What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
Hello @thelonelycoder.

I have now verified that when I activate the OpenVPN connection by the application for ios the ab-solution does not block the ads!

What can I do to make AB-solution work with the OpenVPN connection?


Enviado do meu iPhone usando o Tapatalk
 
Hello @thelonelycoder.

I have now verified that when I activate the OpenVPN connection by the application for ios the ab-solution does not block the ads!

What can I do to make AB-solution work with the OpenVPN connection?


Enviado do meu iPhone usando o Tapatalk
I found an issue where ABS does not work when using Policy Rules if you have Accept DNS Configuration set to Exclusive. It must be set to strict. Not sure if this is your situation. You can read more about it in the guide I wrote here...

https://www.snbforums.com/threads/torguard-openvpn-2-4-client-setup-for-asus-merlin-380-65-380-65_2-part-i.38281/

https://www.snbforums.com/threads/torguard-openvpn-2-4-client-setup-for-asus-merlin-380-65-380-65_2-part-ii.38282/

https://www.snbforums.com/threads/torguard-openvpn-2-4-client-setup-for-asus-merlin-380-65-380-65_2-part-iii.38283/
 
I have removed the legacy code in update-hosts.add for scripts not supporting the new shared-*-whitelist.
This also means any user using the now obsolete code from the former member @swetoast will no longer have it's domains whitelisted.

This is a version change, use cu to update.
 
I m running no other scripts.
In fact checking the scripts in jffs to make sure I saw this:

Code:
ultimusfantasticus@RT-N66U-87F0:/jffs/scripts# ls
dnsmasq.postconf  services-start    wan-start
post-mount        services-stop

so I think I may be missing some stuff. Shouldn't some firewall stuff be in there?

Anyway, I was running the ps and so forth fine in the past with the firewall. However, I said "wth I haven't tried disabling it so let's do that". I mean I have tried all sort of random stuff, disabling IPv6, disabling NAT, changing NAT loop from asus to merlin to none and so on. In short I have tried every random thing I could think except "recalibrating the primary conduit through the secondary pathway in the Jefferies tubes and forwarding the central ramistat core while keeping the ontarian manifold within forty thousand KRG" like Miles O'Brien or Geordi La Forge would do... and also I had not turned off the firewall.
So I turned the damn thing off, and voila.... all is fine.
Well not much of a solution of course, and furthermore why suddenly the default bare-bones firewall of the RT-N66U router started blocking the wget ?

In conclusion firewall = no go and no firewall = go ..... bizarre. Reinstalling the latest merlin does not resolve the issue (in case I was missing some sort of firewall script).

Hi.
Had the same problem on an Asus RT-AC68U with firmware 380.67.
Seems there were made some changes in the iptables-rules in one of the newer firmware updates. Do you have a chain called ACCESS_RESTRICTION (iptables -S)? If so, try adding your pixelserv address to this chain. In my case this is:
Code:
iptables -I ACCESS_RESTRICTION -s 192.168.1.2/32 -j RETURN
 
Fresh install of 3.9 Attempting to install pixelserv-tls via ps command. I receive the following.... Any suggestions?
AB-Solution 3.9.0: pixelserv-tls install

checking your system

testing firmware capability: LAN IP port 80
router listens only on LAN IP port 80, continuing

testing if 'ifconfig br0 up' works on your system
this might take a few seconds to complete...

this appears to be working, continuing

checking port 443 availability
port 443 is available, continuing

found Entware entry in /jffs/scripts/services-stop

but Entware does not appear to be running.
Please investigate first.
 
Hi there.

I am having a problem trying to get through to piwik.org and plugins.piwik.org and am using the standard blocking file with 'piwik.org' in my whitelist.

Since a recent update (sorry not sure which, as I have just noticed) I have stopped having access to those two domains and I have used the monitor log file and it shows a block on piwik.org when I try to access it via my browser.

I wondered if I had set the whitelist wrongly but if I add anything other than piwik.org it is not recognised and doesn't get added to the whitelist.

Thanks in advance for any help on this.

Cheers.
With the standard blocking file, you only need to whitelist piwik.org. Make sure you process the list after adding the domain.
Once processed, there will be no blocked domains visible in f option 1 or 2.
 
Fresh install of 3.9 Attempting to install pixelserv-tls via ps command. I receive the following.... Any suggestions?
AB-Solution 3.9.0: pixelserv-tls install

checking your system

testing firmware capability: LAN IP port 80
router listens only on LAN IP port 80, continuing

testing if 'ifconfig br0 up' works on your system
this might take a few seconds to complete...

this appears to be working, continuing

checking port 443 availability
port 443 is available, continuing

found Entware entry in /jffs/scripts/services-stop

but Entware does not appear to be running.
Please investigate first.
There are remnants of a previous Entware install on your router.
If you have no other scripts running, you can set "Format JFFS partition at next boot" in Administration/System and reboot the router.
Then install AB from scratch.

If you don't want to do that, remove /jffs/scripts/services-stop completely and try to install ps again.
 
With the standard blocking file, you only need to whitelist piwik.org. Make sure you process the list after adding the domain.
Once processed, there will be no blocked domains visible in f option 1 or 2.
Thanks for the response, I had got to the point of unable to resolve.

I have whitelisted piwik.org and processed the list but it is still blocked for some reason. I will check the option 1 and 2 you mention when I am back at the machine, thanks.

I also get bad address when I try and ping plugins.piwik.org so not sure if that could ever be caused by AB-S, or I need to look elsewhere.

I am also using dns-crypt but didn't think that it did blocking like that....

Thanks.

Sent from my FRD-L09 using Tapatalk
 
Thanks for the response, I had got to the point of unable to resolve.

I have whitelisted piwik.org and processed the list but it is still blocked for some reason. I will check the option 1 and 2 you mention when I am back at the machine, thanks.

I also get bad address when I try and ping plugins.piwik.org so not sure if that could ever be caused by AB-S, or I need to look elsewhere.

I am also using dns-crypt but didn't think that it did blocking like that....

Thanks.

Sent from my FRD-L09 using Tapatalk
I tried to go to piwik.org and got a blank html page. I did an nslookup:
Code:
nslookup piwik.org
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      piwik.org
Address 1: 2a00:b6e0:1:200:177::1 piwik.alwaysdata.net
Address 2: 192.168.3.2 -sso.anbtr.com

So yes, it is going to pixelserv which explains the white html page. So, I white listed piwik.org

Code:
 Your whitelist.txt has these entries:

 1: # Please support SmallNetBuilder.com by leaving these in the whitelist.
 2: # Run [el] to process changes into blocking_file.
 3: # Add whitelisted domains in the same format as below.
 4: # No wildcards (*tgdaily.net). This WILL NOT work.
 5: vma.tgdaily.net
 6: tgdaily.net
 7: vma.tgdaily.com
 8: tgdaily.com
 9: assets.omidoo.com
 10: z-na.amazon-adsystem.com
 11: servedby.flashtalking.com
 12: flashtalking.com
 13: ad2.netshelter.net
 14: link.p0.com
 15: tenforums.com
 16: sevenforums.com
 17: www.tenforums.com
 18: www.sevenforums.com
 19: www.icloud.com
 20: piwik.org

I then did option #3,Process whitelist.txt
Code:
 Note: Lines starting with "#" are comment lines.
 They are meant to be left in.

 1. Add domain
 2. Delete domain
 3. Process whitelist.txt
 4. Sort and verify whitelist.txt

 Select what to do [1-4 e=Exit]
The website now displays!!

A subsequent nslookup returns:
Code:
nslookup piwik.org
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      piwik.org
Address 1: 2a00:b6e0:1:200:177::1 piwik.alwaysdata.net
Address 2: 185.31.40.177 piwik.alwaysdata.net
The site's IP address is now displayed.

Caveat, one of my blocking scripts is blocking web sites from certain countries. This site is from a country that is blocked!!! However, white listing in ABS seems to override that block.

MatchIP 185.31.40.177
185.31.40.177 not found in YAMalwareBlockCIDR
185.31.40.177 not found in YAMalwareBlock3IP
185.31.40.177 not found in YAMalwareBlock2IP
185.31.40.177 not found in YAMalwareBlock1IP
185.31.40.177 not found in WhitelistDomains
185.31.40.177 not found in BlacklistDomains
185.31.40.177 not found in BluetackProxyCIDR
185.31.40.177 not found in BluetackProxySingle
185.31.40.177 not found in BluetackWebexploitCIDR
185.31.40.177 not found in BluetackWebexploitSingle
185.31.40.177 not found in BluetackDshieldCIDR
185.31.40.177 not found in BluetackDshieldSingle
185.31.40.177 found in BlockedCountries
185.31.40.177 not found in TorNodes
185.31.40.177 not found in Whitelist
185.31.40.177 not found in Blacklist
185.31.40.177 not found in MicrosoftSpyServers
185.31.40.177 not found in WhitelistSRCPort
185.31.40.177 not found in Whitelist
185.31.40.177 not found in Blacklist

And that country is .....
 
Last edited:
any way to fix the identity of the server can not be verified? it happens on some HTTPS sites such as amazon
 
Caveat, one of my blocking scripts is blocking web sites from certain countries. This site is from a country that is blocked!!!

It looks like you are running just about every IPSet script posted on these forums and duplicating/tripling/quadrupling some functionality, probably not a great idea (I actually add explicit warnings during Skynet startup).

For starters you are running a script that is based off a 4 month old version of Skynet, but without specific rules to prevent false positives and hundreds of other changes since then.

It also looks like you are running iBlocklist Loader which I personally wouldn't recommend. The script its-self is fine, but the website it sources from actually from stole most of their lists from other providers who sell their content to paid subscribers only and refused to take them down. Not to mention most of the lists there are years old and very outdated.

Finally it looks like your running Ya-Malware-Block. Again there is nothing wrong with the script, but there is no need to duplicate functionality here as it and Skynet use almost identical lists. So personally I think its a situation where you need to pick the scripts whose functionality suits you best, there is no need to have the same things blocked 3-4 times, its unnecessary stress on your router.

However, white listing in ABS seems to override that block.

That is because Skynet works with ABS and upon startup (or use of the banmalware command) it refreshes its whitelist, that includes every entry in the files located at /jffs/shared-*-whitelist. In return ABS does the same for Skynet for any domains it specifies in its own Shared Whitelist file.

That being said, Skynet would have detected when you whitelisted the domain in ABS and done the same.
 
Just installed 3.9 but I get this error when trying to install pixelserv:

> found Entware entry in /jffs/scripts/services-stop
>
> but Entware does not appear to be running.
> Please investigate first.

I've tried everything. Resetting jffs, rebooting, unintalling ab-solution but nothing helped. Any idea how I can fix this?
 
It looks like you are running just about every IPSet script posted on these forums and duplicating/tripling/quadrupling some functionality, probably not a great idea (I actually add explicit warnings during Skynet startup).

For starters you are running a script that is based off a 4 month old version of Skynet, but without specific rules to prevent false positives and hundreds of other changes since then.

It also looks like you are running iBlocklist Loader which I personally wouldn't recommend. The script its-self is fine, but the website it sources from actually from stole most of their lists from other providers who sell their content to paid subscribers only and refused to take them down. Not to mention most of the lists there are years old and very outdated.

Finally it looks like your running Ya-Malware-Block. Again there is nothing wrong with the script, but there is no need to duplicate functionality here as it and Skynet use almost identical lists. So personally I think its a situation where you need to pick the scripts whose functionality suits you best, there is no need to have the same things blocked 3-4 times, its unnecessary stress on your router.



That is because Skynet works with ABS and upon startup (or use of the banmalware command) it refreshes its whitelist, that includes every entry in the files located at /jffs/shared-*-whitelist. In return ABS does the same for Skynet for any domains it specifies in its own Shared Whitelist file.

That being said, Skynet would have detected when you whitelisted the domain in ABS and done the same.
It has been my plan to switch over to Skynet once you released the new version (which you just did). I was keeping a watchful eye for it's release. You also confirmed some things that I noticed as well which tells me changing over is a good thing to do. Having one script to manage and maintain, rather than several scripts, will help simplify things. I have some time tomorrow to change one router. I look forward to joining you on the Skynet thread.
 
I've tried everything. Resetting jffs, rebooting, unintalling ab-solution but nothing helped. Any idea how I can fix this?
If you had set "Format JFFS partition at next boot" in Administration/System and rebooted the router, there would be no remnant to find for the installer.
But before you do that, enter sf and post content of the listed file.
 
I have removed the legacy code in update-hosts.add for scripts not supporting the new shared-*-whitelist.
Updated. I was a little confused by "whitelisting is only thorugh the shared-*-whitelist message, since it sounded like your domain whitelisting would not be active either. But it still seems to be there.

On another related topic, I found another wordpress blog blocked in the Skynet list. I unblocked it there, and it is fine now. But I went to add it to the abs whitelist, and it told me it wasn't in the blocked list, so no need. I take it then, that if there is a site that is not in my ab-s blocklist, but is in the Skynet list, I can't unblock it through Ab-s? I follow that it is unnecessary for AB-s, but it won't find its way to shared* either then.
 
If you had set "Format JFFS partition at next boot" in Administration/System and rebooted the router, there would be no remnant to find for the installer.
But before you do that, enter sf and post content of the listed file.

What do you mean with "enter sf"?

This is the content of the file:

hazel@RT-AC88U-F3C8:/tmp/home/root# cat /jffs/scripts/services-stop
#!/bin/sh

# DO NOT EDIT this part of the file #
# generated by AB-Solution 3
/opt/etc/init.d/rc.unslung stop
# end of DO NOT EDIT #
 
On another related topic, I found another wordpress blog blocked in the Skynet list. I unblocked it there, and it is fine now. But I went to add it to the abs whitelist, and it told me it wasn't in the blocked list, so no need. I take it then, that if there is a site that is not in my ab-s blocklist, but is in the Skynet list, I can't unblock it through Ab-s? I follow that it is unnecessary for AB-s, but it won't find its way to shared* either then.
AB does not add entries to the whitelist unless they are found in the blocking file.
Blindly adding it would only cause confusion in my opinion.
The shared whitelist is to make sure none of the required domains for the scripts are blocked by another script. Using it to exchange whitelist is the secondary reason.
I would recommend to whitelist in the application that blocks it.
 
What do you mean with "enter sf"?

This is the content of the file:

hazel@RT-AC88U-F3C8:/tmp/home/root# cat /jffs/scripts/services-stop
#!/bin/sh

# DO NOT EDIT this part of the file #
# generated by AB-Solution 3
/opt/etc/init.d/rc.unslung stop
# end of DO NOT EDIT #
Then you may safely delete the file.
This is what it meant by investigating it first when the installer told you so.
 
Status
Not open for further replies.

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top