• ATTENTION! As of November 1, 2020, you will not be able to reply to threads 6 months after the thread is opened. Threads will not be locked, so posts may still be edited by their authors.

    aegis: a firewall blocklist

    aegis is the successor of firewall-blocklist: https://www.snbforums.com/threads/r7800-r9000-probably-others-blocklist-based-firewall-addon.63241/ It starts with version 1.0.0, but is more recent than latest firewall-blocklist aegis A firewall blocklist script for Netgear R7800 and R9000 Routers...

    [R7800, R9000 & probably others] Blocklist based Firewall addon

    DEPRECATED Now use aegis: https://www.snbforums.com/threads/aegis-a-firewall-blocklist.64128/ I made a blocklist based firewall addon for myself, and I improved it to share it here as it can interest others. Firewall Blocklist Firewall blocklist script for Netgear R7800 and R9000 Routers...
  3. W

    route certain domains through client vpn

    Is there a way to route certain domains through a client vpn? I have been using Asus Merlin's build for a few months now. I moved from TomatoUSB to here. There is no going back. The only thing missing is to route domain names. With the use of cloudflare and others you can't rely and ip...
  4. D

    Blocklist ipset logging

    When creating an iptables rule that adds an address to a blocklist ipset, is there a way to know when the maxelem value has been exceeded ? Below is an example rule: iptables -t mangle -I PREROUTING -i eth0 -m state --state NEW -j SET --add-set BLOCKLIST src At the command-line, when...
  5. D

    How to create a persistent ipset ?

    I'm trying to create a persistent ipset that is regularly backed up with a cron job. The problem I'm running into is testing whether or not the "ipset restore" restore file exists. Step 1 If the restore file doesn't exist, create the file: /path/LIST.sav with the following contents: create...
  6. J

    Juglar Parental Control, with Anti-Gaming Periodic Speed Limiting

    I share here the parental control that I have begun to use at home for my student siblings, in case it can be useful to any other person. It may also serve as more examples of iptables – ipsets and traffic control. It is based on the available Merlin’s parental controls, to which I’ve added...
  7. S

    The optimum way to use iptables and ipsets

    Started a general discussion thread so that everyone can pitch in with their opinions about the ways which using iptables and ipsets can benefit the end user.
  8. S

    :: ipBLOCKer :: Category blocking using iptables and ipsets

    Blocks IPs & CIDR's tagged as Adware Country Custom ETF Malware Shalla(exp) Spam Tor-Exits Current Version: 1.1 See ChangeLog1_1.txt on github or on post2 if upgrading from Version 1.0 :: Features :: - Command Line Driven with Menu Assist - Category based Blocking - Select Categories to Block...
  9. redhat27

    Yet another malware block script using ipset (v4 and v6)

    As if we don't have enough already :p Here is yet another malware blocking script that uses ipset (v4 and v6). So why put up another one? Over 650 Million unique IPs blocked Simpler (minimalist script with only 26 lines (which includes a couple of blank lines and comment lines) Quicker...
  10. D

    Using a script to populate an ipset set with DHCP addresses

    I'm trying to create a script that adds DHCP addresses to an IP set. 1) Determine the DHCP address range with the following values. nvram get dhcp_start = nvram get dhcp_end = 2) Create a DHCP IP set called DHCP_CLI. ipset create DHCP_CLI bitmap:ip range
  11. zmaster

    Custom firewall-start script for OpenVPN (country allow list)

    Hi guys, I've been a reader of this forum for quite some time and I have a RT-AC68U for almost 2.5 years now but flashed Merlin's firmware last week. My reason was to flash was OpenVPN 2.4.x. My Synology was a bit behind and I don’t like services being exposed to the internet when they are not...
  12. swetoast

    Privacy Filter (Another IPSET Script)

    Hi Everyone, I'm back with another IPSET for your firewall this time around its for blocking Telemetry and some Android Rootkit along with Shodan.io Scanners. For official installatins instructions and more information please consult the wiki about the information. NOTE: for all users running...
  13. K

    Malware Filter / bad host IPSET

    Hello, I am trying to block outbound connects to know bad host from my LAN/ Wireless. I am running the script located below and have the below firewall rules so it looks to be working. Any know what else to check? Running this script under the heading "Malware Filter"...
  14. Adamm

    Skynet Skynet - Router Firewall & Security Enhancements

    Attention Skynet Users! Unfortunately the future of Skynet is in doubt. As you may or may not be aware, there have been discussions in place that will effectively kill off many of the addons that we all use on a day to day basis. If you use Skynet or any other script let your opinion be known...