kamoj
Very Senior Member
You can remove your USB devices and reboot without entware?
[R7800, R9000 & probably others] Blocklist based Firewall addon
- Thread starter HELLO_wORLD
- Start date
Command 1
Command 2
Code:
find / -name tty
/dev/tty
/overlay/opt/bin/tty
/overlay/hipplay/usr/bin/tty
/proc/tty
find: /proc/5126/task/5126/fdinfo/5: No such file or directory
/rom/dev/tty
/sys/devices/soc.0/fd883000.uart0/tty
/sys/devices/soc.0/fd884000.uart1/tty
/sys/devices/virtual/tty
/sys/devices/virtual/tty/tty
/sys/devices/platform/serial8250/tty
/sys/class/tty
/sys/class/tty/ttyCommand 2
Code:
find / -name stty
/overlay/opt/bin/stty
/overlay/hipplay/bin/stty
find: /proc/32230: No such file or directory
HELLO_wORLD
Very Senior Member
Yes, I was thinking of doing that... Just can’t disrupt internet now... Maybe tomorrow morning.
Code:
root@HERMES:~$ find / -name tty
/dev/tty
/proc/tty
/sys/devices/virtual/tty
/sys/devices/virtual/tty/tty
/sys/devices/platform/msm_serial_hsl.1/tty
/sys/devices/platform/serial8250/tty
/sys/class/tty
/sys/class/tty/tty
/tmp/mnt/sda1/entware/bin/tty
root@HERMES:~$ find / -name stty
/tmp/mnt/sda1/entware/bin/stty
root@HERMES:~$HELLO_wORLD
Very Senior Member
Ok @KW. , last 2 tries:
And
If it does not work, I will disconnect Entware tomorrow on my router (and hopefully have exact same environment than you have for testing) and/or wait for @kamoj ’s solution once he’s back home.
Code:
echo -n "say y: "; echo "answer: $(head -c1 /dev/tty)"
Code:
echo -n "say y: "; A=$(dd ibs=1 count=1 2>/dev/null); echo -e "\nanswer: $A"If it does not work, I will disconnect Entware tomorrow on my router (and hopefully have exact same environment than you have for testing) and/or wait for @kamoj ’s solution once he’s back home.
Here it is. Dont worry about throwing out commands you want to try. I like to play with the big guys
Command 1
Command 2
Command 1
Code:
echo -n "say y: "; echo "answer: $(head -c1 /dev/tty)"
say y: y
answer:Command 2
Code:
echo -n "say y: "; A=$(dd ibs=1 count=1 2>/dev/null); echo -e "\nanswer: $A"
say y: y
answer:
root@R9000:/$ y
/bin/ash: y: not foundHELLO_wORLD
Very Senior Member
Thank you for calling me a big guy, I’m not at the level of @kamoj or the ultimate @Voxel .
As you guessed, none of those are working. I give up for today.
Have a good Sunday
As you guessed, none of those are working. I give up for today.
Have a good Sunday
Here it is. Dont worry about throwing out commands you want to try. I like to play with the big guys
Command 1
Code:echo -n "say y: "; echo "answer: $(head -c1 /dev/tty)" say y: y answer:
Command 2
Code:echo -n "say y: "; A=$(dd ibs=1 count=1 2>/dev/null); echo -e "\nanswer: $A" say y: y answer: root@R9000:/$ y /bin/ash: y: not found
kamoj
Very Senior Member
Ok, back and found it.
Apart from this there is also a trick involving sed and tty...
I don't think you need any instruction, so here is my current solution (one of many):
Apart from this there is also a trick involving sed and tty...
I don't think you need any instruction, so here is my current solution (one of many):
Code:
Q="Do you want to uninstall the kamoj add-on? "; echo -n "$Q"
ANSWER="$(i=0;while [ $i -lt 2 ];do i=$((i+1));read -p "" yn </dev/tty;[ -n "$yn" ] && echo -n "$yn" && break;done)"
echo "$ANSWER"
Last edited:
HELLO_wORLD
Very Senior Member
Ah! Trap the stdin inside a while loop so ash does not receive it as a command, smart!
Thank you @kamoj
So, @KW. : this should work:
And I will be able to update my script (tomorrow) to fix the asking yes or no bug while trying to upgrade (and fix that in install.sh as it asks a question too).
Thank you @kamoj
So, @KW. : this should work:
Code:
echo -n "say y: "; case "$(i=0;while [ $i -lt 2 ];do i=$((i+1));read -p "" yn </dev/tty;[ -n "$yn" ] && echo "$yn" && break;done)" in Y|y|yes|Yes|YES) echo 'answer is YES';; *) echo 'answer is NO';; esacAnd I will be able to update my script (tomorrow) to fix the asking yes or no bug while trying to upgrade (and fix that in install.sh as it asks a question too).
Ok, back and found it.
Apart from this there is also a trick involving sed and tty...
I don't think you need any instruction, so here is my current solution (one of many):
Code:Q="Do you want to uninstall the kamoj add-on? "; echo -n "$Q" ANSWER="$(i=0;while [ $i -lt 2 ];do i=$((i+1));read -p "" yn </dev/tty;[ -n "$yn" ] && echo -n "$yn" && break;done)" echo "$ANSWER"
Nah Im done testing for today... haha sorry just kidding Im never done. I think something happened. You guys are so impressive! I love the comment "Ah! Trap the stdin inside a while loop so ash does not receive it as a command, smart!" It is so far away from my understanding but breath so much knowledge.
Code:
echo -n "say y: "; case "$(i=0;while [ $i -lt 2 ];do i=$((i+1));read -p "" yn </dev/tty;[ -n "$yn" ] && echo "$yn" && break;done)" in Y|y|yes|Yes|YES) echo 'answer is YES';; *) echo 'answer is NO';; esacHELLO_wORLD
Very Senior Member
HELLO_wORLD
Very Senior Member
v3.2.2
v3.2.2
Fantastic! Here is my report of the update.
Befor the update running the clean command:
Code:
/opt/bolemo/scripts/firewall-blocklist clean
iptables v1.4.21: mark: bad mark value for option "--mark", or out of range.
Try `iptables -h' or 'iptables --help' for more information.
grep: xregcomp: Unmatched [ or [^
root@R9000:/$After installation:
Code:
Info:
- The script is properly installed.
- firewall-blocklist version: v3.2.2
- This is the last version.
- iprange is not installed.rm -r fbl command didnt work
Code:
rm -r fbl
rm: descend into directory 'fbl'? y
root@R9000:/tmp/mnt/sdb1$Status:
Code:
Status:
- firewall-blocklist version: v3.2.2
- iprange is not installed.
- Firewall blocklist is set and active.
- Filtering 619977398 IP adresses.
Logging is off.
Code:
/opt/bolemo/scripts/firewall-blocklist update -v
firewall-blocklist v3.2.2 - Verbose mode
Initializing...
- /opt/scripts/firewall-start.sh was edited and is now ok.
Updating blocklist from sources...
- Downloading lists defined in /opt/bolemo/etc/firewall-blocklist.sources
1) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
- 100%[===================>] 38.90K --.-KB/s in 0.004s
2) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset
- 100%[===================>] 273.25K --.-KB/s in 0.04s
3) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset -
100%[===================>] 258.12K --.-KB/s in 0.03s
4) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_ciarmy_malicious.netset
-
100%[===================>] 202.70K --.-KB/s in 0.02s
5) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/malwaredomainlist.ipset -
100%[===================>] 14.49K --.-KB/s in 0.002s - iprange not installed, passing optimization and reduction process.
- Removing duplicates...
- Done.
Building ipset blocklist (44959 entries blocking 619977398 ips)...
- Created blocklist.
- Done.
Restarting firewall...
iptables v1.4.21: mark: bad mark value for option "--mark", or out of range.
Try `iptables -h' or 'iptables --help' for more information.
grep: xregcomp: Unmatched [ or [^
- Built-in firewall restarted.
Status:
- firewall-blocklist version: v3.2.2
- iprange is not installed.
- Firewall blocklist is set and active.
- Filtering 619977398 IP adresses.
- Logging is off.
Detailed status:
- /opt/scripts/firewall-start.sh exists with correct settings.
- Actual router time: Sun May 3 18:18:42 UTC 2020
- Blocklist generation time: Sun May 3 18:18:42 UTC 2020
- Router firewall was last started Sun May 3 18:18:43 UTC 2020:
ipset blocklist was already loaded and was kept.
blocklist rules were added to iptables.
- iptables rules are set:
iptables -N FwBl_DROP
iptables -A INPUT -i brwan -m set --match-set FwBl_BL src -j FwBl_DROP
iptables -A FORWARD -i brwan -m set --match-set FwBl_BL src -j FwBl_DROP
iptables -A FORWARD -o brwan -m set --match-set FwBl_BL dst -j FwBl_DROP
iptables -A OUTPUT -o brwan -m set --match-set FwBl_BL dst -j FwBl_DROP
iptables -A FwBl_DROP -j DROP
- Logging is inactive.
- ipset filter (blocklist) is set:
Name: FwBl_BL
Type: hash:net
Revision: 6
Header: family inet hashsize 32768 maxelem 65536
Size in memory: 1396788
References: 4
Number of entries: 44959
- ipset bypass (whitelist) is not set.
Last edited:
HELLO_wORLD
Very Senior Member
For info, this iptables error you get is not coming for the script. Apparently, native NG setups are throwing some errors (likely to be without incidence because all routers sold are concerned).
Interesting. Did it do that before?
Anyway, not major. You can remove doing exactly:
Code:
cd /mnt/optwareThen
Code:
rm -rf fblGood evening
The blocklist works very fine and as before I notice no drawbacks on my networks performance. All i got with your script is a safer network Now on my wish list is the iprange. I hope it is possible to get in the script for r9000 sometime in the future.
Your script is here to stay thank you allot for sharing it!
Now on my wish list is the iprange. I hope it is possible to get in the script for r9000 sometime in the future.Your script is here to stay thank you allot for sharing it!
HELLO_wORLD
Very Senior Member
The blocklist works very fine and as before I notice no drawbacks on my networks performance. All i got with your script is a safer network
Your script is here to stay thank you allot for sharing it!
Thank you!
I am glad this is useful to other people
For iprange on R9000 (without Entware), I will need to ask @Voxel as he has the compiling environment.
Entware was easy to install for me following Voxel’s readme, but maybe it’s a little different for R9000.
HELLO_wORLD
Very Senior Member
Similar threads
Similar threads
Similar threads
-
Voxel Custom firmware build for R7800 v. 1.0.2.107SF- Started by Voxel
- Replies: 13
-
Voxel Custom firmware build for R7800 v. 1.0.2.106SF
- Started by Voxel
- Replies: 26
-
Netgear x6 r7800 power light white brightness
- Started by shs9
- Replies: 3
-
-
Voxel Custom firmware build for R7800 v. 1.0.2.105SF
- Started by Voxel
- Replies: 15
-
Voxel Custom firmware build for R7800 v. 1.0.2.104SF
- Started by Voxel
- Replies: 25
-
-
Voxel [R7800] Way to route traffic using the subdomain used?
- Started by QuinTeknoLife
- Replies: 1
-
Voxel Custom firmware build for R7800 v. 1.0.2.103SF
- Started by Voxel
- Replies: 10
Latest threads
-
-
-
-
Can't get 2gbps to my unraid server
- Started by zekesdad
- Replies: 2
-
changed AC68U to AX86U Pro, same guest network setting but all devices gone?
- Started by Heronimos
- Replies: 5
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!