Are you using the 'S95asiablock' to generate the list?
If so, can you redownload it to make sure you are not running an old version.......
Please check if you have that range in your list. _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
Then copy from root/tmp/ to the appropriate opt folder? I found where the S9~ files are stored on the router but not in a position to look again right now.
I was not aware I had to generate a list. I looked at the files when adding russia was being discussed but did not add to / edit the file. Just "checked it out"
The list is not downloaded/composed everytime because it is a quite static list. This will happen every 20 days. Redownloading the script will not change your list. To force a new list you will have to manually delete the file in /opt/etc (iptables.asia) _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
Joined: 26 Jan 2008 Posts: 13049 Location: Behind The Reset Button
Posted: Thu Nov 19, 2009 0:21 Post subject:
frater wrote:
The list is not downloaded/composed everytime because it is a quite static list. This will happen every 20 days. Redownloading the script will not change your list. To force a new list you will have to manually delete the file in /opt/etc (iptables.asia)
Ok.. I understand.. My last install was a clean install with a different / fresh sd card. Has the list been updated since Sunday? _________________ [Moderator Deleted]
Can you post your list and rc_firewall on pastebin?
Oh... and another thing...
This FTP btw... It isn't running on your DD-WRT is it?
If so, it isn't blocked by default.
I only placed a hook in the FORWARD chain.
You need to manually add another hook in your INPUT chain (in rc_firewall).
In the future I don't want the script to make the hooks at all. But I need a firmware change which somehow doesn't happen. _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
Joined: 26 Jan 2008 Posts: 13049 Location: Behind The Reset Button
Posted: Thu Nov 19, 2009 5:15 Post subject:
frater wrote:
Can you post your list and rc_firewall on pastebin?
Oh... and another thing...
This FTP btw... It isn't running on your DD-WRT is it?
If so, it isn't blocked by default.
I only placed a hook in the FORWARD chain.
You need to manually add another hook in your INPUT chain (in rc_firewall).
In the future I don't want the script to make the hooks at all. But I need a firmware change which somehow doesn't happen.
Hi Frater...
My "list" I refer to is a list I downloaded and printed so I could reference the IP's that hammer my ftp site. I have no list that I uploaded to the router.
My ftp server is actually a computer connected to the rest of the network hosting the files from a nas drive. The router is not running the ftp server.
Keep in mind, I am a complete noob with linux. I have been fooling around for a couple of hours searching the forum to find the commands to list the data you need to look at. The closest I came was iptables -L and I don't think that is what you need to see.
Can you help me and advise how to produce / list the data you need to see?
I think there may be something wrong with the search path. I had to navigate to the folder where the S95 file was. If not, I would get an error stating the file could not be found.
root@DD-WRT_1:/mmc/opt/etc/init.d# nvram get rc_firewall
I've changed my script to make use of the new extention which is offered in the latest firmwares as of Dec 2009.
The script will make a symbolic link /tmp/etc/config/asia.prewall to /opt/etc/iptables.asia
This script will define the chain "asia" and a 2nd chain SPAMasia which will be called from "asia".
The new script will not touch the normal firewall settings anymore (rc_firewall).
You can now use the chain "asia" just like you use "logdrop" or "logaccept". If you direct traffic into the chain "asia" it will be dropped if it's from asia and it will come back if not.....
This means you now have all the flexibility to put these rules to your own use...
In your firewall you can have these rules for example (you have to put them at the end in order to make them run first):
Code:
iptables -I FORWARD -p tcp --dport 25 -j asia
iptables -I INPUT -p udp --dport 5060 -j asia
You can also copy the script and redefine some parameters and create a new chain this way....
Please let me know how it works!!
You do have to wait for a new firmware!!!!
PS Do delete any /opt/etc/iptables.asia rules you may have.....
Code:
wget -O /opt/etc/init.d/S95asiablock http://wd.mirmana.com/S95asiablock
service asiablock on
service asiablock start
_________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
are you using these scripts to protect web servers ?
i am think to use this on 4mb rom router to prevent google from snooping around my laptop.
for example let's say i travel (with laptop) to amsterdam, do little web browsing there, meet woman whatever, then go back to us and surprise! i noticed evil company tries to access their web servers in holland from us.
very annoying very ..
would be even possible to use this on 4mb flash ?
optware and all that stuff won't fit right ?
frater would you be so nice to generate only iptables rules for these few unwelcomed countries ?
are you using these scripts to protect web servers ?
You can use it for anything....
uncle bob wrote:
i am think to use this on 4mb rom router to prevent google from snooping around my laptop.
for example let's say i travel (with laptop) to amsterdam, do little web browsing there, meet woman whatever, then go back to us and surprise! i noticed evil company tries to access their web servers in holland from us.
very annoying very ..
would be even possible to use this on 4mb flash ?
optware and all that stuff won't fit right ?
frater would you be so nice to generate only iptables rules for these few unwelcomed countries ?
Just open the script in an editor....
You can easily add countries in the script.
In its new version (you also need new firmware as well) you have to write your own rule....
If I understand you problem (not sure though)....
You only need to add this rule to your rc_firewall
Code:
iptables -I FORWARD -o `nvram get wan_ifname` --dport 80 -j asia
You will however get another problem....
As I'm from Holland you will be unable to get any updates of this script :lol:
BTW. This script is not really intended for individual countries.. It does much more than just collect these countries....
I can write a normal countryblock quite easily now.... But first I need some feedback on this new one... _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge