kamoj
Very Senior Member
You can remove your USB devices and reboot without entware?
[R7800, R9000 & probably others] Blocklist based Firewall addon
- Thread starter HELLO_wORLD
- Start date
Command 1
Command 2
Code:
find / -name tty
/dev/tty
/overlay/opt/bin/tty
/overlay/hipplay/usr/bin/tty
/proc/tty
find: /proc/5126/task/5126/fdinfo/5: No such file or directory
/rom/dev/tty
/sys/devices/soc.0/fd883000.uart0/tty
/sys/devices/soc.0/fd884000.uart1/tty
/sys/devices/virtual/tty
/sys/devices/virtual/tty/tty
/sys/devices/platform/serial8250/tty
/sys/class/tty
/sys/class/tty/ttyCommand 2
Code:
find / -name stty
/overlay/opt/bin/stty
/overlay/hipplay/bin/stty
find: /proc/32230: No such file or directory
HELLO_wORLD
Very Senior Member
Yes, I was thinking of doing that... Just can’t disrupt internet now... Maybe tomorrow morning.
Code:
root@HERMES:~$ find / -name tty
/dev/tty
/proc/tty
/sys/devices/virtual/tty
/sys/devices/virtual/tty/tty
/sys/devices/platform/msm_serial_hsl.1/tty
/sys/devices/platform/serial8250/tty
/sys/class/tty
/sys/class/tty/tty
/tmp/mnt/sda1/entware/bin/tty
root@HERMES:~$ find / -name stty
/tmp/mnt/sda1/entware/bin/stty
root@HERMES:~$HELLO_wORLD
Very Senior Member
Ok @KW. , last 2 tries:
And
If it does not work, I will disconnect Entware tomorrow on my router (and hopefully have exact same environment than you have for testing) and/or wait for @kamoj ’s solution once he’s back home.
Code:
echo -n "say y: "; echo "answer: $(head -c1 /dev/tty)"
Code:
echo -n "say y: "; A=$(dd ibs=1 count=1 2>/dev/null); echo -e "\nanswer: $A"If it does not work, I will disconnect Entware tomorrow on my router (and hopefully have exact same environment than you have for testing) and/or wait for @kamoj ’s solution once he’s back home.
Here it is. Dont worry about throwing out commands you want to try. I like to play with the big guys
Command 1
Command 2
Command 1
Code:
echo -n "say y: "; echo "answer: $(head -c1 /dev/tty)"
say y: y
answer:Command 2
Code:
echo -n "say y: "; A=$(dd ibs=1 count=1 2>/dev/null); echo -e "\nanswer: $A"
say y: y
answer:
root@R9000:/$ y
/bin/ash: y: not foundHELLO_wORLD
Very Senior Member
Thank you for calling me a big guy, I’m not at the level of @kamoj or the ultimate @Voxel .
As you guessed, none of those are working. I give up for today.
Have a good Sunday
As you guessed, none of those are working. I give up for today.
Have a good Sunday
Here it is. Dont worry about throwing out commands you want to try. I like to play with the big guys
Command 1
Code:echo -n "say y: "; echo "answer: $(head -c1 /dev/tty)" say y: y answer:
Command 2
Code:echo -n "say y: "; A=$(dd ibs=1 count=1 2>/dev/null); echo -e "\nanswer: $A" say y: y answer: root@R9000:/$ y /bin/ash: y: not found
kamoj
Very Senior Member
Ok, back and found it.
Apart from this there is also a trick involving sed and tty...
I don't think you need any instruction, so here is my current solution (one of many):
Apart from this there is also a trick involving sed and tty...
I don't think you need any instruction, so here is my current solution (one of many):
Code:
Q="Do you want to uninstall the kamoj add-on? "; echo -n "$Q"
ANSWER="$(i=0;while [ $i -lt 2 ];do i=$((i+1));read -p "" yn </dev/tty;[ -n "$yn" ] && echo -n "$yn" && break;done)"
echo "$ANSWER"
Last edited:
Your work, enthusiasm, helpfulness and creativity is top class!
HELLO_wORLD
Very Senior Member
Ah! Trap the stdin inside a while loop so ash does not receive it as a command, smart!
Thank you @kamoj
So, @KW. : this should work:
And I will be able to update my script (tomorrow) to fix the asking yes or no bug while trying to upgrade (and fix that in install.sh as it asks a question too).
Thank you @kamoj
So, @KW. : this should work:
Code:
echo -n "say y: "; case "$(i=0;while [ $i -lt 2 ];do i=$((i+1));read -p "" yn </dev/tty;[ -n "$yn" ] && echo "$yn" && break;done)" in Y|y|yes|Yes|YES) echo 'answer is YES';; *) echo 'answer is NO';; esacAnd I will be able to update my script (tomorrow) to fix the asking yes or no bug while trying to upgrade (and fix that in install.sh as it asks a question too).
Ok, back and found it.
Apart from this there is also a trick involving sed and tty...
I don't think you need any instruction, so here is my current solution (one of many):
Code:Q="Do you want to uninstall the kamoj add-on? "; echo -n "$Q" ANSWER="$(i=0;while [ $i -lt 2 ];do i=$((i+1));read -p "" yn </dev/tty;[ -n "$yn" ] && echo -n "$yn" && break;done)" echo "$ANSWER"
Nah Im done testing for today... haha sorry just kidding Im never done. I think something happened. You guys are so impressive! I love the comment "Ah! Trap the stdin inside a while loop so ash does not receive it as a command, smart!" It is so far away from my understanding but breath so much knowledge.
Code:
echo -n "say y: "; case "$(i=0;while [ $i -lt 2 ];do i=$((i+1));read -p "" yn </dev/tty;[ -n "$yn" ] && echo "$yn" && break;done)" in Y|y|yes|Yes|YES) echo 'answer is YES';; *) echo 'answer is NO';; esacHELLO_wORLD
Very Senior Member
HELLO_wORLD
Very Senior Member
v3.2.2
v3.2.2
Fantastic! Here is my report of the update.
Befor the update running the clean command:
Code:
/opt/bolemo/scripts/firewall-blocklist clean
iptables v1.4.21: mark: bad mark value for option "--mark", or out of range.
Try `iptables -h' or 'iptables --help' for more information.
grep: xregcomp: Unmatched [ or [^
root@R9000:/$After installation:
Code:
Info:
- The script is properly installed.
- firewall-blocklist version: v3.2.2
- This is the last version.
- iprange is not installed.rm -r fbl command didnt work
Code:
rm -r fbl
rm: descend into directory 'fbl'? y
root@R9000:/tmp/mnt/sdb1$Status:
Code:
Status:
- firewall-blocklist version: v3.2.2
- iprange is not installed.
- Firewall blocklist is set and active.
- Filtering 619977398 IP adresses.
Logging is off.
Code:
/opt/bolemo/scripts/firewall-blocklist update -v
firewall-blocklist v3.2.2 - Verbose mode
Initializing...
- /opt/scripts/firewall-start.sh was edited and is now ok.
Updating blocklist from sources...
- Downloading lists defined in /opt/bolemo/etc/firewall-blocklist.sources
1) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
- 100%[===================>] 38.90K --.-KB/s in 0.004s
2) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset
- 100%[===================>] 273.25K --.-KB/s in 0.04s
3) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset -
100%[===================>] 258.12K --.-KB/s in 0.03s
4) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_ciarmy_malicious.netset
-
100%[===================>] 202.70K --.-KB/s in 0.02s
5) https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/malwaredomainlist.ipset -
100%[===================>] 14.49K --.-KB/s in 0.002s - iprange not installed, passing optimization and reduction process.
- Removing duplicates...
- Done.
Building ipset blocklist (44959 entries blocking 619977398 ips)...
- Created blocklist.
- Done.
Restarting firewall...
iptables v1.4.21: mark: bad mark value for option "--mark", or out of range.
Try `iptables -h' or 'iptables --help' for more information.
grep: xregcomp: Unmatched [ or [^
- Built-in firewall restarted.
Status:
- firewall-blocklist version: v3.2.2
- iprange is not installed.
- Firewall blocklist is set and active.
- Filtering 619977398 IP adresses.
- Logging is off.
Detailed status:
- /opt/scripts/firewall-start.sh exists with correct settings.
- Actual router time: Sun May 3 18:18:42 UTC 2020
- Blocklist generation time: Sun May 3 18:18:42 UTC 2020
- Router firewall was last started Sun May 3 18:18:43 UTC 2020:
ipset blocklist was already loaded and was kept.
blocklist rules were added to iptables.
- iptables rules are set:
iptables -N FwBl_DROP
iptables -A INPUT -i brwan -m set --match-set FwBl_BL src -j FwBl_DROP
iptables -A FORWARD -i brwan -m set --match-set FwBl_BL src -j FwBl_DROP
iptables -A FORWARD -o brwan -m set --match-set FwBl_BL dst -j FwBl_DROP
iptables -A OUTPUT -o brwan -m set --match-set FwBl_BL dst -j FwBl_DROP
iptables -A FwBl_DROP -j DROP
- Logging is inactive.
- ipset filter (blocklist) is set:
Name: FwBl_BL
Type: hash:net
Revision: 6
Header: family inet hashsize 32768 maxelem 65536
Size in memory: 1396788
References: 4
Number of entries: 44959
- ipset bypass (whitelist) is not set.
Last edited:
HELLO_wORLD
Very Senior Member
For info, this iptables error you get is not coming for the script. Apparently, native NG setups are throwing some errors (likely to be without incidence because all routers sold are concerned).
Interesting. Did it do that before?
Anyway, not major. You can remove doing exactly:
Code:
cd /mnt/optwareThen
Code:
rm -rf fblGood evening
The blocklist works very fine and as before I notice no drawbacks on my networks performance. All i got with your script is a safer network Now on my wish list is the iprange. I hope it is possible to get in the script for r9000 sometime in the future.
Your script is here to stay thank you allot for sharing it!
Now on my wish list is the iprange. I hope it is possible to get in the script for r9000 sometime in the future.Your script is here to stay thank you allot for sharing it!
HELLO_wORLD
Very Senior Member
The blocklist works very fine and as before I notice no drawbacks on my networks performance. All i got with your script is a safer network
Your script is here to stay thank you allot for sharing it!
Thank you!
I am glad this is useful to other people
For iprange on R9000 (without Entware), I will need to ask @Voxel as he has the compiling environment.
Entware was easy to install for me following Voxel’s readme, but maybe it’s a little different for R9000.
HELLO_wORLD
Very Senior Member
Similar threads
DomainVPNRouting
Domain VPN Routing v3.2.2 ***Release***
Similar threads
Similar threads
-
Kamoj Kamoj Addon 5.5 Beta for Netgear R7800/R8900/R9000 with Voxel FW - Continuation
- Started by matttt22
- Replies: 51
-
Voxel Custom firmware build for R7800 v. 1.0.2.117SF- Started by Voxel
- Replies: 9
-
R7800 jump back to 5ghz DFS Channel
- Started by NetgearR7800
- Replies: 5
-
Voxel [R7800](Still) unable to (re-)enable AnywhereAccess
- Started by QuinTeknoLife
- Replies: 1
-
Voxel Netgear R7800 - Voxel 116F - Search domains?
- Started by taraptapio
- Replies: 0
-
Voxel Custom firmware build for R7800 v. 1.0.2.116SF
- Started by Voxel
- Replies: 14
-
Voxel Custom firmware build for R7800 v. 1.0.2.115SF
- Started by Voxel
- Replies: 17
-
Voxel R7800 Voxel - dhcp - different gateway for specific IPs
- Started by joshhighley
- Replies: 2
-
Voxel Custom firmware build for R7800 v. 1.0.2.114SF
- Started by Voxel
- Replies: 11
-
Kamoj [R7800] Best way to set up adguard?
- Started by QuinTeknoLife
- Replies: 1
Latest threads
-
-
Entware Transmission is not deleting files from drive
- Started by Milan
- Replies: 0
-
Re-Using New ISP WiFi 6 and 7 Routers.
- Started by MiserableCurmugeon
- Replies: 0
-
Someone with RT-BE92U confirm a command supported or not?- Started by kstamand
- Replies: 0
-
Release ASUS RT-BE88U Firmware version 3.0.0.6_102_39112 2025/10/29
- Started by Ameenhuus
- Replies: 5
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!
Staff online
-
RMerlinAsuswrt-Merlin dev