What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

yeah its back.

Code:
Simmz@R7000:/jffs/scripts# nslookup www.pandora.com
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      www.pandora.com
Address 1: 2620:106:e003:f00e::63 www.v6.pandora.com
Address 2: 208.85.40.50 www.pandora.com
Address 3: 208.85.40.20 www.pandora.com
 
BTW. Love the "blockstats" trick from your github.

I made a slight modification so it lists the column headers. The OCD side of me requires labels haha. is the below the "best" way of accomplishing this?

Code:
alias blockstats='iptables -L -v | head -n 2 & iptables -L -v | grep "match-set"; ip6tables -L -v | grep "match-set"'
 
Oops missed your header ask: yes, just prefix "iptables -L -v | head -n 2;" to your alias:
Code:
alias blockstats='iptables -L -v | head -n 2; iptables -L -v | grep "match-set"; ip6tables -L -v | grep "match-set"'
 
Oops missed your header ask: yes, just prefix "iptables -L -v | head -n 2;" to your alias:
Code:
alias blockstats='iptables -L -v | head -n 2; iptables -L -v | grep "match-set"; ip6tables -L -v | grep "match-set"'

Off topic a little but the only difference is I used "&" where as you used ";". I went ahead and changed it to your syntax but being the curious person I must ask.. Is there a reason I should NOT use "&" or is ";" just cleaner?

As I stated previously I'm not that well versed in scripting. So far I've learned enough to accomplish the task at hand, then implement it and forget it :)
 
iptables -L -v | head -n 2 & would put your command as a background process, but since your just doing a head -n 2 it would probably exit quick enough. The downside is that your header may not appear on the top! (depending on whether the next command completed first)

You can however use "&&" which is the same as using ";"

Only diff:
command1 && command2 => command2 will execute only if command1 succceeds
command1; command2 => both will run regardless
 
Last edited:
Glad it works.

On that blockstats alias, if you want only the 2nd line (not the line that says INPUT chain), a better alternative would be to use
Code:
alias blockstats='iptables -L -v | sed "2q;d"; iptables -L -v | grep "match-set"; ip6tables -L -v | grep "match-set"'
 
I've uploaded a version2 and version3 of the script with a lot of extra configuration ability: Blocklists, allowlists, blacklist domains and whitelist domains, and also control inbound, outbound or both traffic. I think it may be best to keep this options separate from the original script as it may confuse some users with all those added options.

Version2 has more lists than the original version, and has the option to blacklist domains. I am planning to merge version3 onto version2 as version3 is more flexible. Also it is easier to manage 2 versions than 3

Using current version3, you do whatever you do with version2, but in addition work with countries. In addition you can also control inbound/outbound traffic for each list.

You can get creative and whitelist one or more countries, while blocking the rest of the world:

For example: After adding the appropriate country list indexes in ALLOWLIST_INDEXES you can append the DROP rule on FORWARD:

In /jffs/scripts/firewall-start:
Code:
sh /jffs/scripts/iblocklist-loader-v3.sh
iptables -A FORWARD -i eth0 -j DROP

Please bear in mind that such an implementation would probably be very restrictive but be good a test case scenario
 
Last edited:
tried version1. seems to be working all ;-) thank you a lot for the script.
 
Thank you for the script @redhat27! This brings pfSense pfBlockerNG package with DNSBL functionality to the ASUS router.

My vote is to include it in the wiki to give it more visibility.
 
Thanks. I looked before I posted but I must have missed it. Anyway, I gave the thread a bump for more visibility :)
 
I have just installed V2 of this script on a ASUS RT-AC56U.
All installs OK but when selecting List 21 I get the following error(s) when the script is run:

ipset v6.29: Syntax error: setname 'BluetackFornonlancomputersSingle' is longer than 31 characters
ipset v6.29: Syntax error: setname 'BluetackFornonlancomputersSingle' is longer than 31 characters
iptables v1.4.14: setname `BluetackFornonlancomputersSingle' too long, max 31 characters.


Do I have to change something in the script ?

P.S. Many thanks for this script and all the hard work to date, much appreciated by the non-techies out there :)

P.P.S.
Also getting error(s) as follows: [Lists 48, 63 and 64]
ipset v6.29: Syntax error: setname 'I-BlocklistCrowdControlProdsSingle' is longer than 31 characters
ipset v6.29: Syntax error: setname 'I-BlocklistCrowdControlProdsCIDR' is longer than 31 characters
ipset v6.29: Syntax error: setname 'I-BlocklistCrowdControlProdsSingle' is longer than 31 characters
ipset v6.29: Syntax error: setname 'I-BlocklistCrowdControlProdsCIDR' is longer than 31 characters
iptables v1.4.14: setname `I-BlocklistCrowdControlProdsSingle' too long, max 31 characters.
ipset v6.29: Syntax error: setname 'I-BlocklistCoxCommunicationsSingle' is longer than 31 characters
ipset v6.29: Syntax error: setname 'I-BlocklistCoxCommunicationsCIDR' is longer than 31 characters
ipset v6.29: Syntax error: setname 'I-BlocklistCoxCommunicationsSingle' is longer than 31 characters
ipset v6.29: Syntax error: setname 'I-BlocklistCoxCommunicationsCIDR' is longer than 31 characters
iptables v1.4.14: setname `I-BlocklistCoxCommunicationsSingle' too long, max 31 characters.
ipset v6.29: Syntax error: setname 'I-BlocklistTimeWarnerCableSingle' is longer than 31 characters
ipset v6.29: Syntax error: setname 'I-BlocklistTimeWarnerCableSingle' is longer than 31 characters
iptables v1.4.14: setname `I-BlocklistTimeWarnerCableSingle' too long, max 31 characters.
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top