My Blocklist scripts for routers with 64 RAM and up

Want to share your OpenWrt / Gargoyle knowledge? Implemented a new feature? Let us know here.

Moderator: Moderators

Post Reply
robnitro
Posts: 84
Joined: Sat Feb 26, 2011 4:50 pm

My Blocklist scripts for routers with 64 RAM and up

Post by robnitro »

Here's my scripts to get and update blocklists (p2p Level1, and a few other blocklists added in OTHERSurls)
The ET one is emerging threats list.
normal ports, 80/443/etc are not blocked. as they were giving me issues.
Make sure you don't have many programs running.
Also, you need a router with 64 ram or more otherwise you probably can't run the LEVEL1 blocklist.

Sign up for iblocklist subscription to be able to get the proper CIDR lists
https://www.iblocklist.com/subscribe.php
Also, replace USERNAME and PIN variables at top with what you get from their site when copying a link for a list, etc.

rc.local is what calls my scripts in /etc/p2p
Also make sure you have ipset installed.
Attachments
etcBlocklists.zip
(8.53 KiB) Downloaded 604 times

tapper
Moderator
Posts: 1076
Joined: Sun Oct 13, 2013 5:49 pm
Location: Stoke-on-trent UK

Re: My Blocklist scripts for routers with 64 RAM and up

Post by tapper »

Hi can you give us a run down of how to install pleas?

Is there just one block list or a number of different ones?

Can you use this script with out paying for access to the paid list?

Is it just for Gargoyle or can it be used in openwrt?

Sorry about all the questions, as i don't understand all the code in the script just checking. thanks for sharing.
Linksys WRT3200ACM
NETGEAR Nighthawk R7800
NETGEAR R6260

robnitro
Posts: 84
Joined: Sat Feb 26, 2011 4:50 pm

Re: My Blocklist scripts for routers with 64 RAM and up

Post by robnitro »

I'm not sure how it will work on openwrt. I assume so, as long as ipset is installed.
opkg update
opkg install ipset to be sure


If you aren't good with using ssh or telnet, then maybe better not to mess with this. It takes tweaking.
I just posted it for those who might want to use it or modify it. It took me a while to learn how to modify existing scripts to work on my router fast enough and not to run out of memory.

L1.sh runs layer1 p2p blocklist
ET runs emerging threats (copied from someone who did this before- he parses the IP's and CIDR ranges separately)
OTHERS are in the blocklists file, you can check what I have in there- a bunch of stuff
Exclusions are address ranges to not block, but i dont use that anymore because I allow port 80,443, and other basic surfing ports.

First check your rc.local whether you have lines in there. If so, just add this to your rc.local:
mount -t tmpfs -o remount,size=24M tmpfs /tmp

sleep 88
/etc/p2p/ipsetreload.sh
Copy the p2p folders inside the zip with winscp to your etc dir.
Now cd to /etc/p2p
chmod +x *.sh
./updatelists.sh
Now you have the lists updated and saved.
The rc.local will load those lists anytime you reboot.

If you have problems, you should try to understand the script more, because its system specific as to what you can do to save ram/cpu to make it work with the BIG level1 blocklist.

Unfortunately it is not a one size fits all script. I had to adapt some existing scripts to get this to work on my buffalo g300nh (64 ram/32flash- 400 mhz cpu).
If you have less than 64 ram and 16 flash, don't bother, or just rename the L1.sh: (mv L1.sh L1.bak) so it doesn't run that memory hogging list.

Otherwise, works well for me and I can see on my server that peerblock is barely used (some extra lists in there not on router get caught).

Post Reply