAMalwareBlock1IP or YAMalwareBloc2IP or YAMalwareBlock3IP
You can test the IP you are trying to add, first by checking if it is there:
replace 1.2.3.4 with the IP you are trying to addCode:ipset test YAMalwareBlock1IP 1.2.3.4 ipset test YAMalwareBlock2IP 1.2.3.4 ipset test YAMalwareBlock3IP 1.2.3.4 (you may not have a YAMalwareBlock3IP unless you are using Level4 FireHOL list)
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!