Privacy Filter (Another IPSET Script)

swetoast

Guest
said it several times over check iptables instead pinging often responds since there can be redirects etc. @bayern1975 if your so insecure over stuff maybe its not a good idea to run advanced scripts on your router maybe begin with learning about linux in the first place.
 
Last edited:

bayern1975

Very Senior Member
@swetoast, I didn't say nothing bad over you, scripts or other authors....but I can' t understand why most hostnames can pinging if they should be blocked....
 

swetoast

Guest
where is what i dont like i said it over and over again "did you check using iptables and see if packet count went up after your test" my guess is no. You probably just pinged it it responded and there for you claim its not working.

Code:
Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 3215  152K REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set privacy-filter_ipv4 src,dst reject-with icmp-port-unreachable

spoiler it works.
 

Cedarhillguy

New Around Here
Version 10 fails for me with an error that "/opt/bin/xargs : not found". Entware isn't installed on my router .

It appears, in this ipv4_block line of code, that it checks if "/opt/bin/xargs" exists and if it doesn't (-z option) it then it attempts on next line to run from that non-existent path.

Code:
        if [ -z "$(which /opt/bin/xargs)" ]
            then cat $path/privacy-filter.list | /opt/bin/xargs -n 5 -I {} sh -c "traceroute -4 {} | head -1 >> "$path/privacy-filter_ipv4.tmplist1""

Suggest changing the second line to:

Code:
            then cat $path/privacy-filter.list | xargs -n 5 -I {} sh -c "traceroute -4 {} | head -1 >> "$path/privacy-filter_ipv4.tmplist1""
 

tomsk

Very Senior Member
Oops you're right haha.... actually you only have to test the xargs path in the if [ -z "$(which /opt/bin/xargs)" ] bit. If entware is running it will point the xargs call to the right version anyway. You can replace /opt/bin/xargs with a straight forward xargs elsewhere in the script. The purpose of the test is just to remove the -P10 switch for the busybox (router) version as it doesn't work. Try xargs --version to see.
 
Last edited:

PeterR

Regular Contributor
Is there anyone else who finds Skype is blocked when the filters are active?
 

swetoast

Guest
cause skype uses the same domains as in the list perhaps ? so here is how to resolve that if you want that app

find out which domain it is, is another issue so lets dig it out and remove it from the blocklist
 

bayern1975

Very Senior Member
30 hours router online and check over putty my privacy and still zeroes?
Code:
ASUSWRT-Merlin RT-AC3200 380.65-0 Fri Feb  3 05:20:08 UTC 2017
[email protected]:/tmp/home/root# iptables -L FORWARD -v


Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set privacy-filter_ipv4 src,dst reject-with icmp-port-unreachable
 

swetoast

Guest
if the traffic isnt there then it isnt there the rule is certainly there but i cant fix YOUR router and i dont know HOW you have set it up its working for 99% of the other people its always YOU that have the issues if we start looking at my other threads your the common denominator..

im simply putting it blunt, tired of helping you. The only advice i can give you is learn linux and learn how stuff works so that you know whats wrong.. and how to setup things proper.

Code:
13158  623K REJECT     all  --  any    any     anywhere             anywhere             match-set privacy-filter_ipv4 src,dst reject-with icmp-port-unreachable
 

tomsk

Very Senior Member
30 hours router online and check over putty my privacy and still zeroes?
Code:
ASUSWRT-Merlin RT-AC3200 380.65-0 Fri Feb  3 05:20:08 UTC 2017
[email protected]:/tmp/home/root# iptables -L FORWARD -v


Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination       
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set privacy-filter_ipv4 src,dst reject-with icmp-port-unreachable
Check that the ipset is created and populated with IP addresses
Code:
ipset -L privacy-filter_ipv4
or
ipset -L privacy-filter_ipv6
 

bayern1975

Very Senior Member
Check that the ipset is created and populated with IP addresses
Code:
ipset -L privacy-filter_ipv4
or
ipset -L privacy-filter_ipv6
i got his when put this in terminal.....
Code:
ASUSWRT-Merlin RT-AC3200 380.65-0 Fri Feb  3 05:20:08 UTC 2017
[email protected]:/tmp/home/root# ipset -L privacy-filter_ipv4
Name: privacy-filter_ipv4
Type: hash:ip
Revision: 0
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 8264
References: 1
Members:
104.131.0.69
[email protected]:/tmp/home/root# ipset -L privacy-filter_ipv6
ipset v6.29: The set with the given name does not exist
 

tomsk

Very Senior Member
i got his when put this in terminal.....
Code:
ASUSWRT-Merlin RT-AC3200 380.65-0 Fri Feb  3 05:20:08 UTC 2017
[email protected]:/tmp/home/root# ipset -L privacy-filter_ipv4
Name: privacy-filter_ipv4
Type: hash:ip
Revision: 0
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 8264
References: 1
Members:
104.131.0.69
[email protected]:/tmp/home/root# ipset -L privacy-filter_ipv6
ipset v6.29: The set with the given name does not exist
There is only one IP in the hash set.... thats why all your probes are getting past the iptables rule.
You must have some other filter which is preventing the traceroute from resolving the IP for the other domains.
 

bayern1975

Very Senior Member
There is only one IP in the hash set.... thats why all your probes are getting past the iptables rule.
You must have some other filter which is preventing the traceroute from resolving the IP for the other domains.
i have just this ipset privacy script and AB-Solution script....i tested without AB-Solution but is same results.....
 

tomsk

Very Senior Member
i have just this ipset privacy script and AB-Solution script....i tested without AB-Solution but is same results.....
Here is mine...see the difference. And that is not a full set either as my AB-solution host file is blocking some of them.
Code:
[email protected]:/tmp/home/root# ipset -L privacy-filter_ipv4
Name: privacy-filter_ipv4
Type: hash:ip
Revision: 0
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 9000
References: 1
Members:
82.221.105.7
204.79.197.210
71.6.158.166
82.221.105.6
134.170.115.60
64.4.54.22
134.170.188.248
104.131.0.69
23.36.69.246
216.117.2.180
131.253.14.76
204.79.197.208
188.138.9.50
198.20.70.114
157.56.96.58
65.55.130.50
207.68.166.254
204.79.197.209
184.25.204.97
71.6.135.131
198.20.99.130
93.184.215.201
104.16.51.93
204.79.197.203
195.22.26.248
198.20.69.74
157.55.129.21
157.58.249.57
204.79.197.206
204.79.197.211
23.38.232.12
204.79.197.201
66.240.192.138
93.120.27.62
198.20.69.98
71.6.167.142
65.52.108.74
85.25.43.94
71.6.165.200
66.240.236.119
209.126.110.38
204.79.197.204
134.170.58.125
85.25.103.50
114.80.68.223
204.79.197.200
157.56.57.5
 

tomsk

Very Senior Member
If you select the Large filter with AB-solution it blocks A LOT.... maybe all those IPs even.
You can turn AB off from the UI using the [a] option... then run the privacy filter again...it will rebuild the ipset...then test how many IP it contains.
 

bayern1975

Very Senior Member
tested without ab-solution...still get just one IP in blocked list when I check with ipset -L privacy-filter_ipv4....I realy can't find where and what is wrong in my router.....
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top