Menu
What's new
By:
Filters Better Search

AdBlocking with combined hosts file

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

thelonelycoder said:
If I understand you correctly then this has nothing to do with adblocking.
Click to expand...

Well, it is more I guess a question about how to use IPTABLES than anything else... That is why it was placed here in this thread. Now as you might have read, it seems to be misplaced due to that the firewall should do exactly what I am asking for. While I might nog be 100% convinced yet about port scanning "people", the general idea is of course correct with the firewall.

All scripts, be it adblock, blocking countries from accessing open ports or the script (somewhere on this forum, can not find it for the moment) that blocks IPs from scanning ports in the future, will be using some sort of IPTABLEs.
 
Bamsefar said:
Well, it is more I guess a question about how to use IPTABLES than anything else... That is why it was placed here in this thread. Now as you might have read, it seems to be misplaced due to that the firewall should do exactly what I am asking for. While I might nog be 100% convinced yet about port scanning "people", the general idea is of course correct with the firewall.

All scripts, be it adblock, blocking countries from accessing open ports or the script (somewhere on this forum, can not find it for the moment) that blocks IPs from scanning ports in the future, will be using some sort of IPTABLEs.
Click to expand...


Last time I checked, and apparently confirmed by the first sentence of this Guide:

http://www.howtogeek.com/177621/the...tables-the-linux-firewall/?PageSpeed=noscript

so the ASUS Firewall is a collection of appropriately ordered set of iptable rules - so for Linux based ASUS routers

'NO iptable rules ' == 'NO Firewall'

but I could be wrong!:p
 
Last edited:
Question, do I login as 'root' user?
Because I cannot get the password for that.
But my username and password that I use to log into the routers GUI works.

Is this correct?

Also I have a new router and it doesnt seem to have any files or folders in jffs.
Do I create them manually in ssh?
Or how do I get it to work?

Sorry linux nub here

EDIT: when I try mkdir scripts (from within jffs) I get permission denied scripts is read only.
So I guess its already there but my user cant see it?
Or how do I get access to this?
 
Last edited:
Savell Martin said:
Can anyone help me with the above?
Click to expand...
By default there is no root user only admin (same as in the GUI).

Regarding your jffs problem, it's difficult to give precise instructions as you haven't told us your firmware version :rolleyes:. But in general you should check that you have enabled the jffs partition and formatted it. Typically those options are in Administration > System > Persistent JFFS2 partition (or something similar).
 
Sorry should have said more.

Running latest Merlin, so 380.57.

Under Administration -> System it is set to: Enable JFFS custom scripts and configs (YES)
But like I say when logging into ssh, and looking at the jffs folder it seems empty when logged in as my admin account.
 
Ok well now logging back into ssh I can now see the scripts folders and config folders in jffs (it was NOT there yesterday) maybe that extra reboot fixed it.

But those folders are still empty so there is nothing to add to eg services-start, or /jffs/configs/dnsmasq.conf.add

Do I need to create those from scratch?
 
Ok well I created all those files with vi and put in the advanced settings.
But I am still getting ads.

I may have missed something, or it just may not be running.
OR it could be taking a bit of time to download the lists.

Is there any way to check I set it up correctly?

I can see 'hosts.blocked' in /tmp/mnt/sda1/hosts.
I did not create that file. But if I vi into it its empty.

And yes I did flushdns
 
Last edited:
Anyone?
Still getting ads even after a restart the next morning...

Do I need to set anything in DNS or anything for it to work?
Or is it just set and forget?

I tried doing a service restart_dnsmasq which says it restarted successfully.
 
Check that you clients are using the router as DNS, otherwise the dnsblock will get bypassed...

Savell Martin said:
Anyone?
Still getting ads even after a restart the next morning...

Do I need to set anything in DNS or anything for it to work?
Or is it just set and forget?

I tried doing a service restart_dnsmasq which says it restarted successfully.
Click to expand...
 
The file must have information of the blocked sites, check again the scripts, the paths of everything, run manually the script and see if it downloads the files and combines them, you can place the -v parameter in the wget command to see if its actually downloading the files

Savell Martin said:
Ok well I created all those files with vi and put in the advanced settings.
But I am still getting ads.

I may have missed something, or it just may not be running.
OR it could be taking a bit of time to download the lists.

Is there any way to check I set it up correctly?

I can see 'hosts.blocked' in /tmp/mnt/sda1/hosts.
I did not create that file. But if I vi into it its empty.

And yes I did flushdns
Click to expand...
 
shooter40sw said:
The file must have information of the blocked sites, check again the scripts, the paths of everything, run manually the script and see if it downloads the files and combines them, you can place the -v parameter in the wget command to see if its actually downloading the files
Click to expand...

Cheers.
I have double checked the folders and the scripts.

How can I run the script manually?
 
Thanks bud.

Just to confirm 100% my scripts look like (for advanced according to OP):
/jffs/scripts/services-start
/jffs/scripts/update-hosts.sh
/jffs/configs/dnsmasq.conf.add

Just wondering if that first "services-start" should be "services-start.sh"?

And I have:
/tmp/mnt/sda1/hosts/whitelist.txt
/tmp/mnt/sda1/hosts/blacklist.txt

And this was created automatically (which is why I thought it was working, but it seems empty):
/tmp/mnt/sda1/hosts/hosts.blocked
 
the script service-start leave it like that, your problem seams that the update-host.sh must have some error because it must fill the hosts.blocked,
Edit that file look for the command

wget -qO- and put wget -O-

Thant way you will see the output and maybe an error.

Check out that the hosts.blocked file does have write permission, mine is like this -rw-rw-rw- but I never had that issue ...

Savell Martin said:
Thanks bud.

Just to confirm 100% my scripts look like (for advanced according to OP):
/jffs/scripts/services-start
/jffs/scripts/update-hosts.sh
/jffs/configs/dnsmasq.conf.add

Just wondering if that first "services-start" should be "services-start.sh"?

And I have:
/tmp/mnt/sda1/hosts/whitelist.txt
/tmp/mnt/sda1/hosts/blacklist.txt

And this was created automatically (which is why I thought it was working, but it seems empty):
/tmp/mnt/sda1/hosts/hosts.blocked
Click to expand...
 
ColinTaylor said:
.

My reason for blacklisting people is less a concern for security, but more my annoyance at them filling up my syslog with their failed attempts :rolleyes: There's also a certain amount of satisfaction in the feeling that you're throwing their packets on the floor and wasting their time. :D
Click to expand...

Colin, do you do this using iptables? If so, what does a typical entry look like?

I don't suppose you've noticled a fall-off in the syslog entries per unit time since you started this, have you, or is it like trying to clean the Augean stables?

And if you do use iptables, do you leave the entries in permanently or do you gradually remove the earliest ones, to prevent iptables becoming unwieldy (if that happens) and also because, possibly, "throwaway" IP addresses are used?
 
Last edited:
Savell Martin said:
Thanks bud.

Just to confirm 100% my scripts look like (for advanced according to OP):
/jffs/scripts/services-start
/jffs/scripts/update-hosts.sh
/jffs/configs/dnsmasq.conf.add

Just wondering if that first "services-start" should be "services-start.sh"?

And I have:
/tmp/mnt/sda1/hosts/whitelist.txt
/tmp/mnt/sda1/hosts/blacklist.txt

And this was created automatically (which is why I thought it was working, but it seems empty):
/tmp/mnt/sda1/hosts/hosts.blocked
Click to expand...

The empty hosts.blocked file suggests the whitelist.txt file has an empty line. It's matching and removing every blocked site.
 
You must log in or register to reply here.

Similar threads

P
ASUSwrt dnsmasq addn-hosts entry limit
Replies
0
Views
365
pseu_asus
P
S
Wireguard VPN change routes ip
Replies
0
Views
211
S75
S
JGrana
New Addon - ChatAI - have a chat session with Googles Gemini AI Bot
Replies
2
Views
252
Viktor Jaep
Viktor Jaep
bbeny123
Tutorial Debian 12 Bookworm + Plex Media Server (Asus RT-AX86S)
2
Replies
22
Views
4K
Rexawl
Rexawl
aru
Skynet Practice displaying a world map on a webpage using an addon-api.
2
Replies
33
Views
2K
Quoc Huynh
Q
Similar threads
Thread starter Title Forum Replies Date
L adblocking recommendation Asuswrt-Merlin 53
D How to restrict VPN network access to certain IP Range or Hosts for specific VPN client Asuswrt-Merlin 8
David Cavalli hosts / dnsmasq / Android coordination Asuswrt-Merlin 10

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 998 (members: 27, guests: 971)
Top