thanks for this as i've been wondering if it was possible to do it!
/jffs/scripts/ya-malware-block.sh: Loaded sets YAMalwareBlock1IP (53445) and YAMalwareBlockCIDR (5811) in 11 seconds
RT-AC68U here on a gigabit fibre connection. I'll see if any of my regular sites break and then play around with the whitelist mentioned on page 1!
cheers
peter
Apologies, I had misunderstood. Regardless, this version should take care of it. Thanks for pushing me to do it. BTW: I should post a similar fix to your other gihub issue soon (create-ipset-lists.sh)I don't change my ya-malware-block.urls file at all.
Yes, and just to test it, you can edit the /jffs/ipset_lists/ya-malware-block.urls file and uncomment the level4 url, run it (it creates few more ipsets) check the iptable rules and ipsets, and then comment it back and run it again. You should see the older ipsets and iptables rules removed.Does your change account for that?
Apologies, I had misunderstood. Regardless, this version should take care of it. Thanks for pushing me to do it. BTW: I should post a similar fix to your other gihub issue soon (create-ipset-lists.sh)
Yes, and just to test it, you can edit the /jffs/ipset_lists/ya-malware-block.urls file and uncomment the level4 url, run it (it creates few more ipsets) check the iptable rules and ipsets, and then comment it back and run it again. You should see the older ipsets and iptables rules removed.
Should these new lists be just appended to the bottom of the .url file.No, it's not looking at .urls being edited
I've added some new lists to the .urls file in github. These are not included in FireHOL levels 1 through 4:
Counts are as of the time of writing this post and will vary over time:
Users of this script can update their ya-malware-block.urls file from the GitHub version if they choose to include these additional listshttps://raw.githubusercontent.com/firehol/blocklist-ipsets/master/alienvault_reputation.ipset (68255 unique IPs)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bbcan177_ms1.netset (2565 subnets, 5268567 unique IPs)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bbcan177_ms3.netset (1146 subnets, 30151694 unique IPs)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bds_atif.ipset (5022 unique IPs)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/blocklist_de_bots.ipset (143 unique IPs)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/blocklist_de_ssh.ipset (11261 unique IPs)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/blocklist_de_strongips.ipset (104 unique IPs)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/dyndns_ponmocup.ipset (163 unique IPs)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/et_block.netset (1980 subnets, 24411811 unique IPs)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/et_botcc.ipset (728 unique IPs)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/et_compromised.ipset (1801 unique IPs)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/hphosts_exp.ipset (314 unique IPs)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/hphosts_hjk.ipset (57 unique IPs)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/hphosts_mmt.ipset (1136 unique IPs)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ransomware_feed.ipset (5216 unique IPs)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ransomware_locky_ps.ipset (3 unique IPs)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/taichung.ipset (10694 unique IPs)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/urandomusto_ssh.ipset (410 unique IPs)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/urandomusto_telnet.ipset (445 unique IPs)
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/uscert_hidden_cobra.ipset (627 unique IPs)
You can simply replace your .urls file. Let the script redownload it on the next run:Should these new lists be just appended to the bottom of the .url file.
I have already updated to 2.5.
rm /jffs/ipset_lists/ya-malware-block.urls
wget --no-check-certificate -O /jffs/ipset_lists/ya-malware-block.urls https://raw.githubusercontent.com/shounak-de/misc-scripts/master/ya-malware-block.urls
Thank you. Can you post the output of these?ASUS RT-AC66U, ASUSWRT Merlin 380 68 4
ipset --version
iptables --version
Sorry for the late reply. I'm assuming that you are running the script unmodified. Let me know if that is not the case.ipset --version
ipset v4.5, protocol version 4.
Kernel module protocol version 4.
iptables --version
iptables v1.4.21
each time
iptables-save | grep -q YAMalwareBlockCIDR && echo "found"
iptables -t raw -I PREROUTING -m set --set YAMalwareBlockCIDR src -j DROP
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!