The Videotron custom firmware does not allow local upgrade. On the firmware update page there is a nice "Firmware upgrade: Disabled" and that's where the update ends in the main interface.
In order to update, I've rebooted in recovery mode browser by keeping the reset pressed white plugin the power. However, the upload process was always staying at 0% and didn't finished;
Then I've hexedited the factory-to-ddwrt_NA.bin and changed the last byte in the file from "0" to "2" - still no luck;
I've tried uploading directly from the shell: "ifconfig enp0s25 192.168.0.34 up && curl -0vF files=@factory-to-ddwrt_NA.bin http://192.168.0.1/cgi/index" - nope, still nothing;
The solution was deceivingly simple: I've put a switch between the D-Link and the computer - then the curl upload worked perfectly!
In the void is virtue, and no evil. Wisdom has existance, principle has existance, the Way has existance, spirit is nothingness.
Showing posts with label DD-WRT. Show all posts
Showing posts with label DD-WRT. Show all posts
Wednesday, April 08, 2020
Wednesday, July 03, 2019
DD-WRT wireless extender
Setup -> Basic Setup -> WAN Connection Type -> Connection Type ->Disabled
Network Setup -> Router IP -> Local IP Address - choose an IP outside the DHCP Range from the main router
Gateway and Local DNS - usually the IP of the main router
Wireless -> Basic Settings -> First interface (2.4GHz) -> Wireless Mode: Client Bridge (Routed)
Default GW Mode: Manual
Gateway: IP of the main router
Wireless Security: same as on main router
Wireless -> Basic Settings -> Second interface (5GHz) -> Wireless Mode: AP
Set the WiFi network the way you want - You can duplicate the 5GHz config form the main router. this way the clients will do seamless roaming.
Services -> disable all
Security -> disable all
Access Restrictions -> disable all
NAT / QoS -> disable all
Administration -> Management
802.1x: Disable
Reset Button: Disable
Routing: Disable
Administration -> Keep Alive
Enable Watchdog: Enable
Interval (in seconds): 900
IP Addresses: Ip of the main router
Network Setup -> Router IP -> Local IP Address - choose an IP outside the DHCP Range from the main router
Gateway and Local DNS - usually the IP of the main router
Wireless -> Basic Settings -> First interface (2.4GHz) -> Wireless Mode: Client Bridge (Routed)
Default GW Mode: Manual
Gateway: IP of the main router
Wireless Security: same as on main router
Wireless -> Basic Settings -> Second interface (5GHz) -> Wireless Mode: AP
Set the WiFi network the way you want - You can duplicate the 5GHz config form the main router. this way the clients will do seamless roaming.
Services -> disable all
Security -> disable all
Access Restrictions -> disable all
NAT / QoS -> disable all
Administration -> Management
802.1x: Disable
Reset Button: Disable
Routing: Disable
Administration -> Keep Alive
Enable Watchdog: Enable
Interval (in seconds): 900
IP Addresses: Ip of the main router
Tuesday, June 04, 2019
Web Interface for Parental Control
This continues the Parental Control post from last month.
First of all, in order to protect the web page, we need an authentication method. A simple user/password will do for the moment (it's not perfect, you can bypass it by accessing directly the /cgi-bin/script.sh, but for the purpose of this exercise is OK-ish) .
Make sure that in the lighttpd.conf, mod_auth and mod_access are loaded,
server.modules += ( "mod_access" )
server.modules += ( "mod_auth" )
and the host section is protected
HTTP["url"] =~ "^/" {
auth.backend = "plain"
auth.backend.plain.userfile = "/jffs/lighttpd/.lighttpdpassword"
auth.require = ( "/" => (
"method" => "basic",
"realm" => "Password protected Parental Control",
"require" => "valid-user"
))}
(where /jffs/lighttpd/.lighttpdpassword contains the plaintext credentials, let's say parent:password)
The following index.html must be placed into the lighthttpd www root (/jffs/www/):
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Parental Control</title>
<form action="../cgi-bin/ai.sh" method="POST">
<button name="name" value="value" style="background-color:lime;height:150px;width:400px"> Allow internet </button>
</form><p><br>
<form action="../cgi-bin/ag.sh" method="POST">
<button name="name" value="value" style="background-color:yellowgreen;height:150px;width:400px"> Allow games </button>
</form><p><br>
<form action="../cgi-bin/ay.sh" method="POST">
<button name="name" value="value" style="background-color:khaki;height:150px;width:400px"> Allow only YouTube </button>
</form><p><br>
<form action="../cgi-bin/ni.sh" method="POST">
<button name="name" value="value" style="background-color:red;height:150px;width:400px"> No internet </button>
</form><p><br>
<form action="../cgi-bin/ng.sh" method="POST">
<button name="name" value="value" style="background-color:lightcoral;height:150px;width:400px"> No games </button>
</form><p><br>
<form action="../cgi-bin/lst.sh" method="POST">
<button name="name" value="value" style="background-color:cyan;height:150px;width:400px"> Show actual </button>
</form>
</head>
</html>
First of all, in order to protect the web page, we need an authentication method. A simple user/password will do for the moment (it's not perfect, you can bypass it by accessing directly the /cgi-bin/script.sh, but for the purpose of this exercise is OK-ish) .
Make sure that in the lighttpd.conf, mod_auth and mod_access are loaded,
server.modules += ( "mod_access" )
server.modules += ( "mod_auth" )
HTTP["url"] =~ "^/" {
auth.backend = "plain"
auth.backend.plain.userfile = "/jffs/lighttpd/.lighttpdpassword"
auth.require = ( "/" => (
"method" => "basic",
"realm" => "Password protected Parental Control",
"require" => "valid-user"
))}
(where /jffs/lighttpd/.lighttpdpassword contains the plaintext credentials, let's say parent:password)
The following index.html must be placed into the lighthttpd www root (/jffs/www/):
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Parental Control</title>
<form action="../cgi-bin/ai.sh" method="POST">
<button name="name" value="value" style="background-color:lime;height:150px;width:400px"> Allow internet </button>
</form><p><br>
<form action="../cgi-bin/ag.sh" method="POST">
<button name="name" value="value" style="background-color:yellowgreen;height:150px;width:400px"> Allow games </button>
</form><p><br>
<form action="../cgi-bin/ay.sh" method="POST">
<button name="name" value="value" style="background-color:khaki;height:150px;width:400px"> Allow only YouTube </button>
</form><p><br>
<form action="../cgi-bin/ni.sh" method="POST">
<button name="name" value="value" style="background-color:red;height:150px;width:400px"> No internet </button>
</form><p><br>
<form action="../cgi-bin/ng.sh" method="POST">
<button name="name" value="value" style="background-color:lightcoral;height:150px;width:400px"> No games </button>
</form><p><br>
<form action="../cgi-bin/lst.sh" method="POST">
<button name="name" value="value" style="background-color:cyan;height:150px;width:400px"> Show actual </button>
</form>
</head>
</html>
The following scripts will be placed into the ./cgi-bin folder:
ag.sh
#!/bin/sh
OUTPUT=$('/jffs/allow_game ; sleep 1; iptables -L FORWARD | grep DROP | grep -v "DROP 0 -- anywhere anywhere" | if grep -q "DROP 0 -- 192.168.1.128/28 anywhere"; then echo NO Internet; else echo Allow Internet; fi; if grep -qm1 "#" /tmp/yt-block.conf; then echo Allow YT; else echo NO YT; fi; if grep -qm1 "#" /tmp/games-block.conf; then echo Allow Games; else echo NO Games; fi' | awk 'BEGIN{print "<table>"} {print "<tr>";for(i=1;i<=NF;i++)print "<td>" $i"</td>";print "</tr>"} END{print "</table>"}')
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Parental Control</title></head><body>"
echo "Rules are: $OUTPUT <br><p>"
echo "<form><input type='button' style='background-color:cyan;height:200px;width:400px' value='Back' onclick='history.back()'></form>"
echo "</body></html>"
ai.sh
#!/bin/sh
OUTPUT=$('/jffs/del_fw ;sleep 1; iptables -L FORWARD | grep DROP | grep -v "DROP 0 -- anywhere anywhere" | if grep -q "DROP 0 -- 192.168.1.128/28 anywhere"; then echo NO Internet; else echo Allow Internet; fi; if grep -qm1 "#" /tmp/yt-block.conf; then echo Allow YT; else echo NO YT; fi; if grep -qm1 "#" /tmp/games-block.conf; then echo Allow Games; else echo NO Games; fi' | awk 'BEGIN{print "<table>"} {print "<tr>";for(i=1;i<=NF;i++)print "<td>" $i"</td>";print "</tr>"} END{print "</table>"}')
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Parental Control</title></head><body>"
echo "Rules are: $OUTPUT <br><p>"
echo "<form><input type='button' style='background-color:cyan;height:200px;width:400px' value='Back' onclick='history.back()'></form>"
echo "</body></html>"
ay.sh
#!/bin/sh
OUTPUT=$('/jffs/allow_yt ; sleep 1; iptables -L FORWARD | grep DROP | grep -v "DROP 0 -- anywhere anywhere" | if grep -q "DROP 0 -- 192.168.1.128/28 anywhere"; then echo NO Internet; else echo Allow Internet; fi; if grep -qm1 "#" /tmp/yt-block.conf; then echo Allow YT; else echo NO YT; fi; if grep -qm1 "#" /tmp/games-block.conf; then echo Allow Games; else echo NO Games; fi' | awk 'BEGIN{print "<table>"} {print "<tr>";for(i=1;i<=NF;i++)print "<td>" $i"</td>";print "</tr>"} END{print "</table>"}')
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Parental Control</title></head><body>"
echo "Rules are: $OUTPUT <br><p>"
echo "<form><input type='button' style='background-color:cyan;height:200px;width:400px' value='Back' onclick='history.back()'></form>"
echo "</body></html>"
lst.sh
#!/bin/sh
OUTPUT=$('iptables -L FORWARD | grep DROP | grep -v "DROP 0 -- anywhere anywhere" | if grep -q "DROP 0 -- 192.168.1.128/28 anywhere"; then echo NO Internet; else echo Allow Internet; fi; if grep -qm1 "#" /tmp/yt-block.conf; then echo Allow YT; else echo NO YT; fi; if grep -qm1 "#" /tmp/games-block.conf; then echo Allow Games; else echo NO Games; fi;' | awk 'BEGIN{print "<table>"} {print "<tr>";for(i=1;i<=NF;i++)print "<td>" $i"</td>";print "</tr>"} END{print "</table>"}')
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Parental Control</title></head><body>"
echo "Rules are: $OUTPUT <br><p>"
echo "<form><input type='button' style='background-color:cyan;height:200px;width:400px' value='Back' onclick='history.back()'></form>"
echo "</body></html>"
ng.sh
#!/bin/sh
OUTPUT=$('/jffs/disable_game && iptables -L FORWARD | grep DROP | grep -v "DROP 0 -- anywhere anywhere" | if grep -q "DROP 0 -- 192.168.1.128/28 anywhere"; then echo NO Internet; else echo Allow Internet; fi; if grep -qm1 "#" /tmp/yt-block.conf; then echo Allow YT; else echo NO YT; fi; if grep -qm1 "#" /tmp/games-block.conf; then echo Allow Games; else echo NO Games; fi' | awk 'BEGIN{print "<table>"} {print "<tr>";for(i=1;i<=NF;i++)print "<td>" $i"</td>";print "</tr>"} END{print "</table>"}')
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Parental Control</title></head><body>"
echo "Rules are: $OUTPUT <br><p>"
echo "<form><input type='button' style='background-color:cyan;height:200px;width:400px' value='Back' onclick='history.back()'></form>"
echo "</body></html>"
ni.sh
#!/bin/sh
OUTPUT=$('/jffs/add_fw && iptables -L FORWARD | grep DROP | grep -v "DROP 0 -- anywhere anywhere" | if grep -q "DROP 0 -- 192.168.1.128/28 anywhere"; then echo NO Internet; else echo Allow Internet; fi; if grep -qm1 "#" /tmp/yt-block.conf; then echo Allow YT; else echo NO YT; fi; if grep -qm1 "#" /tmp/games-block.conf; then echo Allow Games; else echo NO Games; fi' | awk 'BEGIN{print "<table>"} {print "<tr>";for(i=1;i<=NF;i++)print "<td>" $i"</td>";print "</tr>"} END{print "</table>"}')
echo "Content-type: text/html"
echo ""
echo "<html><head><title>Parental Control</title></head><body>"
echo "Rules are: $OUTPUT <br><p>"
echo "<form><input type='button' style='background-color:cyan;height:200px;width:400px' value='Back' onclick='history.back()'></form>"
echo "</body></html>"
Now a very simple web page will allow you to control the kids internet from any browser:
Friday, May 03, 2019
Parental control
Because you can't let the kids on YouTube 24/7 and some games are really addictive :)
The router must run OpenWRT or DD-WRT.
The kids devices must be assigned IP's from a certain range, let's say 192.168.1.128/28 by adding some lines similar to the following one into Additional Dnsmasq Options:
dhcp-host=set:red,AA:BB:CC:00:DD:22,kids-tv,192.168.1.130,43200m
A series of scripts must be put in /jffs/ and called by a cron job:
cat add_fw
#!/bin/sh
iptables -I FORWARD 1 -s 192.168.1.128/28 -j DROP
iptables -I FORWARD 2 -s 192.168.1.128/28 -m conntrack -j DROP --ctstate RELATED,ESTABLISHED
cat del_fw
The router must run OpenWRT or DD-WRT.
The kids devices must be assigned IP's from a certain range, let's say 192.168.1.128/28 by adding some lines similar to the following one into Additional Dnsmasq Options:
dhcp-host=set:red,AA:BB:CC:00:DD:22,kids-tv,192.168.1.130,43200m
A series of scripts must be put in /jffs/ and called by a cron job:
cat add_fw
#!/bin/sh
iptables -I FORWARD 1 -s 192.168.1.128/28 -j DROP
iptables -I FORWARD 2 -s 192.168.1.128/28 -m conntrack -j DROP --ctstate RELATED,ESTABLISHED
cat del_fw
#!/bin/sh
iptables -D FORWARD -s 192.168.1.128/28 -j DROP
iptables -D FORWARD -s 192.168.1.128/28 -m conntrack -j DROP --ctstate RELATED,ESTABLISHED
cat disable_game
#!/bin/sh
# DNS Rules
sed -e 's/^#//' -i /tmp/games-block.conf
sed -e 's/^#//' -i /tmp/yt-block.conf
restart_dns
# Force kids DNS to local
iptables -t nat -A PREROUTING -i br0 -s 192.168.1.128/28 -p udp --dport 53 -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -i br0 -s 192.168.1.128/28 -p udp --dport 53 -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -i br0 -s 192.168.1.128/28 -p tcp --dport 53 -j DNAT --to 192.168.1.1
# Block all ports over :500
iptables -I FORWARD 5 -p tcp --source 192.168.1.128/28 --dport 500:65535 -j DROP
cat allow_game
#!/bin/sh
# Remove DNS rules
sed 's/^\([^#]\)/#\1/g' -i /tmp/games-block.conf
sed 's/^\([^#]\)/#\1/g' -i /tmp/yt-block.conf
restart_dns
# Remove Force kids DNS to local
iptables -t nat -D PREROUTING -i br0 -s 192.168.1.128/28 -p udp --dport 53 -j DNAT --to 192.168.1.1
iptables -t nat -D PREROUTING -i br0 -s 192.168.1.128/28 -p tcp --dport 53 -j DNAT --to 192.168.1.1
# Unblock all ports over :500
iptables -D FORWARD -p tcp --source 192.168.1.128/28 --dport 500:65535 -j DROP
I do have an extra script that allow access to YouTube, without allowing games, this one is called only from a html page that I'll explain in a later post:
cat allow_yt
#!/bin/sh
sed 's/^\([^#]\)/#\1/g' -i /tmp/yt-block.conf
restart_dns
Those scripts are called by cron jobs that makes sure we don't have internet during the sleep hours and games & YouTube are permitted only during the weekend:
00 21 * * 0-4 root /jffs/add_fw
30 22 * * 5,6 root /jffs/add_fw
00 08 * * * root /jffs/del_fw
30 17 * * 5 root /jffs/allow_game
30 17 * * 0 root /jffs/disable_game
In order to block the DNS requests, the following Additional Dnsmasq Options needs to be added:
conf-file=/tmp/yt-block.conf
conf-file=/tmp/games-block.conf
The files /tmp/yt-block.conf and /tmp/games-block.conf are created by the startup script:
stopservice dnsmasq
echo "#address=/.roblox.com/192.168.1.1
#address=/.rbxcdn.com/192.168.1.1
#address=/.epicgames.com/192.168.1.1
#address=/.fortnitegame.com/192.168.1.1
#address=/.easyanticheat.com/192.168.1.1
#address=/.pixelgunserver.com/192.168.1.1
#address=/.applovin.com/192.168.1.1
#address=/.clashroyaleapp.com/192.168.1.1
#address=/.applifier.com/192.168.1.1
#address=/.chartboost.com/192.168.1.1
#address=/.fyber.com/192.168.1.1
#address=/.twitch.tv/192.168.1.1
#address=/.ttvnw.net/192.168.1.1
#address=/.leagueoflegends.com/192.168.1.1
#address=/.pvp.net/192.168.1.1
#address=/.riotgames.com/192.168.1.1
#address=/.garenanow.com/192.168.1.1
#address=/.ea.com/192.168.1.1
#address=/.respawn.com/192.168.1.1
#address=/.origin.com/192.168.1.1" > /tmp/games-block.conf
echo "#address=/.youtube.com/192.168.1.1
#address=/youtube.googleapis.com/192.168.1.1
#address=/youtubei.googleapis.com/192.168.1.1
#address=/.ytimg.com/192.168.1.1
#address=/ytimg.l.google.com/192.168.1.1
#address=/youtube.l.google.com/192.168.1.1
#address=/.googlevideo.com/192.168.1.1
#address=/.youtube-nocookie.com/192.168.1.1
#address=/.youtu.be/192.168.1.1" > /tmp/yt-block.conf
startservice dnsmasq
An "easy" way to run those scripts besides the scheduled cron jobs, is from the DD-WRT Administration -> Commands page:
Tuesday, February 02, 2016
Install DD-WRT on Buffalo WZR-600DHP2
1 Download the Official DD-WRT image from http://www.buffalotech.com/support-and-downloads/download/wzr600dhp2d-v24sp2-23709a.zip 2 login to http://192.168.11.1/cgi-bin/cgi?req=frm&frm=py-db/55debug.html username: bufpy password: otdpopypassword Click on telnetd, click on Start 3 telnet 192.168.11.1 and type: "ubootenv set accept_open_rt_fmt 1" 4 point your browser to http://192.168.11.1/cgi-bin/cgi?req=frm&frm=py-db/firmup.html 5 upload the firmware you downloaded (and unziped) on step 1 6 wait. 7 wait. 8 WAIT I SAID! 9 wait some more time, then login to http://192.168.1.1/ admin:password - enjoy DD-WRT!
(thanks to Guilherme Garnier for correcting me at the last step)
Firmware 2.27 and higher have a slightly different procedure:
1 login to http://192.168.11.1/cgi-bin/cgi?req=frm&frm=py-db/55debug.html username "bufpy" password "otdpopypassword"2 In a new tab, go to the normal web interface at http://192.168.11.1 (automatically logged in in debug mode)
3 Click on the new button "debug-disp"
4 Click on the (second to last) link "admin", then on the (first) link "name"
5 Click on the last link ending in firmup.html
6 In this interface, any ".bin" firmware (i.e. not in the typical Buffalo .zip package) can be uploaded without validation. It should also be possible to downgrade to an earlier Buffalo stock firmware on this page.
Monday, August 03, 2015
DNS Adbock on router
In case you have, like me, a secodary dns on your DD-WRT router, you need a dns adblock on it too. By modifying the excellent tutorial from http://www.howtogeek.com/51477/how-to-remove-advertisements-with-pixelserv-on-dd-wrt/ I came to this script:
#!/bin/sh
########Functions setup#########################
logger_ads()
{
logger -s -p local0.notice -t ad_blocker $1
}
softlink_func()
{
ln -s /tmp/$1 /jffs/dns/$2
if [ "`echo $?`" -eq 0 ] ; then
logger_ads "Created $3 softlink to RAM on JFFS"
else
logger_ads "The attempt to create $3 softlink to RAM on JFFS *FAILED*"
logger_ads "it is obvious something IS *terribly wrong*. Will now exit... bye (ads will not be blocked)"
exit 1
fi
}
note_no_space()
{
logger_ads "I assure you this only takes $1 blocks, but I guess your too close to the edge for JFFSs comfort"
logger_ads "deleting the half witted file, as to not confuse the DNS service and free up the JFFS space for other uses."
}
##################################################
nvram set aviad_changed_nvram=0
logger_ads "########### Ads blocker script starting ###########"
if [[ -z "$1" ]]; then
logger_ads "Sleeping for 30 secs to give time for router boot"
sleep 30
else
logger_ads "override switch given"
[[ $1 = "-h" || $1 = "/?" ]] && echo "use -m to override the 30 seconds delay and -f to force a list refresh" && exit 0
[ $1 = "-f" ] && rm /jffs/dns/dnsmasq.adblock.conf && rm /jffs/dns/dlhosts
fi
while ! ping www.google.com -c 1 > /dev/null ; do
logger_ads "waiting for the internet connection to come up"
sleep 5
done
logger_ads "Adding a refresh cycle by puting the script in cron if it isnt there yet"
if [[ -z "`cat /tmp/crontab | grep "/jffs/dns/disable_adds.sh"`" ]] ; then
echo '0 0 * * * root /jffs/dns/disable_adds.sh -m' > /tmp/crontab
stopservice cron && logger_ads "stopped the cron service" startservice cron && logger_ads "started the cron service"
else
logger_ads "The script is already in cron"
fi
logger_ads "New IP and ports setup. Reserve the IP .100 for pixelserv"
pixel="`ifconfig br0 | grep inet | awk '{ print $2 }' | awk -F ":" '{ print $2 }' | cut -d . -f 1,2,3`.100"
mgmtip="`ifconfig br0 | grep inet | awk '{ print $2 }' | awk -F ":" '{ print $2 }'`"
# In my case, on IP .100 I have an apache serving null.html as error page. Comment
next 3 paragraphs, as I don't need pixelserv
#logger_ads "Move http interface to $mgmtip:88"
#if [[ -z "`ps | grep -v grep | grep "httpd -p 88"`" && `nvram get http_lanport` -ne 88 ]]
; then
# logger_ads "it seems that the http is not setup yet on port :88"
# stopservice httpd
# nvram set http_lanport=88
# nvram set aviad_changed_nvram=1
# startservice httpd
#else
# logger_ads "The http is already setup on $mgmtip:88"
#fi
#logger_ads "Redirect setup IP/Port from $mgmtip:80 to $mgmtip:88"
#[[ -z "`iptables -L -n -t nat | grep $mgmtip | grep 80`" ]] && logger_ads "did NOT find an active redirect rule with the iptable command, injecting it now." && /usr/sbin/iptables -t nat -I PREROUTING 1 -d $mgmtip -p tcp --dport 80 -j DNAT --to $mgmtip:88
#nvram get rc_firewall > /tmp/fw.tmp
#if [[ -z "`cat /tmp/fw.tmp | grep "/usr/sbin/iptables -t nat -I PREROUTING 1 -d $mgmtip p tcp --dport 80 -j DNAT --to $mgmtip:88"`" ]] ; then
# echo "/usr/sbin/iptables -t nat -I PREROUTING 1 -d $mgmtip -p tcp --dport 80 -j DNAT --to $mgmtip:88" >> /tmp/fw.tmp
# nvram set rc_firewall="`cat /tmp/fw.tmp`"
# logger_ads "DONE appending forwarding to FW script"
# nvram set aviad_changed_nvram=1
#else
# logger_ads "The redirection $mgmtip:80 -> $mgmtip:88 in FW script is already in place"
#fi
#rm /tmp/fw.tmp
#logger_ads "Starting or ReSpawning pixelsrv on $pixel IP :80"
#/sbin/ifconfig br0:1 $pixel netmask "`ifconfig br0 | grep inet | awk '{ print $4 }' | awk -F ":" '{ print $2 }'`" broadcast "`ifconfig br0 | grep inet | awk '{ print $3 }' | awk -F ":" '{print $2 }'`" up
#if [[ -n "`ps | grep -v grep | grep /jffs/dns/pixelserv`" ]]; then
# logger_ads "the pixelserv is already up"
#else
# logger_ads "it seems that the pixelserv isnt up. starting it now"# /jffs/dns/pixelserv $pixel -p 80
#fi
logger_ads "Get the online dns blocking lists"
[ ! -e /jffs/dns/whitelist ] && echo google-analytics > /jffs/dns/whitelist && echo toma.guru >> /jffs/dns/whitelist
if [[ -n "$(find /jffs/dns/dlhosts -mtime +7)" || -n "$(find /jffs/dns/dnsmasq.adblock.conf mtime +7)" || ! -e /jffs/dns/dlhosts || ! -e /jffs/dns/dnsmasq.adblock.conf ]]; then
logger_ads "The lists are NOT setup at all yet, or more then 7 days old, will now retrieve them from the web"
logger_ads "Retrieving the MVPS hosts list..."
wget -q -O - http://www.mvps.org/winhelp2002/hosts.txt | grep "^127.0.0.1"
| grep -v localhost | tr -d '\015' >/tmp/dlhosts.tmp
logger_ads "adjusting the MVPS hosts list for our use"
cat /jffs/dns/whitelist | while read line; do sed -i /${line}/d /tmp/dlhosts.tmp
; done
sed -i s/127.0.0.1/$pixel/g /tmp/dlhosts.tmp
logger_ads "done adjusting the MVPS hosts list."
logger_ads "Retrieving the Yoyo domain list..."
wget -q
"http://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0&mietype=plaintext" -O /tmp/adblock.tmp
logger_ads "adjusting the Yoyo domain list for our use"
cat /jffs/dns/whitelist | while read line; do sed -i /${line}/d /tmp/adblock.tmp
; done
sed -i s/127.0.0.1/$pixel/g /tmp/adblock.tmp
if [ "`df| grep /jffs | awk '{ print $4 }'`" -ge 65 ] ; then
logger_ads "Moving the Yoyo list to JFFS (as it looks that there is enough space for it)"
mv /tmp/adblock.tmp /jffs/dns/dnsmasq.adblock.conf
if [ "`echo $?`" -eq 0 ] ; then
logger_ads "Moving the YoYo domain list to JFFS operation was successful"
else
note_no_space 20
rm /jffs/dns/dnsmasq.adblock.conf
softlink_func adblock.tmp dnsmasq.adblock.conf YoYo
fi
else
logger_ads "*NOT* Moving the Yoyo list to JFFS (as it looks that there is *NOT* enough space for it)"
softlink_func adblock.tmp dnsmasq.adblock.conf YoYo
fi
if [ "`df| grep /jffs | awk '{ print $4 }'`" -ge 100 ] ; then
logger_ads "Moving the MVPS hosts list to JFFS (as it looks like there is enough space for it)"
mv /tmp/dlhosts.tmp /jffs/dns/dlhosts
if [ "`echo $?`" -eq 0 ] ; then
logger_ads "Moving the MVPS hosts list to JFFSoperation was successful"
else
note_no_space 72
rm /jffs/dns/dlhosts
softlink_func dlhosts.tmp dlhosts MVPS
fi
else
logger_ads "*NOT* Moving the MVPS list to JFFS (as it looks that there is *NOT* enough space for it)"
softlink_func dlhosts.tmp dlhosts MVPS
fi
else
logger_ads "The lists are less then 7 days old, saving on flash erosion and NOT refreshing them."
fi
logger_ads "Injecting the DNSMasq nvram options with the dynamic block lists"
nvram get dnsmasq_options > /tmp/dns-options.tmp
if [[ -z "`cat /tmp/dns-options.tmp | grep "/jffs/dns/dnsmasq.adblock.conf"`" || -z "`cat /tmp/dns-options.tmp | grep "/jffs/dns/dlhosts"`" && -e /jffs/dns/dnsmasq.adblock.conf ]] ; then
logger_ads "Did not find DNSMsaq options in nvram, adding them now"
echo "conf-file=/jffs/dns/dnsmasq.adblock.conf" >> /tmp/dns-options.tmp
echo "addn-hosts=/jffs/dns/dlhosts" >> /tmp/dns-options.tmp
nvram set aviad_changed_nvram=1
logger_ads "Added options to nvram DNSMasq options"
else
logger_ads "The DNSMaq options are already in place"
fi
logger_ads "Checking if the personal list is a file"
if [[ -z "`cat /tmp/dnsmasq.conf | grep conf-file=/jffs/dns/personal-ads-list.conf`" && -z "`nvram get dnsmasq_options | grep "/jffs/dns/personal-ads-list.conf"`" && -e /jffs/dns/personal-ads-list.conf ]] ; then
logger_ads "Yes the personal list is in the form of a file"
logger_ads "Removing whitelist from the personal file"
cat /jffs/dns/whitelist | while read line; do sed -i /${line}/d /jffs/dns/personal ads-list.conf ; done
echo "conf-file=/jffs/dns/personal-ads-list.conf" >> /tmp/dns-options.tmp
nvram set aviad_changed_nvram=1
else
[ ! -e /jffs/dns/personal-ads-list.conf ] && logger_ads "The personal list (assuming there is one) is not in a file"
[ -n "`nvram get dnsmasq_options | grep "/jffs/dns/personal-ads-list.conf"`" ] && logger_ads "The personal list is a file, and... it is already in place according to the NVRAM options readout"
[ "$1" = "-f" ] && cat /jffs/dns/whitelist | while read line; do sed -i /${line}/d /jffs/dns/personal-ads-list.conf ; done && logger_ads "overide switch given so removed whitelist from personal file"
fi
logger_ads "Final settings implementer"
if [ "`nvram get aviad_changed_nvram`" -eq 1 ] ; then
nvram set dnsmasq_options="`cat /tmp/dns-options.tmp`"
logger_ads "Found that NVRAM was changed and committing changes
now"
nvram commit
nvram set aviad_changed_nvram=0
logger_ads "Refreshing DNS settings"
stopservice dnsmasq && logger_ads "stopped the dnsmasq service"
startservice dnsmasq && logger_ads "started the dnsmasq service"
else
logger_ads "Nothing to commit"
fi
rm /tmp/dns-options.tmp
logger_ads "######### Ads blocker script has finished and you should be up and running ##########
#!/bin/sh
########Functions setup#########################
logger_ads()
{
logger -s -p local0.notice -t ad_blocker $1
}
softlink_func()
{
ln -s /tmp/$1 /jffs/dns/$2
if [ "`echo $?`" -eq 0 ] ; then
logger_ads "Created $3 softlink to RAM on JFFS"
else
logger_ads "The attempt to create $3 softlink to RAM on JFFS *FAILED*"
logger_ads "it is obvious something IS *terribly wrong*. Will now exit... bye (ads will not be blocked)"
exit 1
fi
}
note_no_space()
{
logger_ads "I assure you this only takes $1 blocks, but I guess your too close to the edge for JFFSs comfort"
logger_ads "deleting the half witted file, as to not confuse the DNS service and free up the JFFS space for other uses."
}
##################################################
nvram set aviad_changed_nvram=0
logger_ads "########### Ads blocker script starting ###########"
if [[ -z "$1" ]]; then
logger_ads "Sleeping for 30 secs to give time for router boot"
sleep 30
else
logger_ads "override switch given"
[[ $1 = "-h" || $1 = "/?" ]] && echo "use -m to override the 30 seconds delay and -f to force a list refresh" && exit 0
[ $1 = "-f" ] && rm /jffs/dns/dnsmasq.adblock.conf && rm /jffs/dns/dlhosts
fi
while ! ping www.google.com -c 1 > /dev/null ; do
logger_ads "waiting for the internet connection to come up"
sleep 5
done
logger_ads "Adding a refresh cycle by puting the script in cron if it isnt there yet"
if [[ -z "`cat /tmp/crontab | grep "/jffs/dns/disable_adds.sh"`" ]] ; then
echo '0 0 * * * root /jffs/dns/disable_adds.sh -m' > /tmp/crontab
stopservice cron && logger_ads "stopped the cron service" startservice cron && logger_ads "started the cron service"
else
logger_ads "The script is already in cron"
fi
logger_ads "New IP and ports setup. Reserve the IP .100 for pixelserv"
pixel="`ifconfig br0 | grep inet | awk '{ print $2 }' | awk -F ":" '{ print $2 }' | cut -d . -f 1,2,3`.100"
mgmtip="`ifconfig br0 | grep inet | awk '{ print $2 }' | awk -F ":" '{ print $2 }'`"
# In my case, on IP .100 I have an apache serving null.html as error page. Comment
next 3 paragraphs, as I don't need pixelserv
#logger_ads "Move http interface to $mgmtip:88"
#if [[ -z "`ps | grep -v grep | grep "httpd -p 88"`" && `nvram get http_lanport` -ne 88 ]]
; then
# logger_ads "it seems that the http is not setup yet on port :88"
# stopservice httpd
# nvram set http_lanport=88
# nvram set aviad_changed_nvram=1
# startservice httpd
#else
# logger_ads "The http is already setup on $mgmtip:88"
#fi
#logger_ads "Redirect setup IP/Port from $mgmtip:80 to $mgmtip:88"
#[[ -z "`iptables -L -n -t nat | grep $mgmtip | grep 80`" ]] && logger_ads "did NOT find an active redirect rule with the iptable command, injecting it now." && /usr/sbin/iptables -t nat -I PREROUTING 1 -d $mgmtip -p tcp --dport 80 -j DNAT --to $mgmtip:88
#nvram get rc_firewall > /tmp/fw.tmp
#if [[ -z "`cat /tmp/fw.tmp | grep "/usr/sbin/iptables -t nat -I PREROUTING 1 -d $mgmtip p tcp --dport 80 -j DNAT --to $mgmtip:88"`" ]] ; then
# echo "/usr/sbin/iptables -t nat -I PREROUTING 1 -d $mgmtip -p tcp --dport 80 -j DNAT --to $mgmtip:88" >> /tmp/fw.tmp
# nvram set rc_firewall="`cat /tmp/fw.tmp`"
# logger_ads "DONE appending forwarding to FW script"
# nvram set aviad_changed_nvram=1
#else
# logger_ads "The redirection $mgmtip:80 -> $mgmtip:88 in FW script is already in place"
#fi
#rm /tmp/fw.tmp
#logger_ads "Starting or ReSpawning pixelsrv on $pixel IP :80"
#/sbin/ifconfig br0:1 $pixel netmask "`ifconfig br0 | grep inet | awk '{ print $4 }' | awk -F ":" '{ print $2 }'`" broadcast "`ifconfig br0 | grep inet | awk '{ print $3 }' | awk -F ":" '{print $2 }'`" up
#if [[ -n "`ps | grep -v grep | grep /jffs/dns/pixelserv`" ]]; then
# logger_ads "the pixelserv is already up"
#else
# logger_ads "it seems that the pixelserv isnt up. starting it now"# /jffs/dns/pixelserv $pixel -p 80
#fi
logger_ads "Get the online dns blocking lists"
[ ! -e /jffs/dns/whitelist ] && echo google-analytics > /jffs/dns/whitelist && echo toma.guru >> /jffs/dns/whitelist
if [[ -n "$(find /jffs/dns/dlhosts -mtime +7)" || -n "$(find /jffs/dns/dnsmasq.adblock.conf mtime +7)" || ! -e /jffs/dns/dlhosts || ! -e /jffs/dns/dnsmasq.adblock.conf ]]; then
logger_ads "The lists are NOT setup at all yet, or more then 7 days old, will now retrieve them from the web"
logger_ads "Retrieving the MVPS hosts list..."
wget -q -O - http://www.mvps.org/winhelp2002/hosts.txt | grep "^127.0.0.1"
| grep -v localhost | tr -d '\015' >/tmp/dlhosts.tmp
logger_ads "adjusting the MVPS hosts list for our use"
cat /jffs/dns/whitelist | while read line; do sed -i /${line}/d /tmp/dlhosts.tmp
; done
sed -i s/127.0.0.1/$pixel/g /tmp/dlhosts.tmp
logger_ads "done adjusting the MVPS hosts list."
logger_ads "Retrieving the Yoyo domain list..."
wget -q
"http://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0&mietype=plaintext" -O /tmp/adblock.tmp
logger_ads "adjusting the Yoyo domain list for our use"
cat /jffs/dns/whitelist | while read line; do sed -i /${line}/d /tmp/adblock.tmp
; done
sed -i s/127.0.0.1/$pixel/g /tmp/adblock.tmp
if [ "`df| grep /jffs | awk '{ print $4 }'`" -ge 65 ] ; then
logger_ads "Moving the Yoyo list to JFFS (as it looks that there is enough space for it)"
mv /tmp/adblock.tmp /jffs/dns/dnsmasq.adblock.conf
if [ "`echo $?`" -eq 0 ] ; then
logger_ads "Moving the YoYo domain list to JFFS operation was successful"
else
note_no_space 20
rm /jffs/dns/dnsmasq.adblock.conf
softlink_func adblock.tmp dnsmasq.adblock.conf YoYo
fi
else
logger_ads "*NOT* Moving the Yoyo list to JFFS (as it looks that there is *NOT* enough space for it)"
softlink_func adblock.tmp dnsmasq.adblock.conf YoYo
fi
if [ "`df| grep /jffs | awk '{ print $4 }'`" -ge 100 ] ; then
logger_ads "Moving the MVPS hosts list to JFFS (as it looks like there is enough space for it)"
mv /tmp/dlhosts.tmp /jffs/dns/dlhosts
if [ "`echo $?`" -eq 0 ] ; then
logger_ads "Moving the MVPS hosts list to JFFSoperation was successful"
else
note_no_space 72
rm /jffs/dns/dlhosts
softlink_func dlhosts.tmp dlhosts MVPS
fi
else
logger_ads "*NOT* Moving the MVPS list to JFFS (as it looks that there is *NOT* enough space for it)"
softlink_func dlhosts.tmp dlhosts MVPS
fi
else
logger_ads "The lists are less then 7 days old, saving on flash erosion and NOT refreshing them."
fi
logger_ads "Injecting the DNSMasq nvram options with the dynamic block lists"
nvram get dnsmasq_options > /tmp/dns-options.tmp
if [[ -z "`cat /tmp/dns-options.tmp | grep "/jffs/dns/dnsmasq.adblock.conf"`" || -z "`cat /tmp/dns-options.tmp | grep "/jffs/dns/dlhosts"`" && -e /jffs/dns/dnsmasq.adblock.conf ]] ; then
logger_ads "Did not find DNSMsaq options in nvram, adding them now"
echo "conf-file=/jffs/dns/dnsmasq.adblock.conf" >> /tmp/dns-options.tmp
echo "addn-hosts=/jffs/dns/dlhosts" >> /tmp/dns-options.tmp
nvram set aviad_changed_nvram=1
logger_ads "Added options to nvram DNSMasq options"
else
logger_ads "The DNSMaq options are already in place"
fi
logger_ads "Checking if the personal list is a file"
if [[ -z "`cat /tmp/dnsmasq.conf | grep conf-file=/jffs/dns/personal-ads-list.conf`" && -z "`nvram get dnsmasq_options | grep "/jffs/dns/personal-ads-list.conf"`" && -e /jffs/dns/personal-ads-list.conf ]] ; then
logger_ads "Yes the personal list is in the form of a file"
logger_ads "Removing whitelist from the personal file"
cat /jffs/dns/whitelist | while read line; do sed -i /${line}/d /jffs/dns/personal ads-list.conf ; done
echo "conf-file=/jffs/dns/personal-ads-list.conf" >> /tmp/dns-options.tmp
nvram set aviad_changed_nvram=1
else
[ ! -e /jffs/dns/personal-ads-list.conf ] && logger_ads "The personal list (assuming there is one) is not in a file"
[ -n "`nvram get dnsmasq_options | grep "/jffs/dns/personal-ads-list.conf"`" ] && logger_ads "The personal list is a file, and... it is already in place according to the NVRAM options readout"
[ "$1" = "-f" ] && cat /jffs/dns/whitelist | while read line; do sed -i /${line}/d /jffs/dns/personal-ads-list.conf ; done && logger_ads "overide switch given so removed whitelist from personal file"
fi
logger_ads "Final settings implementer"
if [ "`nvram get aviad_changed_nvram`" -eq 1 ] ; then
nvram set dnsmasq_options="`cat /tmp/dns-options.tmp`"
logger_ads "Found that NVRAM was changed and committing changes
now"
nvram commit
nvram set aviad_changed_nvram=0
logger_ads "Refreshing DNS settings"
stopservice dnsmasq && logger_ads "stopped the dnsmasq service"
startservice dnsmasq && logger_ads "started the dnsmasq service"
else
logger_ads "Nothing to commit"
fi
rm /tmp/dns-options.tmp
logger_ads "######### Ads blocker script has finished and you should be up and running ##########
Subscribe to:
Comments (Atom)