@ Frater - AsiaBlock

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2, 3 ... 14, 15, 16  Next
Author Message
barryware
DD-WRT Guru


Joined: 26 Jan 2008
Posts: 13049
Location: Behind The Reset Button

PostPosted: Wed Nov 18, 2009 21:18    Post subject: @ Frater - AsiaBlock Reply with quote
Frater, I hope you don't mind me starting a new thread as opposed to posting in your optware thread. If so, pm me and I will delete this post.

A Chinese ip got through, this ip in not on my Chinese ip list I downloaded. I don't know if it is in your asia block script or not.
Sponsor
frater
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 2777

PostPosted: Wed Nov 18, 2009 22:09    Post subject: Reply with quote
Hi Barryware...

This IP falls inside this rule:
Code:
iptables -A SPAMasia -s 124.0.0.0/7 -j logdrop

Are you using the 'S95asiablock' to generate the list?
If so, can you redownload it to make sure you are not running an old version.......

Please check if you have that range in your list.

_________________
Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge

DD-WRT v24-sp2 vpn (c) 2010 NewMedia-NET GmbH
Release: 12/16/10 (SVN revision: 15758M)
barryware
DD-WRT Guru


Joined: 26 Jan 2008
Posts: 13049
Location: Behind The Reset Button

PostPosted: Wed Nov 18, 2009 22:20    Post subject: Reply with quote
My last download / install was sunday morning.

to download an updated asiablock file:

wget -O /tmp/S95asiablock http://wd.mirmana.com/??

Then copy from root/tmp/ to the appropriate opt folder? I found where the S9~ files are stored on the router but not in a position to look again right now.

I was not aware I had to generate a list. I looked at the files when adding russia was being discussed but did not add to / edit the file. Just "checked it out"

Thanks F~

_________________
[Moderator Deleted] Shocked
frater
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 2777

PostPosted: Wed Nov 18, 2009 22:43    Post subject: Reply with quote
The list is not downloaded/composed everytime because it is a quite static list. This will happen every 20 days. Redownloading the script will not change your list. To force a new list you will have to manually delete the file in /opt/etc (iptables.asia)
_________________
Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge

DD-WRT v24-sp2 vpn (c) 2010 NewMedia-NET GmbH
Release: 12/16/10 (SVN revision: 15758M)
barryware
DD-WRT Guru


Joined: 26 Jan 2008
Posts: 13049
Location: Behind The Reset Button

PostPosted: Thu Nov 19, 2009 0:21    Post subject: Reply with quote
frater wrote:
The list is not downloaded/composed everytime because it is a quite static list. This will happen every 20 days. Redownloading the script will not change your list. To force a new list you will have to manually delete the file in /opt/etc (iptables.asia)


Ok.. I understand.. My last install was a clean install with a different / fresh sd card. Has the list been updated since Sunday?

_________________
[Moderator Deleted] Shocked
frater
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 2777

PostPosted: Thu Nov 19, 2009 4:26    Post subject: Reply with quote
Can you post your list and rc_firewall on pastebin?
Oh... and another thing...

This FTP btw... It isn't running on your DD-WRT is it?
If so, it isn't blocked by default.
I only placed a hook in the FORWARD chain.
You need to manually add another hook in your INPUT chain (in rc_firewall).

In the future I don't want the script to make the hooks at all. But I need a firmware change which somehow doesn't happen.

_________________
Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge

DD-WRT v24-sp2 vpn (c) 2010 NewMedia-NET GmbH
Release: 12/16/10 (SVN revision: 15758M)
barryware
DD-WRT Guru


Joined: 26 Jan 2008
Posts: 13049
Location: Behind The Reset Button

PostPosted: Thu Nov 19, 2009 5:15    Post subject: Reply with quote
frater wrote:
Can you post your list and rc_firewall on pastebin?
Oh... and another thing...

This FTP btw... It isn't running on your DD-WRT is it?
If so, it isn't blocked by default.
I only placed a hook in the FORWARD chain.
You need to manually add another hook in your INPUT chain (in rc_firewall).

In the future I don't want the script to make the hooks at all. But I need a firmware change which somehow doesn't happen.


Hi Frater...

My "list" I refer to is a list I downloaded and printed so I could reference the IP's that hammer my ftp site. I have no list that I uploaded to the router.

My ftp server is actually a computer connected to the rest of the network hosting the files from a nas drive. The router is not running the ftp server.

Keep in mind, I am a complete noob with linux. I have been fooling around for a couple of hours searching the forum to find the commands to list the data you need to look at. The closest I came was iptables -L and I don't think that is what you need to see.

Can you help me and advise how to produce / list the data you need to see?

tia..
fggs
DD-WRT Guru


Joined: 28 Jan 2008
Posts: 1741

PostPosted: Thu Nov 19, 2009 11:05    Post subject: Reply with quote
I think he meant this:

cat S95asiablock
nvram get rc_firewall

then paste the results to http://pastebin.com
barryware
DD-WRT Guru


Joined: 26 Jan 2008
Posts: 13049
Location: Behind The Reset Button

PostPosted: Thu Nov 19, 2009 14:36    Post subject: Reply with quote
fggs wrote:
I think he meant this:

cat S95asiablock
nvram get rc_firewall

then paste the results to http://pastebin.com


Thanks..

I put the output from CAT on pastebin.

nvram get rc_firewall gave no output.

I think there may be something wrong with the search path. I had to navigate to the folder where the S95 file was. If not, I would get an error stating the file could not be found.

root@DD-WRT_1:/mmc/opt/etc/init.d# nvram get rc_firewall

root@DD-WRT_1:/mmc/opt/etc/init.d#

_________________
[Moderator Deleted] Shocked
fggs
DD-WRT Guru


Joined: 28 Jan 2008
Posts: 1741

PostPosted: Thu Nov 19, 2009 14:59    Post subject: Reply with quote
Please post the link of pastebin with the data.

example: pastebin.com/something
barryware
DD-WRT Guru


Joined: 26 Jan 2008
Posts: 13049
Location: Behind The Reset Button

PostPosted: Thu Nov 19, 2009 15:22    Post subject: Reply with quote
fggs wrote:
Please post the link of pastebin with the data.

example: pastebin.com/something


http://pastebin.com/m31c82046

_________________
[Moderator Deleted] Shocked
frater
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 2777

PostPosted: Mon Dec 07, 2009 4:52    Post subject: Reply with quote
I've changed my script to make use of the new extention which is offered in the latest firmwares as of Dec 2009.

The script will make a symbolic link /tmp/etc/config/asia.prewall to /opt/etc/iptables.asia

This script will define the chain "asia" and a 2nd chain SPAMasia which will be called from "asia".

The new script will not touch the normal firewall settings anymore (rc_firewall).

You can now use the chain "asia" just like you use "logdrop" or "logaccept". If you direct traffic into the chain "asia" it will be dropped if it's from asia and it will come back if not.....

This means you now have all the flexibility to put these rules to your own use...

In your firewall you can have these rules for example (you have to put them at the end in order to make them run first):
Code:

iptables -I FORWARD -p tcp --dport 25 -j asia
iptables -I INPUT -p udp --dport 5060 -j asia


You can also copy the script and redefine some parameters and create a new chain this way....

Please let me know how it works!!
You do have to wait for a new firmware!!!!

PS Do delete any /opt/etc/iptables.asia rules you may have.....


Code:
wget -O /opt/etc/init.d/S95asiablock http://wd.mirmana.com/S95asiablock
service asiablock on
service asiablock start

_________________
Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge

DD-WRT v24-sp2 vpn (c) 2010 NewMedia-NET GmbH
Release: 12/16/10 (SVN revision: 15758M)
DHC_DarkShadow
DD-WRT Guru


Joined: 22 Jun 2008
Posts: 2440
Location: Am now Dark_Shadow

PostPosted: Mon Dec 07, 2009 11:45    Post subject: Reply with quote
frater wrote:
PS Do delete any /opt/etc/iptables.asia rules you may have.....


So will asia block no longer calculate the ip's on a new install when you turn it on?


EDIT: opps had to read in again, you want us to delete /opt/etc/iptables.asia

_________________
The New Me
uncle bob
DD-WRT User


Joined: 31 Aug 2008
Posts: 148

PostPosted: Mon Dec 07, 2009 13:38    Post subject: Reply with quote
are you using these scripts to protect web servers ?
i am think to use this on 4mb rom router to prevent google from snooping around my laptop.
for example let's say i travel (with laptop) to amsterdam, do little web browsing there, meet woman whatever, then go back to us and surprise! i noticed evil company tries to access their web servers in holland from us.
very annoying very ..
would be even possible to use this on 4mb flash ?
optware and all that stuff won't fit right ?
frater would you be so nice to generate only iptables rules for these few unwelcomed countries ?
frater
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 2777

PostPosted: Mon Dec 07, 2009 17:48    Post subject: Reply with quote
uncle bob wrote:
are you using these scripts to protect web servers ?

You can use it for anything....
uncle bob wrote:
i am think to use this on 4mb rom router to prevent google from snooping around my laptop.
for example let's say i travel (with laptop) to amsterdam, do little web browsing there, meet woman whatever, then go back to us and surprise! i noticed evil company tries to access their web servers in holland from us.
very annoying very ..
would be even possible to use this on 4mb flash ?
optware and all that stuff won't fit right ?
frater would you be so nice to generate only iptables rules for these few unwelcomed countries ?

Just open the script in an editor....
You can easily add countries in the script.
In its new version (you also need new firmware as well) you have to write your own rule....
If I understand you problem (not sure though)....
You only need to add this rule to your rc_firewall

Code:
iptables -I FORWARD -o `nvram get wan_ifname` --dport 80 -j asia


You will however get another problem....

As I'm from Holland you will be unable to get any updates of this script :lol:

BTW. This script is not really intended for individual countries.. It does much more than just collect these countries....
I can write a normal countryblock quite easily now.... But first I need some feedback on this new one...

_________________
Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge

DD-WRT v24-sp2 vpn (c) 2010 NewMedia-NET GmbH
Release: 12/16/10 (SVN revision: 15758M)
Goto page 1, 2, 3 ... 14, 15, 16  Next Display posts from previous:    Page 1 of 16
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum